Read a Windows registry Hive from Linux CLI

Written by James McDonald

July 8, 2024

Just had to find the operating system of a remote computer so I copied the C:\Windows\System32\config\software.sav (the software hive file is locked by the OS so used the .sav instead) file to Ubuntu 2024 Linux and used hivexget to read the “ProductName”

sudo apt-get install libhivex-bin

hivexget ./software.sav 'Microsoft\Windows NT\CurrentVersion'


hivexget ./software.sav 'Microsoft\Windows NT\CurrentVersion'
"SubVersionNumber"=""
"CurrentBuild"="1.511.1 () (Obsolete data - do not use)"
"InstallDate"=dword:00000000
"ProductName"="Microsoft Windows XP"
"RegDone"=""
"RegisteredOrganization"=""
"RegisteredOwner"=""
"SoftwareType"="System"

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…