The Registry Editor, or regedit.exe, allows the import and export of Windows registry entry files from the command line. It’s usage though, could prove to be a bit restrictive from the command line. From Windows XP edition onwards, Microsoft has included another command line tool called REG, or reg.exe. This tool is able perform almost all the tasks as it’s GUI counterpart – regedit.exe.
Query the Registry
REG allows you to query specific keys and values. It also allows recursive and case sensitive searches.
To get a list of programs that are run when your computer starts, run REG as:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
C:\>reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide ccApp REG_SZ "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" Google Desktop Search REG_SZ "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup SunJavaUpdateSched REG_SZ "C:\java\jre6\bin\jusched.exe" Acrobat Assistant 8.0 REG_SZ "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Default) REG_SZ NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents |
To query a specific value, run REG as:
|
1 2 3 4 |
C:\>reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v ccApp HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run ccApp REG_SZ "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" |
Add to Registry
To add a new software to the startup list, run REG as:
|
1 2 |
C:\>reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v MySoftware /t REG_SZ /d "c:\path\to\software.exe" The operation completed successfully. |
Note that you will need an Administrator Command Prompt to add entries to the registry.
Delete from Registry
To delete the entry we have created in the example above, run REG as:
|
1 2 |
C:\>echo Y|reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v MySoftware Delete the registry value MySoftware (Yes/No)? The operation completed successfully. |
Note the presence of the command ‘echo Y|’ piped to reg. This sends the ‘Y’ character to the delete confirmation prompt. To delete without the prompt, run REG as:
|
1 2 |
C:\>echo Y|reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v MySoftware /f The operation completed successfully. |
Alternative Ways to Access the Registry from the Command Line
If you have Cygwin installed, you can access the registry from the directory /proc/registry/, which is part of the /proc virtual filesystem. Another tool under Cygwin is regtool. To find out more about regtool, refer to the man pages.
Mohamed Ibrahim
ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }
