$ hivexget system '\ControlSet001\Control' "PreshutdownOrder"=hex(7):77,00,75,00,61[...] "WaitToKillServiceTimeout"="12000" "CurrentUser"="USERNAME" "BootDriverFlags"=dword:00000000" "ServiceControlManagerExtension"=str(2):"%systemroot%\\system32\\scext.dll" "SystemStartOptions"=" NOEXECUTE=OPTIN" "SystemBootDevice"="multi(0)disk(0)rdisk(0)partition(2)" "FirmwareBootDevice"="multi(0)disk(0)rdisk(0)partition(1)" $ hivexget system '\ControlSet001\Control' SystemBootDevice multi(0)disk(0)rdisk(0)partition(2)
There is also a tool (hivexml) to convert the registry hive into an XML file.
These are low-level tools at the moment. These are the basis for writing a nice, usable, high-level virt-win-reg program for grabbing values out of a Windows guest.
Richard WM Jones 