Read Windows Registry / BCD files in macOS

One of the surprisingly challenging tasks when working with Bootcamp partition is finding a consistent way to find the version of Windows that has been installed.  Applications running in Windows can look up this value in the registry, but apps running in macOS don’t have that ability.  However, I recently have been using the hivex open source project to read registry files from macOS.  I created a simple command line tool that you pass the file path to the Windows registry file on the Bootcamp partition and the path to a key and the value you want.  For example, here is how I grab the version of Windows from the Software node:

./registry_lookup /Volumes/Untitled/Windows/System32/config/SOFTWARE “Microsoft/Windows NT/CurrentVersion” “ProductName”

and out comes the value:

Windows 10 Pro

The code is pretty simple when using the hivex project.  Here is the part that looks up a value in the registry:

value=hivex_node_get_value (h, currNode, key);
char *product_name=hivex_value_string (h, value);

Pretty cool!  It also means Winclone will have to prompt less since figuring out the version will be very deterministic.