Skip to content

RuBublik/RegMkLink

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
images
images
 
 
regmklink
regmklink
 
 
.gitignore
.gitignore
 
 
Readme.md
Readme.md
 
 

Repository files navigation

regmklink

Overview

regmklink is a command-line utility designed to create and delete symbolic links within the Windows Registry.

I developed this tool while conducting related research and experimenting with registry after discovering that Pavel Yosifovich's regeditx.exe tool, which he mentioned in his Creating Registry Links article, had been removed from his AllTools repository.

This tool is very basic. Feel free to suggest or changes or improve it if you have ideas (-;

Usage

regmklink.exe <Hive> <Link> [<Target>|-d]
  • <Hive>: The registry hive (e.g., HKLM).
  • <Link>: The native registry path of the symbolic link to create or delete.
  • <Target>: The native registry path of the target key.
  • -d: Deletes the specified symbolic link.

Note: <Link> requires the native registry path. To inspect the native path to your key, you can use the TotalReg tool by Pavel Yosifovich.

Examples

Create a Symbolic Link

regmklink.exe HKLM "\REGISTRY\MACHINE\SOFTWARE\MySymLink" "\REGISTRY\MACHINE\SOFTWARE\TargetKey"

Delete a Symbolic Link

regmklink.exe HKLM "\REGISTRY\MACHINE\SOFTWARE\MySymLink" -d

Short Technical Summary

Registry symbolic links are keys that point to other keys within the same hive.

The native windows registry editor actually does not show any visible distinction between regular keys and link keys. A common example for such symlink is - HKEY_LOCAL_MACHINE\System\CurrentControlSet, which links to HKEY_LOCAL_MACHINE\System\ControlSet001 (usually).

In contrast to regedit.exe, see how this same key is seen in TotalReg.exe (-: TotalReg.exe

Creating a Registry Link

  1. When created a key using RegCreateKeyEx, this flag should be used: REG_OPTION_CREATE_LINK - specifying that the key is intended to function as a link rather than a standard key.
  2. Under the new "link" key, what actually points to the target key is a REG_LINK value named SymbolicLinkValue. (*path to the target key must be mentioned as native/absolute).

Deleting a Registry Link

Note that deleting link keys is a bit more complicated than creating ones, since this requires using the native NtDeleteKey function, which has to be dynamically resolved from ntdll.dll. The standard variations of RegDeleteKey would follow the link delete the target (-:

** For more details, refer to Pavel Yosifovich's article linked above.

About

A command-line utility designed to create and delete symbolic links within the Windows Registry.

scorpiosoftware.net/2020/07/17/creating-registry-links/

Resources

Readme
Activity

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages