libguestfs-tools套件提供了一個(gè)基于QEMU的磁盤映像去查找這個(gè)磁盤映像中安裝的Windows操作系統(tǒng)的具體注冊(cè)表信息，甚至是進(jìn)行改動(dòng)（當(dāng)然不安全，目前可能不成熟，可能損壞映像文件）。

這個(gè)套件目前我只在centos和redhat的虛擬化環(huán)境中找到了，具體安裝方法很簡(jiǎn)單：

復(fù)制代碼 代碼如下:

yum install libguestfs libguestfs-tools libguestfs-winsupport

安裝完成之后，使用virt-win-reg既可以對(duì)已經(jīng)安裝操作系統(tǒng)的虛擬機(jī)映像文件進(jìn)行注冊(cè)表的讀取操作,不過(guò)要注意的是目前只推薦在虛擬機(jī)停止?fàn)顟B(tài)下獲取注冊(cè)表的信息，如果在啟動(dòng)模式下獲取注冊(cè)表或者修改注冊(cè)表信息都可能導(dǎo)致虛擬機(jī)映像文件損壞。

具體使用方法如下：

復(fù)制代碼 代碼如下:

virt-win-reg win9-clone 'HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Uninstall'

其中win9-clone是虛擬機(jī)的名字，可以通過(guò)libvirt的virsh list –all命令查詢得出，不過(guò)一定確保虛擬機(jī)已經(jīng)是停止的狀態(tài)，否則可能造成磁盤損壞。

上面的命令最終執(zhí)行的結(jié)果如下：

復(fù)制代碼 代碼如下:

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall]

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/AddressBook] @=hex(1):00,00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Branding] "QuietUninstallString"=hex(1):52,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,20,00,49,00,65,00,64,00,6b,00,43,00,53,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,42,00,72,00,61,00,6e,00,64,00,43,00,6c,00,65,00,61,00,6e,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,53,00,74,00,75,00,62,00,73,00,00,00 "RequiresIESysFile"=hex(1):31,00,30,00,30,00,2e,00,30,00,00,00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Connection Manager] "SystemComponent"=dword:00000001

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/DXM_Runtime]

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/DirectAnimation] @=hex(1):00,00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/DirectDrawEx] @=hex(1):00,00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Fontcore] @=hex(1):00,00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/ICW] @=hex(1):00,00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/IE40] @=hex(1):00,00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/IE4Data] @=hex(1):00,00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/IE5BAKEX] @=hex(1):00,00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/IEData] @=hex(1):00,00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/MPlayer2]

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/MobileOptionPack] @=hex(1):00,00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/NetMeeting] "RequiresIESysFile"=hex(1):34,00,2e,00,37,00,31,00,00,00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/OutlookExpress] @=hex(1):00,00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/PCHealth] "QuietUninstallString"=hex(1):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,73,00,65,00,74,00,75,00,70,00,61,00,70,00,69,00,2e,00,64,00,6c,00,6c,00,2c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,48,00,69,00,6e,00,66,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,20,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,55,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,31,00,33,00,32,00,20,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,49,00,4e,00,46,00,5c,00,50,00,43,00,48,00,65,00,61,00,6c,00,74,00,68,00,2e,00,69,00,6e,00,66,00,00,00 "UninstallString"=hex(1):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,73,00,65,00,74,00,75,00,70,00,61,00,70,00,69,00,2e,00,64,00,6c,00,6c,00,2c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,48,00,69,00,6e,00,66,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,20,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,55,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,31,00,33,00,32,00,20,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,49,00,4e,00,46,00,5c,00,50,00,43,00,48,00,65,00,61,00,6c,00,74,00,68,00,2e,00,69,00,6e,00,66,00,00,00

[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/SchedulingAgent] @=hex(1):00,00

該命令的其他用法可以使用man virt-win-reg獲取相關(guān)幫助信息，用法還是很多的哦