Jump to content

How to change registry in mounted image?

Octopuss
 Share

Recommended Posts


jaclaz

jaclaz

Posted
Posted

Is there a way to change stuff in the registry of mounted image? Obviously I can't use the reg command, because that would access the running system.

Hmm, obviously you can use the REG command, if you LOAD the corresponding hives. :whistle:

However ;):

http://reboot.pro/11212/

http://reboot.pro/11312/

there is a library to do that and erwan.l wrote a small app to make use of it. :)

jaclaz

Link to comment
Share on other sites
Octopuss

Octopuss

Posted
  • Author
Posted

Aha. Can you tell me more about the first method? I tried to google around, but most articles are about XP only (guess it's the same, but who knows), and are a bit messy.

I assume the logic is pretty much the same as with images - load, change, save, unload, etc.

Can you give me very brief rundown through the commands I need?

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted

Aha. Can you tell me more about the first method? I tried to google around, but most articles are about XP only (guess it's the same, but who knows), and are a bit messy.

I assume the logic is pretty much the same as with images - load, change, save, unload, etc.

Can you give me very brief rundown through the commands I need?

Are you serious?

Until the mentioned library came out it was the ONLY available method to change contents of an offline Registry.

And yes, nothing has changed from XP.

You load the Registry file hive (usually to HKLM) giving a name to it.

Then you do the whatever you want to do to it (of course all the REG commands need to be targeted to the loaded hive).

Then you unload the hive.

http://technet.microsoft.com/en-us/library/cc732643(WS.10).aspx

You can get *any* tutorial that uses regedit, the procedure is exactly the same, only reg.exe is command line, regedit is GUI (2K - see below - used REGEDT32)., example:

http://smallvoid.com/article/winnt-offline-registry-edit.html

http://technet.microsoft.com/en-us/library/cc759303(WS.10).aspx

The advantage of using the Offline Registry library seems to me evident, as you don't need to re-target the REG editing commands to the mounted hive.

jaclaz

Link to comment
Share on other sites
Octopuss

Octopuss

Posted
  • Author
Posted (edited)

Yes I was serious, ever heard of people who asked about something they only just started to learn?...

Thanks for the links, but considering I have all of the tweaks I gathered in the command line form, I think I will pass, because comletely rewriting tens of lines of text into different format is too much. Bleh.

I really don't understand the .reg files syntax. And Google failed me again. I can't seem to find any good examples or lists of commands I can use there.

Edited by TheWalrus
Link to comment
Share on other sites
Octopuss

Octopuss

Posted
  • Author
Posted

Good one.

I am puzzled about the value types. What's .reg file equivalent of REG_EXPAND_SZ for example?

I tried the most simply thing, changing temp variable, and it doesn't work :P

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]

"TMP"="%SystemDrive%\TEMP"

Nothing gets added.

And the syntax is probably a bit more complicated than I guessed, because trying to go with the "Value Name"=<Value type>:<Value data> didn't do jack either.

Link to comment
Share on other sites
myselfidem

myselfidem

Posted
Posted (edited)

It's needed to change the reg files to set inside the correct registry hive.

Example: Values

HKEY_LOCAL_MACHINE\WIM_Default = HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE\WIM_Software = HKEY_LOCAL_MACHINE\SOFTWARE

HKEY_LOCAL_MACHINE\WIM_Software\Classes = HKEY_CLASSES_ROOT

HKEY_LOCAL_MACHINE\WIM_System = HKEY_LOCAL_MACHINE\SYSTEM

Your example:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\WIM_System\ControlSet001\Control\Session Manager\Environment]

"TMP"="%SystemDrive%\\TEMP"

When the image is mounted, you can also change the reg files manually and check if you need permissions with some keys!

Edited by myselfidem
Link to comment
Share on other sites
Octopuss

Octopuss

Posted
  • Author
Posted (edited)

Eh, you are not making this any easier, lol.

I only tried the temp variable on my running system so far, and it just doesn't work. I don't understand why. When I do it through command line, the key gets added/changed right away.

edit: ok I found out I can only add pure strings, no backslashes no special chars. How in the hell am I supposed to set a path then?

Also, why the controlset001 when they key is currentcontrolset?

Edited by TheWalrus
Link to comment
Share on other sites
myselfidem

myselfidem

Posted
Posted (edited)

Try to use on your computer:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment]

"TMP"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,69,00,76,00,\

65,00,25,00,5c,00,54,00,45,00,4d,00,50,00,00,00

And restart the computer!

Edited by myselfidem
Link to comment
Share on other sites
Octopuss

Octopuss

Posted
  • Author
Posted

Ew, please no, please don't tell me I have to use hex values!! That would be a real nightmare :D But it seems to be THE only format regedit is willing to export to, unfortunately :(

What about my second question regarding the different key?

+

Is there any system in what shall I add to the registry path when I am working with an image?

Link to comment
Share on other sites
myselfidem

myselfidem

Posted
Posted (edited)

Also, why the controlset001 when they key is currentcontrolset?

As you've experienced it works well like this with reg files on an mounted image!

Other example with keys needing permissions:

http://www.msfn.org/...post__p__971385

You can use some tools to have permissions on keys:

http://sourceforge.net/projects/setacl/files/

http://www.msfn.org/board/topic/152688-win6x-registry-tweak/

Edited by myselfidem
Link to comment
Share on other sites
Octopuss

Octopuss

Posted
  • Author
Posted

Sorry I do not understand at all.

I asked why you told me to change completely different key than the one the stuff I want to change is located in.

I didn't experience anything so far, I am still drowning in it :P (did make SOME progress though)

Also which keys exactly need special permissions? So far I didn't run any problems except for things around HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Windows.delete, which says read only. Do you have any list maybe?

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted

Thanks for the links, but considering I have all of the tweaks I gathered in the command line form, I think I will pass, because comletely rewriting tens of lines of text into different format is too much. Bleh.

Post a couple examples of tweaks that you have in "command line form". (and I presumme are targeted to "online" system).

jaclaz

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...