Author Topic: RegEdit bug?  (Read 187 times)

jj2007

  • Member
  • *****
  • Posts: 8435
  • Assembler is fun ;-)
    • MasmBasic
RegEdit bug?
« on: May 08, 2018, 08:01:41 AM »
It seems that RegEdit cannot export the complete registry on Win7-64.

Normally, selecting Computer and clicking on menu File/Export should export the registry - all of it. But so far my tests have shown that about 10% are missing at the end.

Workaround: Export the main sections, like HKEY_CLASSES_ROOT etc.; then, from a DOS prompt, concatenate them:
Code: [Select]
copy hk_Root.reg+hk_currentuser.reg+hk_localmachine.reg+hk_users.reg+hk_currentconfig.reg registry.reg
Background to this "discovery" is the attached project aimed at finding a registry key in less than 5 milliseconds:
Code: [Select]
Reading registry.reg will take up to 10 seconds...
5247201 lines read, 979 ms
322 ms for finding 832686 entries in 5247201 lines

Match at pos 832659, line 5247135: [HKEY_USERS\S-1-5-18\Software\SetID]
Value: "xxwsid_mb"="Base Board Serial Number"

842 ┬Ás for finding one entry in 5247201 lines

jimg

  • Member
  • ***
  • Posts: 254
Re: RegEdit bug?
« Reply #1 on: May 08, 2018, 09:14:39 AM »
This sounds intriguing.
First, I assume you looked around at places like raymond.cc
About using RegEdit to export the whole registry -
Quote
While this method does work up to a point it is not a full backup and has several issues, which are hardly ever mentioned. Exporting the registry in this way does not in fact export the whole registry. Values and keys that are locked or in use, the security hive and registry permissions are not backed up. That adds up to thousands of keys that do not get exported.
Read More: https://www.raymond.cc/blog/backup-restore-whole-windows-registry-selected-hives/
However, it's probably okay for your intended usage.

jj2007

  • Member
  • *****
  • Posts: 8435
  • Assembler is fun ;-)
    • MasmBasic
Re: RegEdit bug?
« Reply #2 on: May 08, 2018, 09:41:05 AM »
Yes, that's another problem. But there is also a really buggy behaviour: It simply misses many records towards the end. And those do get exported if you select only the main key, e.g. HKEY_CURRENT_CONFIG.

jimg

  • Member
  • ***
  • Posts: 254
Re: RegEdit bug?
« Reply #3 on: May 08, 2018, 10:20:26 AM »
Try this quick and dirty in a bat file and let me know if it's missing the same
( I just used the r: drive for testing  (my ramdrive))
r: 
reg export HKLM t1.txt /y /reg:64
reg export HKCU t2.txt /y /reg:64
reg export HKCR t3.txt /y /reg:64
reg export HKU t4.txt /y /reg:64
reg export HKCC t5.txt /y /reg:64
copy t1.txt+t2.txt+t3.txt+t4.txt+t5.txt registry.txt

AW

  • Member
  • *****
  • Posts: 1299
  • Let's Make ASM Great Again!
Re: RegEdit bug?
« Reply #4 on: May 08, 2018, 01:33:45 PM »
HKEY_CLASSES_ROOT is just an alias to pieces and bits stored elsewhere in the Registry.
There are other parts that are aliases, namely HKEY_CURRENT_USER which is just the current user loaded hive of HKEy_USERS