Currently 'hivexget' is a very clumsy command line tool which only lets you display a single registry key in a hive file, for example: $ hivexget SOFTWARE '\Microsoft\Windows\TabletPC\TabSetup\' "TabletSetup"=dword:00000000" This is inflexible and got really annoying as I was trying to explore these hive files in preparation for adding write support to hivex. The first patch implements a simple interactive shell which allows you to 'cd' around a hive and list out values and subkeys. For example: $ ./hivex/hivexsh SOFTWARE Welcome to hivexsh, the hivex interactive shell for examining Windows Registry binary hive files. Type: 'help' for help summary 'quit' to quit the shell SOFTWARE\> ls ATI Technologies Classes Clients Intel Microsoft ODBC Policies RegisteredApplications Sonic Wow6432Node SOFTWARE\> cd \Microsoft\Windows\TabletPC\TabSetup SOFTWARE\Microsoft\Windows\TabletPC\TabSetup> ls SOFTWARE\Microsoft\Windows\TabletPC\TabSetup> lsval "TabletSetup"=dword:00000000" SOFTWARE\Microsoft\Windows\TabletPC\TabSetup> cd .. SOFTWARE\Microsoft\Windows\TabletPC> ls Snipping Tool TabSetup The (later) write part will enhance this shell to allow hive modifications, but these patches do not contain that change yet. The second patch removes the old C-based hivexget and replaces it with a simple shell script based around hivexsh. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://et.redhat.com/~rjones/virt-df/