Windows NT Registry and Registry Undo files

application/octet-stream

Safe

Magic Bytes

Offset: 0
52 45 56 4E 55 4D 3A 2C

Windows NT Registry and Registry Undo files constitute a legacy configuration format developed by Microsoft for managing system settings within early NT-based operating systems. This format primarily functions as a recovery mechanism, storing undo information or backup states during software installations or system updates. Although largely obsolete in modern environments, these files remain safe for archival purposes and contain non-executable data pertaining to historical registry configurations.

Extension

.sud

MIME Type

application/octet-stream

Byte Offset

0

Risk Level

Safe

Validation Code

How to validate .sud files in Python

Python 
def is_sud(file_path: str) -> bool:
    """Check if file is a valid SUD by magic bytes."""
    signature = bytes([0x52, 0x45, 0x56, 0x4E, 0x55, 0x4D, 0x3A, 0x2C])
    with open(file_path, "rb") as f:
        return f.read(8) == signature

How to validate .sud files in Node.js

Node.js 
function isSUD(buffer: Buffer): boolean {
  const signature = Buffer.from([0x52, 0x45, 0x56, 0x4E, 0x55, 0x4D, 0x3A, 0x2C]);
  return buffer.subarray(0, 8).equals(signature);
}
Go 
func IsSUD(data []byte) bool {
    signature := []byte{0x52, 0x45, 0x56, 0x4E, 0x55, 0x4D, 0x3A, 0x2C}
    if len(data) < 8 {
        return false
    }
    return bytes.Equal(data[:8], signature)
}

API Endpoint

GET /api/v1/sud
curl https://filesignature.org/api/v1/sud

Related Formats

.reg .fdb .gdb .rdata .ani .avi .xhtml2 .flac .lrf