27

Because the Windows registry is a hierarchy, the way regedit is laid out makes typical searches inefficient and slow.

Typically, when performing a search in regedit, you highlight the first line ('Computer') and then perform the search. But since some of the branches shown are really subbranches, certain large sections of the registry are searched more than once when this common strategy is used.

Thus, this typical method is not efficient due to some branches of the registry being searched more than one time.

Given that the standard technique is inefficient, what is a simple and fast strategy to fully search the registry, preferably using regedit?

Amazon Dies In Darkness
  • 9,990

5 Answers5

10

I would recommend the little and powerful tool RegScanner by Nirsoft.

Amazon Dies In Darkness
  • 9,990
David.P
  • 683
8

Faster, and dumps all results so you can go through the whole list without hitting next a hundred times. Also free since it is a powershell script:

https://github.com/KurtDeGreeff/PlayPowershell/blob/master/Search-Registry.ps1

Search-Registry.ps1 improves on regedit's Find feature in four ways:

  • The script searches by using regular expressions.
  • It can search the registry on remote computers.
  • It can limit the number of returned search results.
  • It outputs objects than can be filtered, sorted, exported to comma-separated value (CSV) files, and so on.
# Download script
curl https://raw.githubusercontent.com/KurtDeGreeff/PlayPowershell/master/Search-Registry.ps1 -OutFile Search-Registry.ps1

View docs


Get-Help .\Search-Registry.ps1


Simple example (search HKEY_CURRENT_USER for values with data containing "powershell")


.\Search-Registry -StartKey HKCU -Pattern "PowerShell" -MatchData
mwfearnley
  • 7,889
glallen
  • 2,244
6

1. Summary

Registry Finder I use Registry Finder to search the Windows registry.

2. Disclaimer

This answer is relevant for September 2019. In the future, its data may be outdated.

3. Features

  1. Fully free
  2. Actively maintained as of 2019
  3. Powerful
  4. Works for Windows XP and above

4. Speed

From official documentation:

Fast, non blocking search.

The Find operation is efficient and quick. All found items are displayed in a separate window as a list. Each line represents a single match with the search criteria. The icon shows where the match occurred: key name, value name or value data. Matched text is highlighted with red.

For example, I tried to search keys, values and data uTorrent in entire registry.

Registry Finder

Time — 37.4 seconds for ~500000 registry keys. That's speed enough for me.

5. Additional links

Amazon Dies In Darkness
  • 9,990
Саша Черных
  • 914
5

There's a very easy solution: start search in RegEdit when HKEY_LOCAL_MACHINE branch is focused on the left pane. This way you'll skip HKEY_CLASSES_ROOT and HKEY_CURRENT_USER branches, and you don't need them because HKEY_CLASSES_ROOT is actually a subkey of HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER is a subkey of HKEY_USERS.

Davie Ant
  • 69
1

There is a Software called RegEditX which is pretty fast: https://www.dcsoft.com/products/regeditx/

If you want a free Version search for the old v2.0, but 9.95$ isn't very much.

Amazon Dies In Darkness
  • 9,990
bejonwe
  • 124