readreg95

A hack of a perl-script to read values from a Windows 95, Windows 98 or Windows Millenium registry under Linux. It can also dump the whole registry or parts of it to regedit compatible format.

Download
Documentation
FAQ
TODO

Download

License: GPL
Author: Edgar Holleis

readreg95 (plain text, 16kb)
GPL (plain text, 18kb)

Documentation

$ ./readreg95 --help
readreg95 1.0
Copyright (C) 2003, Edgar Holleis
readreg95 [-w] [-r] [-ls] [-va RegVal] [-c encoding] REFILE.DAT KEY
-ls .. list subkeys
-w .. windows regedit compatible output
-r .. recursivly include subkeys
-va .. only output Regval, not whole key
* Don't forget to escape shell caracters.

The output is always to stdout. Errormessages go to stderr. If you mean the Root-Key, specify "\", or rather "\\".

readreg95 basically has 3 modes of output:

  1. Windows regedit compatible (-w ; -r)
  2. List subkeys (-ls ; -ls -r)
  3. Just print 1 or more values (-va RegVal)

If called without arguments the output is like (-w), but without the "REGEDIT4" - header, so that you can >> together.

ad 1:

$ ./readreg95 SYSTEM.DAT \\HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\\PROGRA~1\\NORTON~1\\vptray.exe"
"SystemTray"="SysTray.Exe"
"C-Media Mixer"="Mixer.exe /startup"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"internat.exe"="internat.exe"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"

ad 2:

$ ./readreg95 -ls SYSTEM.DAT \\HKLM\\Software\\Microsoft\\Windows
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows]
CurrentVersion
ITStorage
HTML Help
Help

ad 3:

$ ./readreg95 -va vptray SYSTEM.DAT \\HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
"C:\\PROGRA~1\\NORTON~1\\vptray.exe"

The -c switch means the encoding of the registry. Perl internally uses Unicode, and outputs to whatever locale you specify for your console. Usefull values:

It might or might not work with Cyrillic or Far Eastern Versions of Windows. You can find out the encoding of your registry with:
$ ./readreg95 SYSTEM.DAT \\HKLM\\System\\CurrentControlSet\\Control\\Nls\\Codepage\\ -va ACP

FAQ

Q: Why didn't you follow Windows - regedit syntax?
A: Because it is unpractical to use from scripts.

Q: Will there be write-support? And why not?
A: No, because
    (1) you don't want to edit the registry of a running Windows on a file level.
    (2) if it is not running you can use Windows regedit on the next reboot, possibly with some autoexec.bat magic.
    (3) I don't know the binary-format well enough to write to it.

Q: Will you support the NT/Win2000/XP - registry?
A: No, there is chntpw, and something similar in the Samba source tree: /utils/editreg.c

Q: Do you have more info on the binary format?
A: The file wine/misc/registry.c of the Wine source tree is a good place to start. Also check out winregistry.txt, which I found somewhere on the net.

TODO

1) Currently I am using

	/^(\\?([[:alnum:].()# ]+\\)*[[:alnum:].()# ]+\\?)|\\$/

    to check for a valid registry key.  This dosn't include all valid characters and doesn't take the encoding into account. It could be better.

2) Since perl doesn't allow me to mmap the file, it is loaded bit by bit or rather over and over again for -r. That's why -r is so slow (issues several thousand seeks and reads). I don't want to read the whole file into a single buffer eighter, because it is intended for Knoppix like boot CDs running without swap on old machines. Perhaps someday I will write some primitive IO buffer which kind of sucks anyway because the system or perl should be able to do it automatically.