When launched with any of these it will call the advpack.dll!RegInstallW function passing to it one of the section names (called RegExe or UnregExe respectively) that are defined inside the .inf file embedded directly in the regedit.exe file:<\/p>\n
The extracted .inf file is first saved into a temporary file with a name %Temp%\\RGI<random>.tmp file.<\/p>\n It is then interpreted like any standard .inf file.<\/p>\n One can use these commands to do at least two things:<\/p>\n The Regshot diff from running the regedit \/unregserver command on a test Windows 7 system is shown below:<\/p>\n Regedit.exe accepts two less known command line arguments: regserver unregserver When launched with any of these it will call the advpack.dll!RegInstallW function passing to it one of the section names (called RegExe or UnregExe respectively) that are defined inside the … Continue reading ![\"\"](\"https:\/\/www.hexacorn.com\/blog\/wp-content\/uploads\/2018\/04\/regedit1.png\")
<\/a><\/p>\n\n
----------------------------------\r\nKeys deleted:17\r\n----------------------------------\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.reg\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.reg\\PersistentHandler\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regedit\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regedit\\shell\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regedit\\shell\\open\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regedit\\shell\\open\\command\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\DefaultIcon\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\shell\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\shell\\edit\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\shell\\edit\\command\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\shell\\open\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\shell\\open\\command\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\shell\\print\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\shell\\print\\command\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\ShellEx\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\ShellEx\\{8895b1c6-b41f-4c1c-a562-0d564250836f}\r\n\r\n----------------------------------\r\nValues deleted:14\r\n----------------------------------\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.reg\\PersistentHandler\\: \"{5e941d80-bf96-11cd-b579-08002b30bfeb}\"\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.reg\\: \"regfile\"\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regedit\\shell\\open\\command\\: \"regedit.exe %1\"\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regedit\\: \"Registration Entries\"\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\shell\\edit\\command\\: *%SystemRoot%\system32\notepad.exe \"%1\"*\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\shell\\open\\command\\: \"regedit.exe \"%1\"\"\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\shell\\print\\command\\: *%SystemRoot%\system32\notepad.exe \/p \"%1\"*\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\shell\\open\\: \"Mer&ge\"\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\shell\\open\\MUIVerb: \"@regedit.exe,-310\"\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\ShellEx\\{8895b1c6-b41f-4c1c-a562-0d564250836f}\\: \"{1531d583-8375-4d3f-b5fb-d23bbd169f22}\"\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\DefaultIcon\\: \"regedit.exe,1\"\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\EditFlags: 0x00100000\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\: \"Registration Entries\"\r\nHKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\regfile\\FriendlyTypeName: \"@regedit.exe,-309\"\r\n\r\n\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"