The !dreg extension displays registry information.
!dreg [-d|-w] KeyPath[!Value] !dreg
Causes binary values to be displayed as DWORDs.
Causes binary values to be displayed as WORDs.
Specifies the registry key path. It can begin with any of the following abbreviations:
If no abbreviation is used, HKEY_LOCAL_MACHINE is assumed.
Specifies the name of the registry value to be displayed. If an asterisk (*) is used, all values are displayed. If Value is omitted, all subkeys are displayed.
Windows XP and later
For information about the registry, see the Windows Driver Kit (WDK) documentation and Microsoft Windows Internals by Mark Russinovich and David Solomon. (These resources may not be available in some languages and countries.)
The !dreg extension can be used to display the registry during user-mode debugging.
It is most useful during remote debugging, as it allows you to browse the registry of the remote machine. It is also useful when controlling the user-mode debugger from the kernel debugger, because you cannot run a standard registry editor on the target machine when it is frozen. (You can use the .sleep command for this purpose as well. See Controlling the User-Mode Debugger from the Kernel Debugger for details.)
It is also useful when debugging locally, as the information is presented in an easily readable format.
If !dreg is used during kernel-mode debugging, the results shown will be for the host computer, and not the target computer. To display raw registry information for the target computer, use the !reg extension instead.
Here are some examples. The following will display all subkeys of the specified registry key:
The following will display all values in the specified registry key:
The following will display the value Start in the specified registry key:
Typing !dreg without any arguments will display some brief Help text for this extension in the Debugger Command window.
Build date: 11/16/2013