Using REG command line tool for registry operation

Reg.exe is a command line tool provided in Windows operating system to perform registry operation.[more] It is capable of performing all the operation that we can in GUI Regedit.exe
Reg.exe has been a part of Windows since Windows XP. All later version contains this tool.

Reg.exe has the following switches:
REG Operation [Parameter List]

    Operation:

  • QUERY: Querying a registry key. Details…
  • ADD: Adding a registry key or value. Details…
  • DELETE: Deleting a registry key or value. Details…
  • COPY: Copying a registry key or value. Details…
  • LOAD: Loading a registry key. Details…
  • UNLOAD: Unloading a registry key. Details…
  • SAVE: Saving a a registry key or value. Details…
  • RESTORE: Restoring a registry key. Details…
  • COMPARE: Comparing two different registry keys. Details…
  • EXPORT: Exporting a registry key Details…
  • IMPORT: Importing a registry key. Details…

Return Code: (Except for REG COMPARE) 0 - Successful 1 - Failed

 

REG QUERY

Syntax: REG QUERY KeyName [/v [ValueName] | /ve] [/s] [/f Data [/k] [/d] [/c] [/e]] [/t Type] [/z] [/se Separator]

/v:   Queries for a specific registry key values.If omitted, all values for the key are queried.
Argument to this switch can be optional only when specified along with /f switch. This specifies to search in valuenames only.
/ve:  Queries for the default value or empty value name (Default).
/s:   Queries all subkeys and values recursively (like dir /s).
/se:  Specifies the separator (length of 1 character only) in data string for REG_MULTI_SZ. Defaults to “\0” as the separator.
/f:   Specifies the data or pattern to search for. Use double quotes if a string contains spaces. Default is “*”.
/k:   Specifies to search in key names only.
/d:   Specifies the search in data only.
/c:   Specifies that the search is case sensitive. The default search is case insensitive.
/e:   Specifies to return only exact matches. By default all the matches are returned.
/t:   Specifies registry value data type. Valid types are: REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ, REG_DWORD, REG_BINARY, REG_NONE
/z:   Verbose: Shows the numeric equivalent for the type of the valuename.

Examples: REG QUERY HKLM\Software\Microsoft\ResKit /v Version
 Displays the value of the registry value Version
REG QUERY HKLM /f SYSTEM /t REG_SZ /c /e
 Displays Key, Value and Data with case sensitive and exact occurrences of "SYSTEM" under HKLM root for the data type REG_SZ

REG ADD

REG ADD KeyName [/v ValueName | /ve] [/t Type] [/s Separator] [/d Data] [/f]

KeyName   [\\Machine\]FullKey. Machine Name of remote machine – omitting defaults to the current machine. Only HKLM and HKU are available on remote machines.
/v   The value name, under the selected Key, to add.
/ve   adds an empty value name (Default) for the key.
/t   RegKey data types: [ REG_SZ | REG_MULTI_SZ | REG_EXPAND_SZ | REG_DWORD | REG_BINARY | REG_NONE ] If omitted, REG_SZ is assumed.
/s   Specify one character that you use as the separator in your data string for REG_MULTI_SZ. If omitted, use “\0” as the separator.
/d   The data to assign to the registry ValueName being added.
/f   Force overwriting the existing registry entry without prompt.

Examples: REG ADD \\ABC\HKLM\Software\MyCo
 Adds a key HKLM\Software\MyCo on remote machine ABC
REG ADD HKLM\Software\MyCo /v Data /t REG_BINARY /d fe340ead
 Adds a value (name: Data, type: REG_BINARY, data: fe340ead)

REG DELETE

REG DELETE KeyName [/v ValueName | /ve | /va] [/f]

KeyName   [\\Machine\]FullKey. Machine Name of remote machine – omitting defaults to the current machine. Only HKLM and HKU are available on remote machines.
FullKey: ROOTKEY\SubKey.  ROOTKEY: HKLM | HKCU | HKCR | HKU | HKCC.  SubKeyThe full name of a registry key under the selected ROOTKEY.
ValueName   The value name, under the selected Key, to delete. When omitted, all subkeys and values under the Key are deleted.
/ve   delete the value of empty value name (Default).
/va  delete all values under this key.
/f   Forces the deletion without prompt.

