Welcome, Guest! Log In | Create Account

Share

Windows Registry Shell

File Release Notes and Changelog

Release Name: WinRegSh v1.5

Notes:
---------------------------------
WinRegSh - Windows Registry Shell
---------------------------------

---------------------------------
Table of Contents
---------------------------------
1    Bug Fixes
1.1  Previous Bug Fixes
2    To Be Fixed
3    Command Line
4    Commands
4.1  Navigation
4.2  Hives
4.3  Keys
4.4  Values
4.5  Symbolic Links
4.6  Reg Files
4.7  Permissions
4.8  Other
5    Special Characters
6    About
7    Source Code

---------------------------------
1. Bug Fixes
---------------------------------
- Build environment moved to Visual Studio 2008.
- Now using safe string functions.
- Now using try-finally instead of goto.
- Token permissions modified for Windows Vista support.
- Hive export modified for Windows 2000 support.
- Safe CTRL+C handling for multi-thread.
- Unsafe CTRL+BRK handling for multi-thread.

---------------------------------
1.1 Previous Bug Fixes
---------------------------------
- Enabled building /W4 (extra-anal warnings) and /WX (warnings as errors).
- Granted extra privs for hive commands which require them.
- Extra build info in about command.
- fork command now wraps the directory name in quotes.
- Better value creation/display for seldom-used value types.
- Added the perm command.

---------------------------------
2. To Be Fixed
---------------------------------
- Unicode support.
- Querying the trustee type for perm command always returns unknown.
- Some commands (e.g. find) don't behave as expected when executed from within
  the root directory.
- Need rename key and rename value commands.
- Wildcard matching for dir command.
- Support for remote registries.

---------------------------------
3. Command Line
---------------------------------
WinRegSh has a few command line switches which you'll probably find useful.

-h prints help.
-c executes a WinRegSh command and exits.
-i starts an interactive shell (default behavior).

-c is very useful in conjunction with the source command.  You can fill a file
with arbitrarily many WinRegSh commands, and have them all execute 
non-interactively via something like:

  WinRegSh.exe -c "source mycmdfile.txt"

Or you may want to perform just a simple task such as a directory listing:

  WinRegSh.exe -c "dir hklm\software"

You can combine -c and -i to execute a command before starting an
interactive shell:

  WinRegSh.exe -c "ls hklm\software" -i

You have to be careful about passing quoted strings to WinRegSh via the
command line.  Remember that the Windows command prompt eats the quotes
before passing them to WinRegSh.  For example, this won't work:

  WinRegSh.exe -c "ls hklm\software\Microsoft\Windows NT"

You'd need to use the setchar command to join the Microsoft NT key name:

 WinRegSh.exe -c "setchar -j `; ls `hklm\software\Microsoft\Windows NT`"

---------------------------------
4. Commands
---------------------------------
Commands can be entered any of three ways:

	- The typical command line interface (e.g. starting WinRegSh without
		any command line options).
	- A source file (see "source" command, below).
	- The WinRegSh command line (see "-c" option to WinRegSh, above).

If you want to stop a command prematurely, you can try CTRL+C or CTRL+BRK.
Use CTRL+BRK only as a last resort.

---------------------------------
4.1. Navigation
---------------------------------
cd - Use it exactly like you think you should.
ls - Displays a list of keys and values.
history - Displays previously entered commands.

Pressing the tab key will auto-complete a partially typed key name
or value name.  If the completion is ambiguous, all possible matches
are displayed.

Press up/down to retrieve previously entered commands.

---------------------------------
4.2 Hives
---------------------------------
exhive - Exports a hive.
imhive - Imports a hive.
ldhive - Loads a hive.
unhive - Unloads a hive.

Windows places restrictions on where a hive can be loaded.  HKEY_LOCAL_MACHINE 
and HKEY_USERS are at least valid.

Windows requires higher-than-normal process privileges for hive operations.
Sometimes, especially on Windows Vista, you'll get one of these error messages:

	A required privilege is not held by the client
	Not all privileges or groups referenced are assigned to the caller
	
when WinRegSh is not able to grant itself both of SE_RESTORE_NAME and
SE_BACKUP_NAME privileges.  If so, you must start your WinRegSh session with
those privileges defined.  One method to accomplish this may be to right click
on the WinRegSh icon and select "Run as... Administrator" or some user other
than Administrator with higher-than-normal privileges.  (Sadly, but
understandably, Microsoft exposes no programmatic method for granting (or even
denying!) new privileges to a running process.)

