The Load Hive… and Unload Hive… commands were first introduced to Regedit.exe
with the release of Windows XP and are also present in Regedit.exe version included
with the products of the Windows Server 2003 family. We saw above that these represent
the same functionality that was provided by the similarly named commands present in the
older application, Regedt32.exe. These commands allow you to load registry files
previously exported from the registry and saved in the registry hive format, or unload
registry hives, respectively. Note that only those registry keys that actually represent
physical hives can be saved in the registry hive format (a complete list of registry hives
was provided in Chapter 1
). Furthermore, the Load Hive… and Unload Hive…
commands are only applicable to the HKEY_USERS and HKEY_LOCAL_MACHINE
keys. Therefore, these commands will be available only if one of these registry keys is
selected. In all other cases, the commands will be grayed and unavailable. The hive that
you have loaded in the registry becomes one of the subkeys under the root keys
mentioned above.
To load a registry hive, proceed as follows:
1. Select the HKEY_USERS or HKEY_LOCAL_MACHINE registry key to activate
the appropriate menu command.
2. Select the Load Hive… command from the File menu. The Load Hive window
will open, allowing you to select the previously exported registry hive. Select the
required hive file and click Open.
3. Enter the name that will be used for the newly loaded hive (Fig. 3.5
). This name
will be used for the new subkey that will appear in the registry after you load the
hive (Fig. 3.6
). Now you are able to edit the loaded registry hive to carry out the
required modifications.

Figure 3.5: Loading a registry hive

Figure 3.6: The newly loaded copy of the SYSTEM hive (SYS_COPY) now


Note To be able to carry out this procedure, you need to log on to the local system as the
Administrator or a user belonging to the Administrators group. If your computer is
part of a network, network security policy will also influence your ability to
perform this operation.
To disconnect the remote registry, use the Disconnect Network Registry… command. If
you are not currently part of a network, this command will be unavailable.
You can use the Print… command from the File menu to print the whole registry or only
a part it. The ability to print a selected branch of the registry is a convenient alternative.
Use the Exit command to close the Registry Editor window and terminate the registry-
editing session.
The Edit Menu Commands
The Edit menu contains commands that allow you to find and modify registry entries:

Modify

Modify Binary Data

New

Permissions

Delete

Rename

Copy Key Name

Find


the <Del> key. To rename the value entry, right-click it, select the Rename command,
and enter the new name.

Note Deletion of registry keys and value entries using the Regedit.exe utility is
irreversible. Regedit.exe has no Undo command. Because of this, you should be
very careful when deleting keys and value entries. Windows will display a warning
message prompting you to confirm your intention to delete the registry entry. After
you confirm it, it will be impossible to cancel the operation.
The Copy Key Name command allows you to copy the selected key name to the
clipboard. Later, you can paste the copied key name using the Paste command present in
any text editor. Remember that the registry is a hierarchical database and the path to the
registry entry you need may be very long and difficult to memorize. Because of this,
many users appreciate this feature. The Copy Key Name command is easy to use in
combination with other commands such as Find and Find Next; you may use it for
various purposes, including registry editing and inserting key names into the text.
Commands such as Find/Find Next are used for searching registry keys and value
entries. When you select the Find command from the Edit menu, the Find dialog opens,
allowing you to describe the key, value entry, or its data (Fig. 3.9
). You can search for
keys, value entries or data in any combination. The values to search for can be both text
and numeric.

Figure 3.9: The Find dialog
To find the registry entry you need, enter the value to be searched into the Find what
field. You can also restrict the search range by selecting one of the following options
listed in the Look at group: