Windows Registry binary files comparison Tool.
On the Left panel we can find 4 main buttons that are
What it does it is to open a Windows Registry Hive binary Files located on C:\Windows\System32\Config i.e System, Software from a Windows PC or VM
You can find this files from differente sources (IaaS Disk report) or tools like https://github.com/Azure/azure-diskinspect-service or the new VM Inspector (https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/vm-inspector-azure-virtual-machines)
When selected it's going to ask for a File path
If selected for example in the previous image you can find the Key Entry call Control if you press B you are going to go to BackupRestore key so it's going to look in the subkeys
As well you can use the mouse to move in the Registry Tree explorer
As well you can go to an specific registry with the path
Just type the Registry key path that you want to go and Press the Blue arrow button
For example in Regedit on windows a path looks like this
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp
Registry Toolbox uses paths like this, please see that the HKLM\System it's not in the path as this File is a System hive so only contains the subcontents so the Paths needs to remove the HLM\System and HLM\Software if this files are loaded
Example of a Valid path ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp
Please Select the second option on the left panel call Load hives
When the 2 files are loaded you are going to see the tool like this
You can customize the name of the registry for example on the left i wrote Working and on the right Not Working.
As well you can see the file path open
Example C:\temp\DemoRegToolbox\SystemBefore Remember Windows Registries files have no extension on the names
Press to customize the Title color of the panel example in this case was red selected to show Not working
When two registries opened if you click on the Button COMPARE KEYS
You are going to see that the Registry Toolbox it's going to show on the registry Tree on Red in bold text the keys that have differences
If you click in SETUP in this example you can see
- On the top you can see the registry tree differences
- If you open the Setup key you can see it contains differences on the key values SystemPartition and Respecialize
Red: Means that the value is different between registries Light blue: means that the value it is on a registry but not in the other in this example
respecialize Its on the registry on the left but not in the right.
CONGRATULATIONS You can now find differences on your Windows Registry data.
TIP If you are comparing a value on the left and you want to see the same value on the right please press MATCH PATH button this will set the values of the Registry Path equally to the same place
- Export .REG (Experimental)
On the left registry or with one registry loaded click on the Registry tree and then select export, this is going to export the registry to .REG format
- Compare .Reg (it requires VSCODE installed)
It going to ask to open 2 .reg files and will open VS Code in comparaison mode.