Reggie

Synopsis

reggie is a fast registry searcher for Windows.

Currently, it only searches for keys by name. It parallelizes via rayon, though it has the option of running in single-threaded mode without it.

Run reggie -h for help.

Examples

List registry hives available:

$ reggie -l HKLM, HKEY_LOCAL_MACHINE, -2147483646 HKCR, HKEY_CLASSES_ROOT, -2147483648 HKCC, HKEY_CURRENT_CONFIG, -2147483643 HKCU, HKEY_CURRENT_USER, -2147483647 HKCULL, HKEY_CURRENT_USER_LOCAL_SETTINGS, -2147483641 HKDD, HKEY_DYN_DATA, -2147483642 HKPD, HKEY_PERFORMANCE_DATA, -2147483644 HKPL, HKEY_PERFORMANCE_NLSTEXT, -2147483552 HKPT, HKEY_PERFORMANCE_TEXT, -2147483568 HKU, HKEY_USERS, -2147483645

List registry keys in the HKEY_LOCAL_MACHINE hive by default:

``` $ reggie -p | head HKLM HKLM\HARDWARE HKLM\HARDWARE\ACPI HKLM\HARDWARE\ACPI\DSDT HKLM\HARDWARE\ACPI\DSDT\ALASKA HKLM\HARDWARE\ACPI\DSDT\ALASKA\AMI_ HKLM\HARDWARE\ACPI\DSDT\ALASKA\AMI_\01072009 HKLM\HARDWARE\ACPI\FACS HKLM\HARDWARE\ACPI\FADT HKLM\HARDWARE\ACPI\FADT\ALASKA Error: Os { code: 232, kind: BrokenPipe, message: "The pipe is being closed." }

$ reggie -H HKLM -p | head HKLM HKLM\HARDWARE HKLM\HARDWARE\ACPI HKLM\HARDWARE\ACPI\DSDT HKLM\HARDWARE\ACPI\DSDT\ALASKA HKLM\HARDWARE\ACPI\DSDT\ALASKA\AMI_ HKLM\HARDWARE\ACPI\DSDT\ALASKA\AMI_\01072009 HKLM\HARDWARE\ACPI\FACS HKLM\HARDWARE\ACPI\FADT HKLM\HARDWARE\ACPI\FADT\ALASKA Error: Os { code: 232, kind: BrokenPipe, message: "The pipe is being closed." } ```

(note: Examples are running in a MINGW64 environment)

Search for registry keys that case insensitively contain "mozilla" within the HKEY_LOCAL_MACHINE hive:

$ reggie -H HKLM -f "mozilla" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 112.0.1 (x64 en-US) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService HKLM\SOFTWARE\Mozilla HKLM\SOFTWARE\Mozilla\Firefox HKLM\SOFTWARE\Mozilla\Firefox\TaskBarIDs HKLM\SOFTWARE\Mozilla\MaintenanceService HKLM\SOFTWARE\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00 HKLM\SOFTWARE\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00\0 HKLM\SOFTWARE\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00\1 HKLM\SOFTWARE\Mozilla\Mozilla Firefox HKLM\SOFTWARE\Mozilla\Mozilla Firefox 112.0.1 HKLM\SOFTWARE\Mozilla\Mozilla Firefox 112.0.1\bin HKLM\SOFTWARE\Mozilla\Mozilla Firefox 112.0.1\extensions HKLM\SOFTWARE\Mozilla\Mozilla Firefox\112.0.1 (x64 en-US) HKLM\SOFTWARE\Mozilla\Mozilla Firefox\112.0.1 (x64 en-US)\Main HKLM\SOFTWARE\Mozilla\Mozilla Firefox\112.0.1 (x64 en-US)\Uninstall HKLM\SOFTWARE\Mozilla\NativeMessagingHosts HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.microsoft.defender.browser_extension.native_message_host HKLM\SOFTWARE\mozilla.org HKLM\SOFTWARE\mozilla.org\Mozilla HKLM\SYSTEM\ControlSet001\Services\MozillaMaintenance HKLM\SYSTEM\CurrentControlSet\Services\MozillaMaintenance

Same, but case sensitively:

$ reggie -H HKLM -f "(?-i)mozilla" HKLM\SOFTWARE\mozilla.org HKLM\SOFTWARE\mozilla.org\Mozilla

The regular expression filter, if not given, defaults to "" (which will match everything), and if given, is prepended with "(?i)" to turn off case sensitivity.

See regex crate documentation for more information on how to customize regular expressions.

Benchmark registry searches by specifying the count and time switches:

$ reggie -H HKLM -ct There are 400790 keys in HKLM. Took 2.4652453 seconds 162576 keys/second

Change the number of threads used to search:

``` $ reggie -H HKCR -ct -T 16 There are 122138 keys in HKCR. Took 6.5700107 seconds 18590 keys/second

$ reggie -H HKCR -ct -T 2 There are 176456 keys in HKCR. Took 4.010996 seconds 43993 keys/second

$ reggie -H HKCR -ct -T 1 There are 176485 keys in HKCR. Took 5.0277161 seconds 35102 keys/second ```

HKEY_CLASSES_ROOT seems to be slower than HKLM, despite the fewer number of keys. Additionally, the key counts seem to change a lot. The author blames the lack of their knowledge on what HKEY_CLASSES_ROOT actually holds.

Don't use the threaded backend, which generally has the same performance as setting the number of threads to 1:

``` $ reggie -H HKLM -ct -B v1 There are 400790 keys in HKLM. Took 5.7450432 seconds 69762 keys/second

$ reggie -H HKLM -ct -T 1 There are 400790 keys in HKLM. Took 5.9761852 seconds 67064 keys/second ```

License

See LICENSE.txt, or navigate to https://www.gnu.org/licenses/gpl-3.0.en.html.