How do I read another hive with reg?

Question

Hi All,

I am trying to use "reg" from the command line to read the local machine's SAM hive from rescue/troubleshooting rescue mode (booted from the install ISO).

Would someone please correct this command line for me?

X:\> reg query "D:\Windows\System32\config\SAM\hklm\Software\Microsoft\Windows NT\CurrentVersion" /v "ProductName"

Many thanks,

Answer 1

See if "reg load" works. (I have no way to test.)

reg load hklm\xxxx C:\Windows\System32\config\Software
reg query  "hklm\xxxx\Software\Microsoft\Windows NT\CurrentVersion" /v "ProductName"

When you are done.

reg unload hklm\xxxx 

Answer 2

“regedit” and select regedit.exe from the list of apps. 2. Select the desired registry hive There are several different hives which are stored on disk for your operating system

Answer 3

1/2 way there

Answer 4

Got it! I load the SAM when reading from Linux, but Software when reading from Windows

Offline (from the diagnostics cmd shell):

First find the drive letter of the Windows installation:

diskpart
     -> List vol

Presuming it is D:

Note: DO NOT USE THE NAME OF THE HIVE. Just use xxxx or zzzz

reg load hklm\zzzz "D:\Windows\System32\config\Software"
The operation completed successfully.

reg query "hklm\zzzz\Microsoft\Windows NT\CurrentVersion" /v "ProductName"
HKEY_LOCAL_MACHINE\zzzz\Microsoft\Windows NT\CurrentVersion
ProductName REG_SZ Windows 10 Pro

reg unload hklm\zzzz
The operation completed successfully.