How to read Registry entries from disk archive?

Solution 1:

The registry files, which are called "hives", are not hidden. They are the files-without-extensions in \Windows\System32\config . For example, the "system" hive (seen in regedit as HKEY_LOCAL_MACHINE\System ) is \Windows\System32\config\System . And, each user's user profile hive is ntuser.dat in that user's "home directory", which in XP was \Documents and settings\username .

To read these, just run regedit and select either HKEY_LOCAL_MACHINE or HKEY_USER in the left pane. Then go to File | Load hive . Browse to where the old hive file is and select it. Then it will prompt for a key name. Make up a name that will be the "parent" key for everything in that hive. (Don't use something like System that's already there. You could use old_system though.) OK out and you will find your new parent key name under e.g. 'HKEY_LOCAL_MACHINE' and the contents of the hive under there.

You don't need to worry about the .sav, etc., files that have the same base name. regedit will handle those for you.

File permissions and registry key permissions will apply, so if the keys you're trying to look at aren't readable by Everyone, you'll likely have to take ownership of them and set a new permissions list.

To unload the hive, select the hive's "parent" key in the left pane (like old_system in the above example) and use File | Unload hive.

Loading a hive is not persistent across boots, so all of these manually loaded hives will be automatically unloaded at shutdown and not reloaded again unless you go through this again. Loading a hive does take some pageable kernel space memory, but the size is rather small for modern systems, os there's no great harm if you forget to do the unload.

Solution 2:

How can I read the old XP Registry entries using my new Windows 10 laptop?

You can read the entries using "regedt32" > "File" > "Load Hive".

Note:

  • You made need to take ownership of these files to read them. If so please see my answer "I need to set the proper permission for this action".

The registry files (hives) are located as follows:

A registry hive is a group of keys, subkeys, and values in the registry that has a set of supporting files that contain backups of its data.

The supporting files for all hives except HKEY_CURRENT_USER are in the %SystemRoot%\System32\Config folder on Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, and Windows Vista.

The supporting files for HKEY_CURRENT_USER are in the %SystemRoot%\Profiles\Username folder.

The file name extensions of the files in these folders indicate the type of data that they contain. Also, the lack of an extension may sometimes indicate the type of data that they contain.

Registry hive                 Supporting files
HKEY_LOCAL_MACHINE\SAM        Sam, Sam.log, Sam.sav
HKEY_LOCAL_MACHINE\Security   Security, Security.log, Security.sav
HKEY_LOCAL_MACHINE\Software   Software, Software.log, Software.sav
HKEY_LOCAL_MACHINE\System     System, System.alt, System.log, System.sav
HKEY_CURRENT_CONFIG           System, System.alt, System.log, System.sav, Ntuser.dat, Ntuser.dat.log
HKEY_USERS\DEFAULT            Default, Default.log, Default.sav

Source Windows registry information for advanced users