X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;f=regedit%2Fhivexregedit;h=966f725f2409398adf4c7687577df02cf602425c;hb=41c6e04831b0a6c6b1b15075d9f7c30b6c95e72b;hp=0ad1352be801b58f5593440cd25727ee2c969fc4;hpb=70760da7f41e0ebc45122090ed624a6fea60b5d7;p=hivex.git diff --git a/regedit/hivexregedit b/regedit/hivexregedit index 0ad1352..966f725 100755 --- a/regedit/hivexregedit +++ b/regedit/hivexregedit @@ -51,13 +51,13 @@ C<--export> exports a Registry key (recursively) into the regedit format. =head2 ENCODING -C expects that regedit files have already been reencoded +C expects that regedit files have already been re-encoded in the local encoding. Usually on Linux hosts, this means UTF-8 with Unix-style line endings. Since Windows regedit files are often in -UTF-16LE with Windows-style line endings, you may need to reencode the +UTF-16LE with Windows-style line endings, you may need to re-encode the whole file before or after processing. -To reencode a file from Windows format to Linux (before processing it +To re-encode a file from Windows format to Linux (before processing it with the C<--merge> option), you would do something like this: iconv -f utf-16le -t utf-8 < win.reg | dos2unix > linux.reg @@ -89,8 +89,23 @@ backslashes (but not both) to protect them from the shell. Registry keys like C don't really exist in the Windows Registry at the level of the hive file, and therefore you -cannot modify these. Replace this with C, and -similarly for other C keys. +cannot modify these. + +C is usually an alias for C. In +some circumstances it might refer to another control set. The way +to find out is to look at the C key: + + $ hivexregedit --export SYSTEM '\Select' + [\Select] + "Current"=dword:00000001 + "Default"=dword:00000001 + "Failed"=dword:00000000 + "LastKnownGood"=dword:00000002 + +"Current" is the one which Windows will choose when it boots. + +Similarly, other C keys in the path may need to +be replaced. =head1 EXAMPLE