EncryptedRegView reveals encrypted Registry data
EncryptedRegView is a free portable program for Microsoft Windows operating systems that reveals encrypted data in the Registry.
The program is another Nirsoft application which means that you can run it from any location without installation. All you need to do is download the archive -- a version for 32-bit and 64-bit versions of Windows is provided -- and extract it afterwards to the local system.
You may use the program to scan the local Registry for encrypted data, or point it to a Registry file in another location instead.
EncryptedRegView scans the Registry based on your selection on the start screen and displays any data that is encrypted with the Data Protection API (DPAPI). This API is used by Microsoft and third-party software.
The scan takes a moment to complete and displays the data sorted by Registry key path by default. You can change the order with a click on any of the table headers, for instance by decrypted value, decryption result or hash algorithm.
A click on an entry lists the decrypted information in the lower pane. You may go through any to reveal names, web addresses, email addresses, location information, passwords and other data this way.
You will get "failed" entries by default. The program is run without elevation by default which means that any data that is system protected may not be decrypted. A right-click on the program executable and selecting run as administrator should resolve this issue.
As far as options are concerned, you may use search functionality to find keywords that you enter, save selected items to several different formats (txt, csv, xml), or generate HTML reports.
You may load Registry files as well as mentioned earlier. The program displays a dialog on start, also available via Options > Advanced Options, that provides you with these loading options.
Simply switch to "scan the Registry of an external drive" to enable it, and pick one of the available files that EncryptedRegView supports:
- Registry Hives Folder
- User Registry File
- User Classes Registry File
- Protect Folders
You may also select a root folder instead to have the program pick up the relevant Registry files automatically. Also, you may need to supply a Windows login password for the decryption process to complete successfully.
EncryptedRegView is one of those handy Nirsoft applications that you may have use for every now and then. Since it is portable and can be run from any location, it is a good addition to any troubleshooting or tools collection.
There is also a normal registry search tool from NirSoft (regscanner) that is a lot better than the Windows search.
And you have to be aware, that windows saves some data in rot13.
Another great peace of software form Nir Sofer.
I use many applications from this man. Lightweight, but powerful.
So, Nirsoft is a single man ?!? o_O
I always thought it was a team…
This guy is so skilled and genius !
@ Marcin –
From the NirSoft about page: (quote)NirSoft is a Web site of one man. In NirSoft, there is no CTO or CEO, there is no secretary, there is no development team, and there are no rented offices. The entire Web site and all the utilities that you can find here were developed by me, and only by me.(/quote)
Cool site. Cool guy. Nice tools.
I get a “Forbidden” and a 404 error when I click on either of the download links.
What AV/Security software do you use?
Those that go ballistic on cookies and ‘PUPs’ might be blocking the site.
Security software don’t like Nirsoft. Many, many false positivies.
That’s not it. I can download other software from Nirsoft with no problem.
It must be Firefox that prevents me from downloading the application, because I can download it with Opera and Pale Moon.
Ah – update Firefox – there was a similar problem asked about several days ago on Majorgeeks forum!
i always loved nir sofers tools. useful, small and no installation needed.
When the X64 version starts running on my system, the advanced options screen is permitted that allows you to run as administrator, enter windows password and so on. None of these possibilities are live for me. All are grey out and I can’t type anything in.
Even after running the program and trying to access advance options through the menus, all the options are locked to me.
Well yes I agree that Nirsoft stuff is original, well conceived, & generally appealing to the more tech savy.
For the mere mortals amongst us things are not so rosey.
This latest release for example has no explanation for it’s existence.
Why/when would you use it?
How would you interpret the results?
How would you validate the results?
And finally if it’s a problem for many Av’s as suggested here, is it worth the bother?