Package hivex

Read and write Windows Registry binary hive files

Hive files are the undocumented binary files that Windows uses to
store the Windows Registry on disk.  Hivex is a library that can read
and write to these files.

'hivexsh' is a shell you can use to interactively navigate a hive
binary file.

'hivexregedit' (in perl-hivex) lets you export and merge to the
textual regedit format.

'hivexml' can be used to convert a hive file to a more useful XML

In order to get access to the hive files themselves, you can copy them
from a Windows machine.  They are usually found in
%systemroot%\system32\config.  For virtual machines we recommend
using libguestfs or guestfish to copy out these files.  libguestfs
also provides a useful high-level tool called 'virt-win-reg' (based on
hivex technology) which can be used to query specific registry keys in
an existing Windows VM.

For OCaml bindings, see 'ocaml-hivex-devel'.

For Perl bindings, see 'perl-hivex'.

For Python 2 bindings, see 'python2-hivex'.

For Python 3 bindings, see 'python3-hivex'.

For Ruby bindings, see 'ruby-hivex'.
General Commands
Command Description
hivexget Get subkey from a Windows Registry binary "hive" file
hivexml Convert Windows Registry binary "hive" into XML
hivexsh Windows Registry hive shell