Extracting (or reading) key from registry backup

Off-topic posts of interest to the "Everything" community.
Post Reply
harryray2
Posts: 1104
Joined: Sat Oct 15, 2016 9:56 am

Extracting (or reading) key from registry backup

Post by harryray2 »

I want to read (and if possible extract) a registry key from an old registry backup I made with tweaking.com registry backup and/or the key from a backup I made by just using export from regedit.

I'm about to try a couple of Nirsoft programmes, but in case they don't work, does anyone have any idea how I can go about this?
I'm running Win7.

Thanks.
horst.epp
Posts: 1443
Joined: Fri Apr 04, 2014 3:24 pm

Re: Extracting (or reading) key from registry backup

Post by horst.epp »

I don't understand the problem for files exported from Registry editor.
This are cleartext files formatted as UTF-16 with Bom which can be read by any script language.

The backups from Tweaking.com registry backup tool are binary files
and I don't know any tool which can directly handle this.

A solution would be to use a virtual machine and restore this into it.
Then you can use the Regsitry editor's function to access a network registry.
NotNull
Posts: 5458
Joined: Wed May 24, 2017 9:22 pm

Re: Extracting (or reading) key from registry backup

Post by NotNull »

Common sense dictates that if you used tweaking.com registry backup to create the backup, you should also use that same tool to open and/or restore your backup.

But it is probably not as simple as that.
As Horst said, exporting from regedit gives you a plain text file that can be read by any text editor/viewer.

But I suspect that this registry backup tool makes a binary copy of the original file(s) that contains these registry settings (there are multiple files that make up the registry). Usually these have file extension .DAT for user registry settings (NTUSER.DAT) or no extension (the registry files in c:\windows\system32\config).

You can load these files as extra registry hives in regedit.exe:
  • Start regedit
  • In the left pane, select either HK_local machine or HK_users
    This step is important (even after many years i keep forgetting this and wonder why nothing happens ...)
  • Menu:File > Load hive
  • Browse to the registry file you want to load
  • Name = Backup
  • Browse to (HKLM or HK_U)\Backup
  • Browse to the key(s) you want.
    You can export these keys (Menu:File > Export), but you can't import them straight away as the regkeys will have Backup in their path. You can edit the .reg file in a text editor to remove it.
  • When done, browse to (HKLM or HK_U)\Backup
  • Right-click > unload hive
(you might have to run regedit,exe with elevaed rights)
Post Reply