Jump to content

How to change registry in mounted image?

Octopuss
 Share

Recommended Posts

Octopuss

Octopuss

Posted
  • Author
Posted

I think I have it sorted now. It's a bit messy though.

Using variables and paths in standard REG_SZ types is tricky and sometimes doesn't work, but paths have to be written with duoble backslashes else the key doesn't get added at all. And even then it doesn't work sometimes.

;Add Services

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Services]

"Icon"="%SystemRoot%\\System32\\imageres.dll,-67"

"Position"="Top"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Services\command]

@="mmc.exe services.msc"

The icon part works, but if I write the command part in the same way, it doesn't. Fortunately we have system paths variables set by default.

myselfidem, you told me to change stuff in controlset001 key instead of currentcontrolset, which confused me. Google says something about these keys being more or less copies of one another, so it will probably work either way.

Link to comment
Share on other sites

jaclaz

jaclaz

Posted
Posted

Google says something about these keys being more or less copies of one another, so it will probably work either way.

Heck, NO! :realmad:

CurrentControlSet DOES NOT EXIST at an OFFLINE Registry! :w00t:

When a NT system boots it checks the Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\Select

and based on it's contents it creates a LINK named CurrentControSet that actually redirects to ControlSetxyz (normally it is ControlSet001 and normally there are only two ControSet's, ControSet001 and ControlSet002)

jaclaz

Link to comment
Share on other sites
Octopuss

Octopuss

Posted
  • Author
Posted

Aaaah! I see! It's clear now.

Btw the whole registry to load are these three files, right?

reg.exe load HKLM\WIM_Default "d:\mount\Users\Administrator\NTUSER.DAT"

reg.exe load HKLM\WIM_Software "d:\mount\Windows\System32\config\SOFTWARE"

reg.exe load HKLM\WIM_System "d:\mount\Windows\System32\config\SYSTEM"

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted

Btw the whole registry to load are these three files, right?

reg.exe load HKLM\WIM_Default "d:\mount\Users\Administrator\NTUSER.DAT"

reg.exe load HKLM\WIM_Software "d:\mount\Windows\System32\config\SOFTWARE"

reg.exe load HKLM\WIM_System "d:\mount\Windows\System32\config\SYSTEM"

Yes/No. :huh:

There are more files, though it is unlikely you will need to mount/modify them. (SECURITY and SAM), while it is possible that you will want to edit DEFAULT.

http://msdn.microsoft.com/en-us/library/ms724877(v=vs.85).aspx

Be aware (if needed) about HKEY_CLASSES_ROOT (that in ONline registry is actually a LINK to HKEY_LOCAL_MACHINE\SOFTWARE\Classes and does not exist OFFline)

jaclaz

Link to comment
Share on other sites
myselfidem

myselfidem

Posted
Posted (edited)

;Add Services

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Services]

"Icon"="%SystemRoot%\\System32\\imageres.dll,-67"

"Position"="Top"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Services\command]

@="mmc.exe services.msc"

The icon part works, but if I write the command part in the same way, it doesn't. Fortunately we have system paths variables set by default.

Missing the switch /s (Example with another icon):


Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Services]
@="Services"
 "Icon"="filemgmt.dll"
 "Position"="Top"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Services\command]
 @="mmc.exe /s services.msc"

Some registry keys:

http://www.msfn.org/...post__p__966749

Edited by myselfidem
Link to comment
Share on other sites
myselfidem

myselfidem

Posted
Posted

We can use the MMC "/s" to turn off the splash screen.

http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/c81fee8f-8593-4f2b-b7dc-9617d5fe3347

Other example: Edit the registry on a mounted WIM.

http://blogs.technet.com/b/migreene/archive/2006/12/07/edit-the-registry-on-a-mounted-wim.aspx

About Windows Registry:

http://en.wikipedia.org/wiki/Windows_Registry

Link to comment
Share on other sites
dencorso

dencorso

Posted
Posted

Just for the sake of completeness:

You can use Nuno Brito's handy RawReg to peruse unmounted registry hives, like NTUSER.DATs from other profiles than the one currently logged on. RawReg also should let you modify them, but that doesn't always work, in the current version, so If you need to do that, use Erwan.L's offlinereg instead, althought it's less user friendly.

While I wrote that with unmounted hives from other profiles in the same system, it of course applies to any unmounted hives, so certainly a mounted WIM image qualifies, too.

Link to comment
Share on other sites
jaclaz

jaclaz

Posted
Posted (edited)

Just for the sake of completeness:

You can use Nuno Brito's handy RawReg to peruse unmounted registry hives, like NTUSER.DATs from other profiles than the one currently logged on. RawReg also should let you modify them, but that doesn't always work, in the current version, so If you need to do that, use Erwan.L's offlinereg instead, althought it's less user friendly.

While I wrote that with unmounted hives from other profiles in the same system, it of course applies to any unmounted hives, so certainly a mounted WIM image qualifies, too.

With all due respect :):

  • RAWREG is unfinished (and severely bugged :ph34r:) work
  • The already mentioned Offline Registry uses a MS freely available Library and is command line, i.e. an exact correspondent to what was asked (command line editing).

Whether a command line app is less friendly than a GUI app is of course well debatable.

jaclaz

Edited by jaclaz
Link to comment
Share on other sites
dencorso

dencorso

Posted
Posted
RAWREG is unfinished (and severely bugged :ph34r:) work

I know... but it's handy, all the same, provided it's used just to peruse the hives, not to edit them. :)

Whether a command line app is less friendly than a GUI app is of course well debatable.

