Scanreg scans local or remote registries for strings in key names, value names, or data

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

Windows NT Server Resource Kit includes ScanReg.exe which can scan the local or remote registries for strings in key names, value names, or data. This can be very helpful. As a commandline utility, it has potential in login scripts - for example, to scan for the telltale sign of virus scanning or unapproved hacks. The help from ScanReg :

usage:
scanreg 1.05 <[-s] string> < [-k] [-v] [-d] > [[-r] key] [-c] [-e] [-n]
-s  string to search for
-r  root key to start search from (default = HKEY_CURRENT_USER)
    root key can be abbreviated as follows :
     HKEY_LOCAL_MACHINE - lm
     HKEY_CURRENT_USER  - cu
     HKEY_CLASSES_ROOT  - cr
     HKEY_USERS         - us
-k  search keynames (NB : must specify at least one of -k -v or -d)
-v  search valuenames
-d  search data
-c  search case sensitive (default : case INsensitive)
-e  return only exact match (default : return all matches)
-n  no color in output (default : keys red, values green, data yellow)

Examples:  SCANREG -s Windows -k -v -d
           SCANREG -s Windows -kvd
           SCANREG /s Windows /r \lm\software /kvde
           SCANREG Windows \lm -kd -n
           SCANREG Windows \\MOON\HKEY_LOCAL_MACHINE -d
           SCANREG Windows HKEY_CURRENT_USER\software -kvd

Experiment with scanreg. It has great potential. Use the above help syntax as a starting point.

See Also

Featured Links