RegXML

From ForensicsWiki
Revision as of 00:54, 24 November 2009 by Simsong (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

RegXML is a Windows command-line utility that exports sections of the Windows Registry as XML-formatted files.

Sample XML

<?xml version="1.0"?>
<Registry>
	<Key Name="HKEY_CURRENT_USER">
		<Key Class="" Name="Console">
			<Value Name="ColorTable00" Type="REG_DWORD" Value="0" />
			<Value Name="ColorTable01" Type="REG_DWORD" Value="8388608" />
			<Value Name="ColorTable02" Type="REG_DWORD" Value="32768" />
			<Value Name="ColorTable03" Type="REG_DWORD" Value="8421376" />
			<Value Name="ColorTable04" Type="REG_DWORD" Value="128" />
			<Value Name="ColorTable05" Type="REG_DWORD" Value="8388736" />
			<Value Name="ColorTable06" Type="REG_DWORD" Value="32896" />
			<Value Name="ColorTable07" Type="REG_DWORD" Value="12632256" />
			<Value Name="ColorTable08" Type="REG_DWORD" Value="8421504" />
			<Value Name="ColorTable09" Type="REG_DWORD" Value="16711680" />
			<Value Name="ColorTable10" Type="REG_DWORD" Value="65280" />
			<Value Name="ColorTable11" Type="REG_DWORD" Value="16776960" />
			<Value Name="ColorTable12" Type="REG_DWORD" Value="255" />
			<Value Name="ColorTable13" Type="REG_DWORD" Value="16711935" />
			<Value Name="ColorTable14" Type="REG_DWORD" Value="65535" />
			<Value Name="ColorTable15" Type="REG_DWORD" Value="16777215" />
			<Value Name="CursorSize" Type="REG_DWORD" Value="25" />
			<Value Name="EnableColorSelection" Type="REG_DWORD" Value="0" />
			<Value Name="ExtendedEditKey" Type="REG_DWORD" Value="0" />
			<Value Name="ExtendedEditKeyCustom" Type="REG_DWORD" Value="0" />
			<Value Name="FontFamily" Type="REG_DWORD" Value="0" />
			<Value Name="FontSize" Type="REG_DWORD" Value="0" />
			<Value Name="FontWeight" Type="REG_DWORD" Value="0" />
			<Value Name="FullScreen" Type="REG_DWORD" Value="0" />
			<Value Name="HistoryBufferSize" Type="REG_DWORD" Value="50" />
			<Value Name="HistoryNoDup" Type="REG_DWORD" Value="0" />
			<Value Name="InsertMode" Type="REG_DWORD" Value="1" />
			<Value Name="LoadConIme" Type="REG_DWORD" Value="1" />
			<Value Name="NumberOfHistoryBuffers" Type="REG_DWORD" Value="4" />
			<Value Name="PopupColors" Type="REG_DWORD" Value="245" />
			<Value Name="QuickEdit" Type="REG_DWORD" Value="0" />
			<Value Name="ScreenBufferSize" Type="REG_DWORD" Value="19660880" />
			<Value Name="ScreenColors" Type="REG_DWORD" Value="7" />
			<Value Name="TrimLeadingZeros" Type="REG_DWORD" Value="0" />
			<Value Name="WindowSize" Type="REG_DWORD" Value="1638480" />
			<Value Name="WordDelimiters" Type="REG_DWORD" Value="0" />
		</Key>
	</Key>
</Registry>


See Also