Examples: REG DELETE HKLM\Software\MyCo\MyApp\Timeout
 Deletes the registry key Timeout and its all subkeys
REG DELETE \\ZODIAC\HKLM\Software\MyCo /v MTU
 Deletes the registry value MTU under MyCo on ZODIAC

REG COPY

REG COPY KeyName1 KeyName2 [/s] [/f]

/s   Copies all subkeys and values.
/f   Forces the copy without prompt.
Note: If ‘/s’ switch is not used, it will copy only the values in the specified registry and not the subkeys.

Example:
REG COPY HKLM\Software\MyCo\MyApp HKLM\Software\MyCo\SaveMyApp /s
Copies all subkeys and values under the key MyApp to the key SaveMyApp
REG COPY \\ZODIAC\HKLM\Software\MyCo HKLM\Software\MyCo1
Copies all values under the key MyCo on ZODIAC to the key MyCo1 on the current machine

REG LOAD

REG LOAD KeyName FileName

KeyName:   [\\Machine\]FullKey. Machine Name of remote machine – omitting defaults to the current machine. Only HKLM and HKU are available on remote machines.
FileName: The name of the hive file to load. You must use REG SAVE to create this file.

Example:
REG LOAD HKLM\TempHive TempHive.hiv
Loads the file TempHive.hiv to the Key HKLM\TempHive

 

REG UNLOAD

REG UNLOAD KeyName

KeyName: ROOTKEY\SubKey (local machine only)

Example:
REG UNLOAD HKLM\TempHive
Unloads the hive TempHive in HKLM

REG SAVE

REG SAVE KeyName FileName [/y]

FileName:   The name of the disk file to save. If no path is specified, the file is created in the current folder of the calling process.
/y:   Force overwriting the existing file without prompt.

Example:
REG SAVE HKLM\Software\MyCo\MyApp AppBkUp.hiv
Saves the hive MyApp to the file AppBkUp.hiv in the current folder

REG RESTORE

REG RESTORE KeyName FileName

KeyName:   ROOTKEY\SubKey (local machine only)
FileName:    The name of the hive file to restore. You must use REG SAVE to create this file.

Example:
REG RESTORE HKLM\Software\Microsoft\ResKit NTRKBkUp.hiv
Restores the file NTRKBkUp.hiv overwriting the key ResKit

REG COMPARE

REG COMPARE KeyName1 KeyName2 [/v ValueName | /ve] [Output] [/s]

KeyName:   [\\Machine\]FullKey
ValueName:   The value name, under the selected Key, to compare. When omitted, all values under the Key are compared.
/ve:   compare the value of empty value name (Default).
/s:   Compare all subkeys and values.

 

Output [/oa | /od | /os | /on]
When omitted, output only differences.
/oa:   Output all of differences and matches.
/od:   Output only differences.
/os:   Output only matches.
/on:   No output.

 

Return Code: List of return values for reg compare
0 – Successful, the result compared is identical
1 – Failed
2 – Successful, the result compared is different

Note: The symbols at the front of each ouputted line are defined as:
= means FullKey1 data is equal to FullKey2 data
< refers to FullKey1 data and is different than FullKey2 data
> refers to FullKey2 data and is different than Fullkey1 data

Example:
REG COMPARE HKLM\Software\MyCo\MyApp HKLM\Software\MyCo\SaveMyApp
Compares all values under the key MyApp with SaveMyApp
REG COMPARE HKLM\Software\MyCo HKLM\Software\MyCo1 /v Version
Compares the value Version under the key MyCo and MyCo1
REG COMPARE \\ZODIAC\HKLM\Software\MyCo \\. /s
Compares all subkeys and values under HKLM\Software\MyCo on ZODIAC with the same key on the current machine
REG COMPARE HKLM\Software\Test HKLM\Software\Test2 /s /os
Compare all the values and list all the matches. Each result will have '=' sign at the begining

REG EXPORT

REG EXPORT KeyName FileName [/y]

Keyname:   ROOTKEY[\SubKey] (local machine only).
FileName:   The name of the disk file to export.
/y:   Force overwriting the existing file without prompt.

Example:
REG EXPORT HKLM\Software\MyCo\MyApp AppBkUp.reg
Exports all subkeys and values of the key MyApp to the file AppBkUp.reg

REG IMPORT

REG EXPORT FileName [/y]

FileName:   The name of the disk file to import (local machine only).

Example:
REG IMPORT AppBkUp.reg
Imports registry entries from the file AppBkUp.reg