Reading External Registry

I'm working on a tool that can copy the registry files from a designated drive or image onto a local machine.

After doing that, how would I go about reading from those registry keys? I've seen other people use RegOpenKeyEx but that was on their computer and not an external registry file.

3

Contributors

3

Replies

1 Day

Discussion Span

1 Year Ago

Last Updated

4

Views

brettclavier

Newbie Poster

2 posts since Oct 2011

Reputation Points: 10

Solved Threads: 0

Skill Endorsements: 0

1 Year Ago

0

google for "c++ ReadRemoteRegistry" and you will find several threads, like this one

Ancient Dragon

Achieved Level 70

Team Colleague

32,109 posts since Aug 2005

Reputation Points: 5,836

Solved Threads: 2,575

Skill Endorsements: 68

1 Year Ago

0

Thanks. I had actually seen that but as far as I can tell its using the network to connect to a running computer. My approach is for a forensics class where I have an image of the hard drive or the actual hard drive connected to my machine.

I would then copy the registry to my local computer where I would then open them to look for useful information such as previously connected devices. I've gotten the copying down, its just reading the copied files that has me stumped.

brettclavier

Newbie Poster

2 posts since Oct 2011

Reputation Points: 10

Solved Threads: 0

Skill Endorsements: 0

1 Year Ago

0

Just to clarify: Are you trying to read keys/values in from a registry file (*.reg)?

MonsieurPointer

Junior Poster

143 posts since Jun 2011

Reputation Points: 45

Solved Threads: 15

Skill Endorsements: 0

Reading External Registry

This article has been dead for over three months: Start a new discussion instead