Scanreg scans local or remote registries for strings in key names, value names, or data


Windows NT Server Resource Kit includes ScanReg.exe
which can scan the local or remote registries for strings in key names,
value names, or data. This can be very helpful. As a commandline utility, it has
potential in login scripts – for example, to scan for the telltale sign of virus
scanning or unapproved hacks. The help from ScanReg :

usage:
scanreg 1.05 <[-s] string> < [-k] [-v] [-d] > [[-r] key] [-c] [-e] [-n]
-s string to search for
-r root key to start search from (default = HKEY_CURRENT_USER)
root key can be abbreviated as follows :
HKEY_LOCAL_MACHINE – lm
HKEY_CURRENT_USER – cu
HKEY_CLASSES_ROOT – cr
HKEY_USERS – us
-k search keynames (NB : must specify at least one of -k -v or -d)
-v search valuenames
-d search data
-c search case sensitive (default : case INsensitive)
-e return only exact match (default : return all matches)
-n no color in output (default : keys red, values green, data yellow)

Examples: SCANREG -s Windows -k -v -d
SCANREG -s Windows -kvd
SCANREG /s Windows /r \lm\software /kvde
SCANREG Windows \lm -kd -n
SCANREG Windows \\MOON\HKEY_LOCAL_MACHINE -d
SCANREG Windows HKEY_CURRENT_USER\software -kvd


Experiment with scanreg. It has great potential. Use the above help syntax as
a starting point.

Leave a Comment

Your email address will not be published.

Scroll to Top