REGDELNULL

E:\SysinternalsSuite>RegDelNull64.exe --help

RegDelNull v1.11 - Delete Registry keys with embedded Nulls

Copyright (C) 2005-2016 Mark Russinovich

Sysinternals - www.sysinternals.com

Usage: regdelnull <path> [-s]

  path    Registry path e.g. hklm\software

  -s      Recurse into subkeys

  -y      Suppress prompting for confirmation before deleting null-embedded keys.

  -nobanner

          Do not display the startup banner and copyright message.

Example: regdelnull -s hklm

This command scans all keys under HKLM.

寻找注册表中的空键值并删除之

ru

usage: ru [-c[t]] [-l <levels> | -n | -v] [-q] <absolute path>

usage: ru [-c[t]] [-l <levels> | -n | -v] [-q] -h <hive file> [relative path]

  -c    Print output as CSV. Specify -ct for tab delimiting.

          Specify -nobanner to avoid banner being output to CSV

  -h    Load the specified hive file, perform the size calculation, then

          unload it and compress it.

  -l    Specify subkey depth of information (default is one level).

  -n    Do not recurse.

  -v    Show size of all subkeys.

  -nobanner

          Do not display the startup banner and copyright message.

CSV output is formatted as:

Path,CurrentValueCount,CurrentValueSize,ValueCount,KeyCount,KeySize,WriteTime

E:\SysinternalsSuite>ru -l 1 HKLM -nobanner

  3,180,518  HKLM\DRIVERS

    349,530  HKLM\HARDWARE

      16,281  HKLM\SAM

      16,291  HKLM\SECURITY

把注册表信息以树形可视化的方式列出，也可输出到文件

regjump

regjump.exe HKEY_CURRENT_USER\software\microsoft\windows\currentversion\Explorer\RunMRU

在注册表编辑器中（regedit.exe）打开