News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

RegEdit bug?

Started by jj2007, May 08, 2018, 08:01:41 AM

Previous topic - Next topic

jj2007

It seems that RegEdit cannot export the complete registry on Win7-64.

Normally, selecting Computer and clicking on menu File/Export should export the registry - all of it. But so far my tests have shown that about 10% are missing at the end.

Workaround: Export the main sections, like HKEY_CLASSES_ROOT etc.; then, from a DOS prompt, concatenate them:
copy hk_Root.reg+hk_currentuser.reg+hk_localmachine.reg+hk_users.reg+hk_currentconfig.reg registry.reg

Background to this "discovery" is the attached project aimed at finding a registry key in less than 5 milliseconds:
Reading registry.reg will take up to 10 seconds...
5247201 lines read, 979 ms
322 ms for finding 832686 entries in 5247201 lines

Match at pos 832659, line 5247135: [HKEY_USERS\S-1-5-18\Software\SetID]
Value: "xxwsid_mb"="Base Board Serial Number"

842 µs for finding one entry in 5247201 lines

jimg

This sounds intriguing.
First, I assume you looked around at places like raymond.cc
About using RegEdit to export the whole registry -
QuoteWhile this method does work up to a point it is not a full backup and has several issues, which are hardly ever mentioned. Exporting the registry in this way does not in fact export the whole registry. Values and keys that are locked or in use, the security hive and registry permissions are not backed up. That adds up to thousands of keys that do not get exported.
Read More: https://www.raymond.cc/blog/backup-restore-whole-windows-registry-selected-hives/
However, it's probably okay for your intended usage.

jj2007

Yes, that's another problem. But there is also a really buggy behaviour: It simply misses many records towards the end. And those do get exported if you select only the main key, e.g. HKEY_CURRENT_CONFIG.

jimg

Try this quick and dirty in a bat file and let me know if it's missing the same
( I just used the r: drive for testing  (my ramdrive))
r: 
reg export HKLM t1.txt /y /reg:64
reg export HKCU t2.txt /y /reg:64
reg export HKCR t3.txt /y /reg:64
reg export HKU t4.txt /y /reg:64
reg export HKCC t5.txt /y /reg:64
copy t1.txt+t2.txt+t3.txt+t4.txt+t5.txt registry.txt

aw27

HKEY_CLASSES_ROOT is just an alias to pieces and bits stored elsewhere in the Registry.
There are other parts that are aliases, namely HKEY_CURRENT_USER which is just the current user loaded hive of HKEy_USERS