简介：命令行下注册表查询工具,像用DOS命令一样方便.
http://samba.vernstok.nl/4.0/htmldocs/regshell.1.html

使用简介：

Name
regshell — Windows registry file browser using readline

Synopsis
regshell [--help] [--backend=BACKEND] [--credentials=CREDENTIALS] [location]

DESCRIPTION
regshell is a utility that lets you browse thru a Windows registry file as if you were using a regular unix shell to browse thru a file system.

OPTIONS
--help
Show list of available options.

--backend BACKEND
Name of backend to load. Possible values are: w95, nt4, gconf, dir and rpc. The default is dir.

--credentials=CREDENTIALS
Credentials to use, if any. Password should be separated from user name by a percent sign.

COMMANDS
ck|cd <keyname>
Go to the specified subkey.

ch|hive [hivename]
Go to the specified hive. If no hive is specified, lists all available hives.

list|ls
List subkeys and values of the current key.

mkkey|mkdir <keyname>
Create a key with the specified keyname as a subkey of the current key.

rmval|rm <valname>
Delete the specified value.

rmkey|rmdir <keyname>
Delete the specified subkey recursively.

pwd|pwk
Print the full name of the current key.

set|update
Update the value of a key value. Not implemented at the moment.

help|?
Print a list of available commands.

exit|quit
Leave regshell.

BACKENDS
rpc
Connect to a remote host using the specified credentials (username and password separated by a percent sign). The host name should be specified as a DCERPC binding string (in most cases: ncacn_np:hostname).

nt4
Load the specified NT4 registry file (such as NTUSER.DAT).

w95
Load the specified Windows '95 Registry file (such as USER.DAT).

gconf
Map the current users' gconf database to a registry.

dir
Map the specified directory to a registry (dirs become keys, files become values).

EXAMPLES
Browsing thru a nt4 registry file

regshell -b nt4 NTUSER.DAT
$$$PROTO.HIV> ls
K AppEvents
K Console
K Control Panel
K Environment
K Identities
K Keyboard Layout
K Network
K Printers
K Software
K UNICODE Program Groups
K Windows 3.1 Migration Status
$$$PROTO.HIV> exit

Listing the subkeys of HKEY_CURRENT_USER\AppEvents on a remote computer:

regshell -b rpc -c "jelmer%secret" ncacn_np:aurelia
HKEY_CURRENT_MACHINE> hive HKEY_CURRENT_USER
HKEY_CURRENT_USER> cd AppEvents
Current path is: HKEY_CURRENT_USER\AppEvents
HKEY_CURRENT_USER\AppEvents> ls
K EventLabels
K Schemes
HKEY_CURRENT_USER\AppEvents> exit

VERSION
This man page is correct for version 4.0 of the Samba suite.

SEE ALSO
regtree, regdiff, regpatch, gregedit, samba

AUTHOR
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

This manpage and regshell were written by Jelmer Vernooij.