How can I search the windows registry with regular expressions?
Solution 1
The free RegAlyzer utility searches by substring, wildcard (*,?), boolean (AND OR NOT), and regular expression:
RegAlyzer is a tool to browse and change the registry. It was created because of a few features we missed in the original regedit tool, from support for exotic value types over background and regular expression search to better bookmarks, displaying .reg files in the accustomed style and a history view.
Solution 2
You can use PowerShell with -match:
dir HKCU:\ -rec -ea SilentlyContinue |
ForEach-Object {
if((get-itemproperty -Path $_.PsPath) -match "\wSomestring\w")
{
$_.PsPath
}
}
This will search the HKEY_CURRENT_USER hive.
Solution 3
If it's just a matter of searching it without changing anything (no Search & Replace), export the whole registry to a .reg file and use your favorite text editor that supports regular expressions (Notepad++, Textpad, PSPad, ...).
To export the whole registry, right-click the Computer node in Registry Editor and select Export.
Watch out, the exported file can be huge. I just tried and the file was 250 MB big.
Encoding update: On WinXP, cygwin's file utility reports the exported data as Unicode text, UTF-16, little-endian.
Solution 4
You can use Cygwin.
Open Cygwin terminal and use those commands:
cd /proc/registry32/HKEY_LOCAL_MACHINE
find . -name "*something*"
Related videos on Youtube
20 : 52
23 : 34
01 : 11
03 : 24
02 : 50
René Nyffenegger
Updated on September 17, 2022Comments
-
René Nyffenegger over 1 year
Is there a tool or method with which I can search the windows registry with regular expressions?
-
René Nyffenegger over 14 yearswell, yes, I guess that would do, if only the the exported file wouldn't be 256'803'816 bytes in size. Also, I have no idea in what encoding the file is written.
-
René Nyffenegger over 14 yearsThis sounds promising. I have never used PowerShell before, however. I'll give it a try.
-
John T over 14 yearsA good overview of regex with
-matchcan be found here: 207.46.16.252/en-us/magazine/2007.11.powershell.aspx -
René Nyffenegger over 14 yearsAlthough this is not exactly what I was looking for (because of the missing regex suport), it's certainly an appreciated link/hint.
-
Bratch over 14 yearsThis works but takes a while to search the whole hive. I'd rather use this because I already have PS installed and like it. -
René Nyffenegger almost 9 yearsThis is way too cool if it worked, but unfortunatly, I get an
Error: Current working directory is a virtual Cygwin directory which does not exist for a native Windows application. Can't start native Windows application from here.if I try this. -
adaslaw almost 9 years@RenéNyffenegger I've got the suspicion that when you run your 'find' command, then Windows version of find utility is executed. In my case find utility from Cygwin installation in executed.
