https://github.com/rsa9000/regfanalysistools
Low-level MS Windows registry files analysis tools
https://github.com/rsa9000/regfanalysistools
regf registry-analysis registry-file registry-format windows-registry
Last synced: 5 months ago
JSON representation
Low-level MS Windows registry files analysis tools
- Host: GitHub
- URL: https://github.com/rsa9000/regfanalysistools
- Owner: rsa9000
- License: isc
- Created: 2016-05-05T16:52:50.000Z (almost 9 years ago)
- Default Branch: master
- Last Pushed: 2016-05-05T16:56:34.000Z (almost 9 years ago)
- Last Synced: 2024-08-03T22:16:13.393Z (9 months ago)
- Topics: regf, registry-analysis, registry-file, registry-format, windows-registry
- Language: C
- Size: 16.6 KB
- Stars: 19
- Watchers: 3
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- jimsghstars - rsa9000/regfanalysistools - Low-level MS Windows registry files analysis tools (C)
README
regfanalysistools: low-level MS Windows registry files analysis
===============================================================More information about internal regf files format:
* https://github.com/libyal/libregf/blob/master/documentation/Windows%20NT%20Registry%20File%20(REGF)%20format.asciidoc
* https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.mdFeatures
--------This set of utils is designed primarily for analysis of the corrupted
registry files.Each utility shows file content from own point of view:
* as a container of elements of variable length, where some elements could
contain links to other elements
* as as tree of keys and values with more or less detailed info about each
of themBesides of main analysis work each utility verifies data consistency by
checking for orphaned cells, cells with multiple reference, required minimum
cell size, cell signatures, etc.The following OS(s) are tested/supported:
* FreeBSD
* GNU/LinuxInstallation
------------To build utils from sources just run as regular user:
$ make
and to install them, run the following command as privileged user:
# make install
Usage
-----Package contains few utils:
* regfdump - dumps registry file in element by element manner independently
of logical tree structure
* regfwalk - walk over the registry tree and print every portion of info
about each founded element
* regftree - lite version of regfwalk: print only logical tree structure
(keys hierarchy) and valuesEach utils require only registry filename as command line argument. Main data
printed to STDOUT, while error/warning messages printed to STDERR.Examples:
$ regfdump WIDNOWS/system32/config/SYSTEM
or
$ regfwalk WINDOWS/system32/config/SOFTWARE
or
$ regftree WINDOWS/system32/config/SOFTWARE
TODO
----* make utils more resistant to corrupted input files
* add internal helpLicense
-------This project is licensed under the terms of the ISC license. See
the LICENSE file for license rights and limitations.