Hive files are the undocumented binary files that Windows uses to
store the Windows Registry on disk. Hivex is a library that can read
and write to these files.
'hivexsh' is a shell you can use to interactively navigate a hive
'hivexregedit' (in perl-hivex) lets you export and merge to the
textual regedit format.
'hivexml' can be used to convert a hive file to a more useful XML
In order to get access to the hive files themselves, you can copy them
from a Windows machine. They are usually found in
%systemroot%\system32\config. For virtual machines we recommend
using libguestfs or guestfish to copy out these files. libguestfs
also provides a useful high-level tool called 'virt-win-reg' (based on
hivex technology) which can be used to query specific registry keys in
an existing Windows VM.
For OCaml bindings, see 'ocaml-hivex-devel'.
For Perl bindings, see 'perl-hivex'.
For Python bindings, see 'python-hivex'.
For Ruby bindings, see 'ruby-hivex'.
|Command ||Description |
|hivexget ||Get subkey from a Windows Registry binary "hive" file |
|hivexml ||Convert Windows Registry binary "hive" into XML |
|hivexsh ||Windows Registry hive shell |