2011-10-01 - Version 1.0.1 Released

This bug-fix release addresses some issues identified since the last release and includes no significant changes to functionality. Fixes include:

• Minor changes and fixes to unicode handling in pyregfi
• Corrected an infinite loop on corrupted registries discovered by Andrew Case
• Added ldconfig call during installation
• Improved error reporting and other minor fixes

2011-06-19 - Version 1.0.0 Released

This major release stablizes the previous release candidate and adds minor improvements, including:

• SK records and security descriptors now accessible in pyregfi
• Added key caching to regfi, reintroduced SK caching
• Minor API simplifications and improved documentation
• Numerous bug fixes

2011-05-01 - Version 0.99.0 Released

This 1.0 release candidate contains major improvements to regfi usability.
Important changes include:

• Made regfi a proper library and made major improvements to the API
• Added Python bindings (pyregfi) for regfi
• Replaced Make-based build system with a SCons-based one
• Numerous improvements in regfi for multithreaded use, memory management
• Improved API documentation

2010-03-08 - Version 0.12.0 Released

This release contains some additional functionality, numerous bug fixes, and additional documentation. Important changes include:

• Improved big data support
• Added big data support to reglookup-recover
• Added -i option to reglookup to assist timeline generation (thanks to Tobias Mueller)
• Improved unicode support by correctly interpreting UTF-16LE key and value names
• Moved data type interpretation into regfi and reorganized the regfi library interface
• Improved regfi documentation and added doxygen formatting (preliminary API reference)

2009-06-03 - Version 0.11.0 Released

This release contains some additional functionality and a few bug fixes. Important changes include:

• Experimental support for "big data" records.
• Experimental support cross-compiling to Windows using MinGW.
• Correctly handle known key flags.
• Overhauled memory allocation by switching to talloc. Many memory leaks fixed.
• Improved recovery rate in reglookup-recover with more modular parsing of deleted structures.
• Fixed minor NULL pointer dereferences.

2009-02-09 - Version 0.10.0 Released

This release contains some additional functionality and numerous bug fixes. Important changes include:

• Added support for key class names which store the Windows syskey secret. (These are printed when security descriptor output is enabled.)
• Implemented multi-level subkey list parsing.
• Improved compatibility with Vista.
• Rewrote security descriptor parsing routines and eliminated much legacy code.
• Improved error reporting in regfi library with configurable verbosity.
• Several important bug fixes.

2008-08-09 - Version 0.9.0 Released

This release is a major update, including:

• Greatly increased speed through a rewrite of the underlying regfi library.
• Added a new tool, reglookup-recover, which attempts to recover deleted keys, values, and other data structures from unallocated registry hive areas. More information on how this algorithm works will be presented at DFRWS 2008 and will be available here shortly. (NOTE: This tool is currently considered unstable.)
• Improved data validation for more secure operation.
• Expanded regfi library interface to allow more direct access to data structures.
• Fixed several output bugs and a path/type filtering bug.
• License updated to GPLv3.

2007-03-28 - Version 0.4.0 Released

This release contains some additional functionality and numerous bug fixes. Important changes include:

• Vastly improved interaction with underlying registry library with new API.
• Improved parsing of ACLs.
• Fixed possible security problem.
• Eliminated many memory leaks.
• NOTE: API changes may cause slowdown in this release, but future versions can be made faster.

2006-08-04 - Version 0.3.0 Released

This release contains some additional functionality and numerous bug fixes. Important changes include:

• Added new script, reglookup-timeline, which builds timelines based on key mtimes.
• Added support for NONE, LINK, and QWORD value types.
• Improved UTF-16 decoding.
• Additional detailed warnings for broken registry values.
• Minor speedups and fixed memory leaks.

2005-10-02 - Version 0.2.2 Released

This release contains two minor bug fixes. No significant feature changes. Important changes include:

• Fixed endian and other output issues with DWORDs
• Added overlooked DWORD_BE (big-endian) support

2005-09-04 - Version 0.2.1 Released

This release contains some major bugfixes and some minor ones. No significant feature changes. Important changes include:

• Fix for double free bug
• Misc. output bugs
• Verbose flag now prints useful information at the beginning

2005-08-07 - Version 0.2 Released

This version boasts a complete rewrite. Code is now based on the updated library, regfio, from the Samba project. Important changes include:

• Fixes for registry parsing problems
• Significant updates to command line options and output
• Addition of registry key modification times

2005-07-08 - Version 0.1.2 Released

Another bugfix release. In particular, the installation for *BSD users should be less painful. Also, the man page should actually install now. Whoops.

There's still some nasty bugs which causes the parsing of some registries to fail. I have a feeling it isn't an easy one to fix. I have looked back to the Samba Subversion tree for info, and found that the entire registry codebase has been re-written from the ground up by Gerald (Jerry) Carter, since I branched from the project. The new code is much cleaner, and based on the commit comments, it appears the issue I am having has been fixed. For this reason, I'll probably re-write all of RegLookup to use this new library. Stay tuned.

2005-06-19 - Mailing List Operational

Please read the instructions before use, and report any problems to the list owner. No published archive of the list is available at this time.

2005-06-07 - Version 0.1.1 Released

It isn't much of an update, but it does make the package a little easier to install. No feature changes.

2005-06-04 - Version 0.1 Released

It's really rough, but you may find it useful even at this stage. A bugfix release is on the way.

2005-05-28 - Project Website Posted

Got the site up. Still need to set up a mailing list, and make a release.