HiveList Control Entries

The location of the files that contain Registry information is reported under the following Registry path:

HKEY_CURRENT_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist

All data types are REG_SZ. The following are the default entries:

\REGISTRY\MACHINE\HARDWARE

\REGISTRY\MACHINE\SAM=
\Device\Harddisk0\Partition1\SystemRoot\SYSTEM32\CONFIG\SAM

\REGISTRY\MACHINE\SECURITY=
\Device\Harddisk0\Partition1\SystemRoot\SYSTEM32\CONFIG\SECURITY

\REGISTRY\MACHINE\SOFTWARE=
\Device\Harddisk0\Partition1\SystemRoot\SYSTEM32\CONFIG\SOFTWARE

\REGISTRY\MACHINE\SYSTEM=
\Device\Harddisk0\Partition1\SystemRoot\SYSTEM32\CONFIG\SYSTEM

\REGISTRY\USER\.DEFAULT=
\Device\Harddisk0\Partition1\SystemRoot\SYSTEM32\CONFIG\DEFAULT

\REGISTRY\USER\SID_#=
\Device\Harddisk0\Partition1\SystemRoot\SYSTEM32\CONFIG\ADMIN000