How do I read another hive with reg?

Todd Chester 646 Reputation points

Hi All,

I am trying to use "reg" from the command line to read the local machine's SAM hive from rescue/troubleshooting rescue mode (booted from the install ISO).

Would someone please correct this command line for me?

X:\> reg query "D:\Windows\System32\config\SAM\hklm\Software\Microsoft\Windows NT\CurrentVersion" /v "ProductName"

Many thanks,

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,808 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,418 questions
0 comments No comments
{count} votes

Accepted answer
  1. MotoX80 32,246 Reputation points

    See if "reg load" works. (I have no way to test.)

    reg load hklm\xxxx C:\Windows\System32\config\Software
    reg query  "hklm\xxxx\Software\Microsoft\Windows NT\CurrentVersion" /v "ProductName"

    When you are done.

    reg unload hklm\xxxx 

3 additional answers

Sort by: Most helpful
  1. MOHAMEDMAHMOUDMOHAMEDIBRAHIM-8904 61 Reputation points

    “regedit” and select regedit.exe from the list of apps. 2. Select the desired registry hive There are several different hives which are stored on disk for your operating system

  2. Todd Chester 646 Reputation points

    1/2 way there



  3. Todd Chester 646 Reputation points

    Got it! I load the SAM when reading from Linux, but Software when reading from Windows

    Offline (from the diagnostics cmd shell):

    First find the drive letter of the Windows installation:

         -> List vol

    Presuming it is D:

    Note: DO NOT USE THE NAME OF THE HIVE. Just use xxxx or zzzz

    reg load hklm\zzzz "D:\Windows\System32\config\Software"
    The operation completed successfully.

    reg query "hklm\zzzz\Microsoft\Windows NT\CurrentVersion" /v "ProductName"
    HKEY_LOCAL_MACHINE\zzzz\Microsoft\Windows NT\CurrentVersion
    ProductName REG_SZ Windows 10 Pro

    reg unload hklm\zzzz
    The operation completed successfully.

    0 comments No comments