winreg - text-based access to the Windows registry
winreg [-F FS] [-r name] [-ntvci] [key]
Winreg provides text-based access to the Windows registry. Running winreg with a registry key specified as part of its invocation will result in all the registry tree from that point downwards to be printed on its standard output. By default for every registry key winreg will print its name, type, and value. When winreg is run without specifying a registry key it will read registry data formatted in the same way as its default output format and set (update or create) the corresponding registry values.
lines describe the default registry data format read and
written by winreg for each defined registry data
type. Winreg will not process data types other than
the ones described.
Winreg will print the word BINARY followed by the data bytes as character-separated two digit hexadecimal values.
Winreg will print the word DWORD followed by the value using eight hexadecimal digits.
Winreg will print the word DWORD_BIG_ENDIAN followed by the value using eight hexadecimal digits. The value’s digits are printed so as to represent a base16 number, i.e. the number 1 is printed as 00000001, not 00010000.
Winreg will print the word QWORD followed by the value using 16 hexadecimal digits.
Winreg will print the word SZ followed by the value as a string with escape codes used for non-printable characters.
Winreg will print the word MULTI_SZ followed by the value as a string with escape codes used for non-printable characters.
Winreg will print the word EXPAND_SZ followed by the value as a string with escape codes used for non-printable characters.
Winreg will print the word NONE without any trailing data. A field separator will be printed.
Winreg will print the word LINK followed by the data bytes as character-separated two digit hexadecimal values.
Winreg will print the word RESOURCE_LIST followed by the data bytes as character-separated two digit hexadecimal values.
Winreg will print the word RESOURCE_REQUIREMENTS_LIST followed by the data bytes as character-separated two digit hexadecimal values.
Winreg will print the word FULL_RESOURCE_DESCRIPTOR followed by the data bytes as character-separated two digit hexadecimal values.
When printing string values \character escape codes are used for the characters \, \a, \b, \f, \t, \r, \n, \v, \0 representing the corresponding values as defined by the C programming language. All other non-printable characters (as defined by the C isprint function) are represented using the sequence \x followed by two digit hexadecimals.
A commonly used idiom involves processing Windows registry data as the output of winreg using Unix tools like sed and awk and redirecting their output back to the registry via winreg.
Specify the field separator used to delimit fields (registry key name, type, value) on output. The default field separator is a tab.
Connect to the registry of the remote machine name, instead of the local registry. Data will be retrieved from and stored to the remote registry. Appropriate permissions must be establshed and services be running; see http://msdn.microsoft.com/library/- default.%asp?url=/library/en-us/sysinfo/base/- regconnectregistry.asp. The name can be a Netbios name (\\host), a Netbios IP-address (\\192.168.1.2), a Netbios fully qualified domain name (\\host.company.com), an Internet host name (\\host), an Internet host IP-address (\\192.168.1.2), or an Internet host fully qualified domain name (\\host.company.- com).
Do not print key names.
Do not print key types.
Do not print key values.
Ignore errors returned by Windows registry operations. The error code will be printed on the standard output, but the program will attempt to continue processing.
Output DWORD and binary data of 1, 2, and 4 bytes in decimal. This can be used to extract performance data (found under HKEY_PERFORMANCE_DATA) in a format that can be used by other analysis tools. Decimal output can not be parsed-back for setting registry values.
Check input by parsing it and print any errors found. No registry keys will be created or modified.
will display a machine’s name.
HKEY_CURRENT_USER | sed -n
’s,C:/home,D:/home,gp’ | winreg
Change all user registry references from c:/home to d:/home.
\\pooh HKEY_LOCAL_MACHINE\Software\Netscape | winreg -r
Copy the Netscape machine-specific software settings from the registry of the machine poo to the registry of the machine piglet.
Outwit: Unix tool-based programming meets the Windows world.
In USENIX 2000 Technical Conference Proceedings,
pages 149-158, San Diego, CA, USA, June 2000, USENIX
Microsoft Corporation. Microsoft Windows NT Server 4.0 Resource Kit. Microsoft Press.
Ron Petrusha and Andrew Schulman. Inside the Windows 95 Registry. O’Reilly & Associates.
(C) Copyright 1999-2003 Diomidis Spinellis. All rights reserved.
Permission to use, copy, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation.
THIS SOFTWARE IS PROVIDED ‘‘AS IS’’ AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Although reasonable care has been taken to make winreg work with many possible types of registry data, note that incorrect operation by winreg or inappropriate registry data manipulations can render a machine unusable.
At least under Windows 2000 SP2, a failed remote connection is not correctly reported by the Windows API, and may cause the program to display wrong data or silently fail.