How to read Registry entries from disk archive?
Solution 1:
The registry files, which are called "hives", are not hidden. They are the files-without-extensions in \Windows\System32\config
. For example, the "system" hive (seen in regedit as HKEY_LOCAL_MACHINE\System
) is \Windows\System32\config\System
. And, each user's user profile hive is ntuser.dat
in that user's "home directory", which in XP was \Documents and settings\username
.
To read these, just run regedit
and select either HKEY_LOCAL_MACHINE
or HKEY_USER
in the left pane. Then go to File | Load hive
. Browse to where the old hive file is and select it. Then it will prompt for a key name. Make up a name that will be the "parent" key for everything in that hive. (Don't use something like System
that's already there. You could use old_system
though.) OK out and you will find your new parent key name under e.g. 'HKEY_LOCAL_MACHINE' and the contents of the hive under there.
You don't need to worry about the .sav
, etc., files that have the same base name. regedit
will handle those for you.
File permissions and registry key permissions will apply, so if the keys you're trying to look at aren't readable by Everyone, you'll likely have to take ownership of them and set a new permissions list.
To unload the hive, select the hive's "parent" key in the left pane (like old_system
in the above example) and use File | Unload hive
.
Loading a hive is not persistent across boots, so all of these manually loaded hives will be automatically unloaded at shutdown and not reloaded again unless you go through this again. Loading a hive does take some pageable kernel space memory, but the size is rather small for modern systems, os there's no great harm if you forget to do the unload.
Solution 2:
How can I read the old XP Registry entries using my new Windows 10 laptop?
You can read the entries using "regedt32" > "File" > "Load Hive".
Note:
- You made need to take ownership of these files to read them. If so please see my answer "I need to set the proper permission for this action".
The registry files (hives) are located as follows:
A registry hive is a group of keys, subkeys, and values in the registry that has a set of supporting files that contain backups of its data.
The supporting files for all hives except
HKEY_CURRENT_USER
are in the%SystemRoot%\System32\Config
folder on Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, and Windows Vista.The supporting files for
HKEY_CURRENT_USER
are in the%SystemRoot%\Profiles\Username
folder.The file name extensions of the files in these folders indicate the type of data that they contain. Also, the lack of an extension may sometimes indicate the type of data that they contain.
Registry hive Supporting files HKEY_LOCAL_MACHINE\SAM Sam, Sam.log, Sam.sav HKEY_LOCAL_MACHINE\Security Security, Security.log, Security.sav HKEY_LOCAL_MACHINE\Software Software, Software.log, Software.sav HKEY_LOCAL_MACHINE\System System, System.alt, System.log, System.sav HKEY_CURRENT_CONFIG System, System.alt, System.log, System.sav, Ntuser.dat, Ntuser.dat.log HKEY_USERS\DEFAULT Default, Default.log, Default.sav
Source Windows registry information for advanced users