[Inject Reg entries into Win 8.1 Reg from WinPE]

one month back i tested PE for first time 

while booted from PE C:\ is for PE Windows drive and D:\ is for actual C:\ while we booted normally 

(correct me if i am wrong)

 

if i am right then colin is loading wrong hive

 

Hi,

 

WinPE normally sets it's drive to X: when booted, C: remains the windows drive throughout the process ... I have tried the above solution and it works exactly as I required. I get a command file run once at boot time that changes the location of WinRE to the recovery partition instead of the one contained within windows itself.

 

Col

[Inject Reg entries into Win 8.1 Reg from WinPE]

 

The only thing I can think of is that I am not loading the correct hive in the REG LOAD HKLM\TEMP c:\windows\system32\config\software command

 

Not a bad guess.

Why don't you check loading the hive in a GUI Registry editor in the PE?

 

At first sight, if you mount the SOFTWARE hive to a TEMP hive the path to the "right" key will be: 

HKLM\TEMP\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

because:

HKLM\TEMP\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

should result in the booted windows as:

HKLM\SOFTWARE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

 

(and BTW another reason to use the offline Registry editing)

 

jaclaz

 

Absolutely spot on, I didn't need \SOFTWARE in the REG ADD command.

 

Drop that out and it works perfectly

 

thank you.

[Inject Reg entries into Win 8.1 Reg from WinPE]

Backslashes are a "strange" thing (and particularly when used in a variable and then put in the Registry).

 

Are you sure that running

SET Drive

returns:

Drive=D:

and not:

Drive=D:\

 

Or simply try to use:

REG ADD HKLM\TEMP\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v Act /t REG_SZ /d "%Drive%Activate.cmd" /f

 

As a side-side note, personally I would rather use an Offline Registry editor from a PE:

http://reboot.pro/topic/11312-offline-registry/

http://erwan.labalec.fr/other/

 

jaclaz

Hi, thanks for your reply.

 

Drive does only contain D: and not D:\ ... Strange thing when I run a REG QUERY on the added entry it comes up as -

 

Act   REG_SZ   D:\Activate.cmd

 

which is correct, now I have to figure out why the Activate.cmd is not running on booting into windows. The only thing I can think of is that I am not loading the correct hive in the REG LOAD HKLM\TEMP c:\windows\system32\config\software command

[Inject Reg entries into Win 8.1 Reg from WinPE]

Hi,

 

hoping someone can help me out.

 

I need to inject a reg entry into the windows 8.1 HKEY_LOCAL_MACHINE RunOnce registry tree from within a WinPE 5.0 environment. So far I have the following as part of a command file;

 

REG LOAD HKLM\TEMP c:\windows\system32\config\software (To load the correct hive into a temporary subkey)

REG ADD HKLM\TEMP\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v Act /t REG_SZ /d "%Drive%\Activate.cmd" /f (to add the reg entry)

REG UNLOAD HKLM\TEMP (to unload the hive from the subkey)

 

Where %Drive& is the USB drive letter ... this all works .. but .. When checking the reg entry (using REG EXPORT to a file)  is shows up as

 

[HKEY_LOCAL_MACHINE\TEMP\software\microsoft\windows\currentversion\runonce]

"Act"="D:\\Activate.cmd"

 

Entry has two \\ instead of a single \ and does not execute the command file upon booting into Windows 8.1

 

Where have I gone wrong?

 

Cheers in advance for any help.