lkd> !reg
reg - Registry extensions
kcb - Dump registry key-control-blocks
knode - Dump registry key-node struct
kbody - Dump registry key-body struct
kvalue - Dump registry key-value struct
valuelist - Dumps list of values for a
particular knode
subkeylist - Dumps list of subkeys for a
particular knode
baseblock - Dump the baseblock for the specified hive
seccache - Dump the security cache for the specified
hive
hashindex <conv_key> - Find the hash entry given a Kcb ConvKey
openkeys - Dump the keys opened inside the specified
hive
openhandles - Dump the handles opened inside the specified
hive
findkcb - Find the kcb for the corresponding path
hivelist - Displays the list of the hives in the system
viewlist - Dump the pinned/mapped view list for the
specified hive
freebins - Dump the free bins for the specified hive
freecells - Dump the free cells in the specified bin
dirtyvector - Dump the dirty vector for the specified hive
cellindex - Finds the VA for a specified cell
index
freehints - Dumps freehint info
translist - Displays the list of active transactions in
this RM
uowlist - Displays the list of UoW attached to this
transaction
postblocklist - Displays the list of threads which have 1 or
more postblocks posted
notifylist - Displays the list of notify blocks in the
system
ixlock - Dumps ownership of an intent lock
dumppool [s|r] - Dump registry allocated paged pool
s - Save list of registry pages to temporary file
r - Restore list of registry pages from temp. file
“Praveen Kumar Amritaluru” дÈëÏûÏ¢
news:xxxxx@windbg…
> Hi,
>
> Is it possible to read registry from windbg? If so, can you let me know
> how to do it?
>
> Thanks,
> -Praveen
>
></conv_key>