When exporting a hive, Microsoft's documentation is not clear on when
compression can be enabled/disabled.  The documentation that does exist does
not seem to match empirical testing.

---------------------------------
4.3 Keys
---------------------------------
mkkey - Makes a key.
cpkey - Copies a key.
rmkey - Removes a key.

---------------------------------
4.4 Values
---------------------------------
mkval - Creates a new value.
cpval - Copies a value.
rmval - Removes a value.
cat - Displays a value's contents.

Creating a new value can be tricky.  There are a few oft-used value types but
also several seldom-used value types.  For the oft-used types, you create them
like you think you might:

 mkval xxx REG_SZ SzStringData
 mkval xxx REG_MULTI_SZ MultiSzStringData0 MultiSzStringData1
 mkval xxx REG_DWORD 0x12345678
 
For the seldom-used types, you must enter their data in a less friendly
manner.  You must use hex bytes:

 mkval xxx REG_RESOURCE_LIST 01 fe 2c
 mkval xxx REG_BINARY 01 02 0e 0f ff 00
 
Also, if you wish to display the seldom-used types, you almost certainly wish
to use the -g option to cat.  It will print the data on a byte grid.

---------------------------------
4.5 Symbolic Links
---------------------------------
mklink - Creates a symbolic link.
rmlink - Removes a symbolc link.

---------------------------------
4.6 Reg Files
---------------------------------
imreg - Imports registry data from a .reg file.
exreg - Exports registry data to a .reg file.

---------------------------------
4.7 Permissions
---------------------------------
perm - Displays permissions for a key.

At some point there will be a setperm command, but not yet.

The perm command displays the owner, group, and trustees for a key.  Each
trustee has a set of access types.  Access types are granted or denied
or some other states as well.  Each access type has a set of associated
permissions.

---------------------------------
4.8 Other
---------------------------------
help - Displays more help than what you'll find in this README.TXT.
find - Searches for registry data.
fork - Creates a new instance of WinRegSh.
pause - Pauses operation until a key is pressed.
screen - Resizes the screen.
setchar - Changes various specially recognized characters.
source - Reads a file for commands and executes them.
imran - Scanner something error happens.
rem - Renders moot everything postcedent.
echo - Prints to the console everything postcedent.
exit - Exits from the command line.

Various commands have aliases.  For example, cat/type, ls/dir, exit/quit,
rem/#, and help/?.

---------------------------------
5. Special Characters
---------------------------------
Key names and value names can contain just about any character.  As such, it's 
important for WinRegSh to provide a mechanism to access those keys and values.

Suppose a key name contains a space character.  Such a key name might be 
Microsoft NT.  To cd into that key, you'd do this:

  cd "Micosoft NT"

Now suppose the key name contains a double quote.  Such a key name might be 
xxx"yyy.  To cd into that key, you need to use the setchar command, then the
cd command:

  setchar -j =
  cd xxx"yyy

Now suppose the key name contains both a space and a double quote.  Such a key
name might be xxx" yyy.  To cd into that key, you'd again need to use the 
setchar command, then the cd command:

  setchar -j =
  cd =xxx" yyy=

Key names and value names might also contain slashes in their names.  Such a
key name might be xxx\yyy.  Once again, the setchar command must be used:

  setchar -d |
  cd xxx\yyy

Sometimes you might wish to execute more than one command at a time.  Such a 
command line might look like:

  cd hklm\software ; ls

However, key names and value names might contain semicolons.  If you've read 
this far you can probably guess you need the setchar command:

  setchar -c ,
  cd hklm\software\xxx;yyy , ls

---------------------------------
6. About
---------------------------------
WinRegSh was/is written by me, Eric Gumtow.  I don't care to make any sort of 
profit from it.  I hope you find it useful.

I think WinRegSh works fairly well.  There aren't any obvious and major bugs.  
If you do find such a bug, let me know and I'll probably fix it.
Alternatively, you're free to fix the bug.

WinRegSh is hosted on SourceForge, where you can download the source code
and/or join the development team for WinRegSh.

WinRegSh is licensed under the GNU General Public License.

---------------------------------
6. Source Code
---------------------------------
You can download the source code from SourceForge.  Building from source
requires Visual Studio 2008.  I have not yet built with Visual Studio 2008
Service Pack 1.


Changes:

 

About SourceForge

Find Software

Develop Software

Community

Help

Copyright © 2009 Geeknet, Inc. All rights reserved. Terms of Use