Written in standard C/C++ with no dependencies on the Windows registry API functions, ‘yaru’ is a free experimental registry viewer. The idea behind it was to parse the Windows registry hives and display them in a tree view GUI. ‘yaru’ was designed with a portable and extensible architecture in mind so that it could be compiled to run on various operating systems. Currently there are compiled versions of ‘yaru’ that will run on Windows, Linux and MAC OS X.
Every deleted registry key leaves behind a trace which can be used by ‘yaru’ in order to recover the lost key. All you have to do is to let ‘yaru’ scan all the registry hives and after a few second it will display a branch of deleted keys with all the values and types, from where you can use all the information to recover yours. Just open REGEDIT and enter the right values to recover and activate the lost key.
Besides its main focus, the Windows version of yaru, has the ability to take a snapshot of the currently running hives and examine them. Since the Windows OS locks down the active hives from other processes reading them, ‘yaru’ can resort to raw NTFS disk reads to read any of the desired hives. Consequently, this requires the user to run this tool with administrative privileges. While this approach adds complexity to yaru, it ensures that there is no corruption or changes to the active hive during analysis.
download yaru for Windows