reglookup - Windows NT registry reader/lookup tool

Distribution: Fedora 25
Repository: CERT Forensics Tools i386
Package name: reglookup
Package version: 1.0.1
Package release: 2.fc25
Package architecture: i686
Package type: rpm
Installed size: 454.87 KB
Download size: 137.49 KB
Official Mirror:
RegLookup project is an small command line utility for reading and querying Windows NT/2K/XP registries. Currently the program allows one to read an entire registry and output it in a (mostly) standardized, quoted format. It also provides features for filtering of results based on registry path and data type.



  • python2.7dist(pyregfi) =
  • python2dist(pyregfi) =
  • reglookup = 1.0.1-2.fc25
  • reglookup(x86-32) = 1.0.1-2.fc25


    Install Howto

    1. Download cert-forensics-tools-release-25 rpm:
    2. Install cert-forensics-tools-release-25 rpm:
      # rpm -Uvh cert-forensics-tools-release*rpm
    3. Install reglookup rpm package:
      # dnf --enablerepo=forensics install reglookup


    • /usr/bin/reglookup
    • /usr/bin/reglookup-recover
    • /usr/bin/reglookup-timeline
    • /usr/include/regfi/byteorder.h
    • /usr/include/regfi/compat.h
    • /usr/include/regfi/lru_cache.h
    • /usr/include/regfi/range_list.h
    • /usr/include/regfi/regfi.h
    • /usr/include/regfi/void_stack.h
    • /usr/include/regfi/winsec.h
    • /usr/lib/libregfi.a
    • /usr/lib/
    • /usr/lib/python2.7/site-packages/pyregfi-
    • /usr/lib/python2.7/site-packages/pyregfi/
    • /usr/lib/python2.7/site-packages/pyregfi/__init__.pyc
    • /usr/lib/python2.7/site-packages/pyregfi/__init__.pyo
    • /usr/lib/python2.7/site-packages/pyregfi/
    • /usr/lib/python2.7/site-packages/pyregfi/structures.pyc
    • /usr/lib/python2.7/site-packages/pyregfi/structures.pyo
    • /usr/lib/python2.7/site-packages/pyregfi/
    • /usr/lib/python2.7/site-packages/pyregfi/winsec.pyc
    • /usr/lib/python2.7/site-packages/pyregfi/winsec.pyo
    • /usr/share/doc/reglookup/INSTALL
    • /usr/share/doc/reglookup/LICENSE
    • /usr/share/man/man1/reglookup-recover.1.gz
    • /usr/share/man/man1/reglookup-timeline.1.gz
    • /usr/share/man/man1/reglookup.1.gz


    2012-03-12 - Lawrence R. Rogers <> 1.0.1-2 * Release 1.0.1-2 Patch 278: fix for pyregfi install Patch 277: incorporated a version of Adam Golebiowski's build patches reworked REGFI_VERSION and began using it in pyregfi installation Patch 276: added 1.0.1 target

    2011-10-02 - Lawrence R. Rogers <> 1.0.1-1 * Release 1.0.1-1 This bug-fix release addresses some issues identified since the last release and includes no significant changes to functionality. Fixes include: Minor changes and fixes to unicode handling in pyregfi Corrected an infinite loop on corrupted registries discovered by Andrew Case Added ldconfig call during installation Improved error reporting and other minor fixes

    2011-09-20 - Lawrence R. Rogers <> 1.0.0-2 * Release 1.0.0-2 Rebuilt to use python 2.7

    2011-06-19 - Lawrence R. Rogers <> 1.0.0-1 * Release 1.0.0-1 This major release stablizes the previous release candidate and adds minor improvements, including: SK records and security descriptors now accessible in pyregfi Added key caching to regfi, reintroduced SK caching Minor API simplifications and improved documentation Numerous bug fixes

    2011-05-01 - Lawrence R. Rogers <> 0.99.0-1 * Release 0.99.0-1 This 1.0 release candidate contains major improvements to regfi usability. Important changes include: Made regfi a proper library and made major improvements to the API Added Python bindings (pyregfi) for regfi Replaced Make-based build system with a SCons-based one Numerous improvements in regfi for multithreaded use, memory management Improved API documentation