The latest version of Registry Finder is 2.30 (October 08, 2018). What's new
powershell get-filehash <filename>
and compare the output with the SHA256 above.
Registry Finder is an improved replacement for the built-in Windows registry editor. It has many features that makes working with registry more productive, comfortable and safe, including:
- Cut/Copy/Paste keys and/or values.
- Undo and redo registry modifications (except changing permissions).
- Multiple local and remote registry windows.
- Fast, non blocking search.
- Whole search results are displayed in a list.
- Multiple search results window.
- Ability to search within previous search results narrowing down your search scope.
- Ability to search for hidden keys.
Registry Finder allows you to browse the local registry; create, delete, rename keys and values; modify values as its natural data type (string, multistring, DWORD) or as a binary data. It is allowed to open multiple Registry windows. Next time you start Registry Finder, those windows will be reopened on the same keys as before.
The Find operation is efficient and quick. All found items are displayed in a separate window as a list. Each line represents a single match with the search criteria. The icon shows where the match occurred: key name, value name or value data. Matched text is highlighted with red.
You can jump to any found item in the Registry window or edit/delete items right in the Find Results window.
Items in the Find Results window can be saved to file in .reg or .txt format. In latter case, items are separated by tabulator. It allows easy data importing and analyzing in other programs, such as Microsoft Excel.
With the Replace feature you can easily replace all or particular occurrences of one string with another. The replacement is performed only in items that are in the Find Results window. In the Replace dialog you specify either all items or just selected ones. After replacement is done, items in the window are updated. If some item do not match the search criteria any more it still remains in the list.
All operations that alter the registry including deletion and replacement can be undone and redone. The operations are listed in the History window. To open it, click View|History in the main menu. The last performed operation is marked with a yellow arrow.
Full name of the key can be copied to clipboard.
Registry Finder can be used without installation. Just download archive with binaries, unpack it into any folder on HDD or USB drive and start the executable. The utility does not store any of its data in the registry. It stores settings in the RegistryFinder.config file located in the same folder as the executable.
Another option is to download and run the installer. It contains both 32-bit and 64-bit versions of binaries, so you do not need to choose. The installer can deploy Registry Finder either in Normal mode or in Portable mode. The later just unpacks binaries into the folder you specify. The Normal mode performs standard things - unpack binaries, create shortcut in the Start Menu, create a desktop icon and make uninstallation entry in the Control Panel. One little difference is that in Normal mode the config file is stored in another place. Specifically, in the %APPDATA%\RegistryFinder folder.
To facilitate importing .reg files with Registry Finder you can add a command to Windows Explorer's context menu for .reg files.
To do so, just execute the ContextMenu-Add.bat file. To remove the command, execute the ContextMenu-Remove.bat file.
Also, you can make Registry Finder, instead of regedit, to perform import when you double-click a .reg file: execute RegFileAssoc-Add.bat. RegFileAssoc-Remove.bat restores import with regedit.
Note. You must execute files with administrator rights, otherwise you'll get the Access denied error.
Running from Write-protected Media
In that case, Registry Finder is fully functional except that the undo history and application settings are not saved (so called No-Save mode). On startup, appropriate message is shown and the status bar contains a yellow triangle sign.
The pop-up message can be suppressed by manually editing the RegistryFinder.config file. Add the following line at the end of the file:
|--help||Prints help message.|
|--computerName arg||Specifies the name or IP address of a computer to connect to.|
|--navigate arg||Specifies a registry key to navigate to. If this parameter is set to "clipboard" then the path is taken from the clipboard.|
|--reopenLocal arg||Restore or not previously opened local registry windows when Registry Finder starts (arg: true or false, default is true).|
|--reopenRemote arg||Restore or not previously opened remote registry windows (arg: true or false, default is true).|
|--dataFolder arg||Specifies folder to store settings and undo history.|
|--import arg||Imports the specified .reg file into the registry.|
The work is always performed in a separate instance (that is the --multiInst is implied).
|--importSilent||Do not display a confirmation of import.|
|--multiInst||When an instance of Registry Finder is already running, starts a new instance. By default, the running instance is activated instead of starting another one.|
Note 1. The parameter names are case insensitive.
Note 2. There are additional parameters (displayed with --help) but they are left undocumented singe they are experimental and may not work as expected.
Registry Finder supports searching so called hidden registry keys. These are the keys with the null character in the name. Such keys cannot be created, deleted, modified or viewed by standard Windows API, so they are not accessible by regedit and most other registry editors.
To quickly evaluate this feature, you can use the "Search only hidden keys" checkbox in the Find dialog.
In the results list the null character is displayed as the bullet sign:
The downloaded archive contains the NReg utility that you can use to create and delete hidden keys for demonstration purposes. Type NReg -h to see the usage information.
Note. HKEY_CLASSES_ROOT is a special case. Registry Finder correctly finds hidden keys in HKEY_CLASSES_ROOT, but it does not go inside them. If you need to look deeper, you have to search at least in HKEY_CURRENT_USER\Software\Classes plus HKEY_LOCAL_MACHINE\SOFTWARE\Classes.
Translations of Registry Finder
Translating Registry Finder into another language
Start MakeLang.exe with the -i parameter:
That creates RegistryFinder_lang.ini file containing all strings used in Registry Finder UI.
- Open the created language ini file in Notepad or in any other text editor.
- Translate all string entries to the desired language and save the file.
Optionally, you can add your name and/or a link to your Web site. This is the "1018=TranslationAuthor" entry under the "[Dialog_#100]" section. TranslationAuthor must be in the form of the <a> HTML tag. For example,
1018=<a href="www.johnsmith.com">John Smith</a>
This information is shown in the About box.
- Start Registry Finder. It automatically invokes MakeLang with the -d parameter to create the RegistryFinder_lang.dll file containing all translated resources in binary form.
If you want to run Registry Finder without the translation, rename the language ini and dll files, or move it to another folder.
Here you can find some clarifications to certain lines in the language file.
If you translate Registry Finder into you language, please send me the language ini file and I will share it with other people.
When Registry Finder encounters an unexpected error it generates crash report and asks you to send it to the developer.
This report contains information essential to investigate and fix the problem. So please prefer pressing the Send report button. If you encounter crash multiple times, do not hesitate to send report two or three times - it is possible, the latter contain slightly different information not available in the former. Press the Close the program button when you believe you already reported the same problem several times.
Please note that due to lack of time, I analyze reports from the latest version only.