Is there a software that can index the contents of the registry for quick lookups? [closed]
Searching in the Windows registry can be ve------ry------ lo----ng.
Is there some tool available that can index the contents of the whole registry, or contents of a single hive, such that fast lookups are available? (for example generating some SQLite database with FTS3 or FTS4 enabled for full text search)
Thank you.
PS. I don't want RegScanner or tools that perform a new, linear search every time. I want an indexer, with which then a search can be instantaneous. See question comments.
Solution 1:
Introduction
I've written an application that indexes the registry and another application that searches this index.
This results in near instant results while you type, this allows you to quickly search several things.
See this video demonstration, shows how quick results are, three different searches and two registry jumps.
The Index
For indexing purposes, I'm using Lucene.net, doesn't that sound familiar?
This allows me to index data straight out of the registry, without using a SQL database to store the data in. Furthermore, Lucene.net has a lot of indexing options and search related features which come in handy!
This index will be stored in %LOCALAPPDATA%\RegistryIndex, and has a size of around 160 MB.
Application 1: RegistryIndex.exe
This will dump the whole registry to the above mentioned index folder,
please note that HKEY_CLASSES_ROOT and HKEY_CURRENT_USER are shortcut hives and thus not indexed.
Although it does work without you might want to configure it to automatically run as administrator.
Once the application shows that it is done, you can close the window and thus the index has been made.
Application 2: RegistrySearch.exe
This one is simple, type something to search in the text box above and results will flow in.
Typing incorrect syntax will result in a yellow text box and the error in the status bar at the bottom.
Special search features like wildcard and boolean operations are supported, see Query Syntax for more information. Please note that specifying fields will not work in the current setting, the system searches in a concatenation of tokenized path and value. So A\B\C with value D E F becomes A B C D E F.
Example of searching an exact path: "HKEY_LOCAL_MACHINE SOFTWARE"
The search is limited to 1000 results.
Double click an entry to jump to it in the registry, this uses regjump.exe from SysInternals.
You need to run the search program as an administrator for the jump to work, accept EULA the first time.
Future features
See the current version as a Technical Preview, it does work but could use refactoring and make-up.
- Application icon & version
- Configuration
- Highlighting results
- Installer package
- Monitor service (Tracks registry changes using a hook and update the index)
Changes
- 21/03: Now stores in
%LOCALAPPDATA%, asks forAdministratorspermission.
Download
Click here to download, unzip all files to a preferred location, create shortcuts to RegistryIndex/Search.exe.
Source
It's non-obfuscated, so to inspect the IL you can use Reflector if you want to.
I might release source when it is refactored with a bit more features, perhaps I can put it on CodePlex.
Solution 2:
Look at NirSoft's RegScanner. Not an indexer, but it way out-searches RegEdit and it will open RegEdit for you to a selected hit, among other cool features. Definitely try it before you start a development project (unless you want to do the project for the sake of doing it) - you may find you don't really need more.
Solution 3:
You could export the registry to a .reg text file and use your favourite editor to search it.