Well... that's the problem with quoting, instead of writing from scratch: some things get out of context. That comment was addressed to Dave-H, in the thread that quote originated from, not to the OP of the present thread, who asked for a command-line tool. My, bad. Sorry! :blushing:

Link to comment
Share on other sites
Octopuss

Octopuss

Posted
  • Author
Posted (edited)

I ran into a dead end with my reg tweaks - the **** file refuses to import. I only just found out when I still had no tweaks applied when I installed the system and tried to do it manually after - I keep getting an error message about registry access error or something. The mustbe something wrong with the file, I don't know :( Could someone check it out please?

edit: the /s switch does nothing, I am not getting any splash screens at all anyway...

Edited by TheWalrus
Link to comment
Share on other sites
myselfidem

myselfidem

Posted
Posted (edited)

Test made successfully with your reg files:

You need first to create a folder (Example: C:\DISM_Temp) and place your reg files inside!

Example (adapt the name and paths to your needs):

Walrus.cmd


@echo off & color 1F
"C:\Program Files\Windows AIK\Tools\x86\Servicing\Dism.exe" /Mount-Wim /Wimfile:"C:\Win7\sources\install.wim" /index:1 /MountDir:"C:\zMount"
>nul timeout /t 3
reg.exe load HKLM\WIM_Default "C:\zMount\Users\Default\NTUSER.DAT"
reg.exe load HKLM\WIM_Software "C:\zMount\Windows\System32\config\SOFTWARE"
reg.exe load HKLM\WIM_System "C:\zMount\Windows\System32\config\SYSTEM"
>nul timeout /t 3 
reg.exe import "C:\DISM_Temp\User.reg"
reg.exe import "C:\DISM_Temp\Perso.reg"
reg.exe import "C:\DISM_Temp\Context_Menu.reg"
reg.exe import "C:\DISM_Temp\System.reg"
pause to see the result inside the mounted hives
>nul timeout /t 3
echo.
reg.exe unload HKLM\WIM_Default
reg.exe unload HKLM\WIM_Software
reg.exe unload HKLM\WIM_System
echo.
"C:\Program Files\Windows AIK\Tools\x86\Servicing\Dism.exe" /Unmount-Wim /MountDir:"C:\zMount" /Commit
echo.
echo ==Appuyez sur n'importe qu'elle touche pour quitter==&pause>nul

Inside C:\DISM_Temp place all you reg files (Example):

User.reg

Perso.reg

Context_Menu.reg

System.reg

Output command window Result.txt

Outil Gestion et maintenance des images de déploiement

Version : 6.1.7600.16385

Montage de l'image

[==========================100.0%==========================]

L'opération a réussi.

L'opération a réussi.

L'opération a réussi.

L'opération a réussi.

L'opération a réussi.

L'opération a réussi.

L'opération a réussi.

L'opération a réussi.

Appuyez sur une touche pour continuer...

L'opération a réussi.

L'opération a réussi.

L'opération a réussi.

Outil Gestion et maintenance des images de déploiement

Version : 6.1.7600.16385

Fichier image : C:\Win7\sources\install.wim

Index de l'image : 1

Enregistrement de l'image

[==========================100.0%==========================]

Démontage de l'image

[==========================100.0%==========================]

L'opération a réussi.

==Appuyez sur n'importe qu'elle touche pour quitter==

Image Mounted Hives

One error corrected inside your reg file.

Your reg files attached!

Edited by myselfidem
Link to comment
Share on other sites
Octopuss

Octopuss

Posted
  • Author
Posted (edited)

I don't know man. I think I am doing pretty much the same thing.

This is what I have in my batch file:

@echo off
Color 0A
echo mounting the image
dism /mount-wim /wimfile:e:\Win7\sources\install.wim /index:1 /mountdir:e:\mount\
echo removing some minor s*** files
rd "e:\mount\Users\Administrator\Favorites\Links" /s /q
rd "e:\mount\Users\Administrator\Favorites\Microsoft Websites" /s /q
rd "e:\mount\Users\Administrator\Favorites\MSN Websites" /s /q
rd "e:\mount\Users\Administrator\Favorites\Windows Live" /s /q
rd "e:\mount\Users\Public\Music\Sample Music" /s /q
rd "e:\mount\Users\Public\Pictures\Sample Pictures" /s /q
rd "e:\mount\Users\Public\Recorded TV\Sample Media" /s /q
rd "e:\mount\Users\Public\Videos\Sample Videos" /s /q

echo loading registry from the image
reg.exe load HKLM\WIM_Default "e:\mount\Users\Administrator\NTUSER.DAT"
reg.exe load HKLM\WIM_Software "e:\mount\Windows\System32\config\SOFTWARE"
reg.exe load HKLM\WIM_System "e:\mount\Windows\System32\config\SYSTEM"
echo importing registry tweaks
reg.exe import "e:\tweaks.reg"
echo unloading the registry
reg.exe unload HKLM\WIM_Default
reg.exe unload HKLM\WIM_Software
reg.exe unload HKLM\WIM_System
echo unmounting and saving the image
dism.exe /Unmount-Wim /MountDir:"e:\mount" /Commit
pause

edit: what did you change please? I don't know of any simple way of checking the changes.

edit2: why did you break the tweaks into different files, or rather - by what logic?

Edited by TheWalrus
Link to comment
Share on other sites
Octopuss

Octopuss

Posted
  • Author
Posted (edited)

After lots of trial and error I managed to nail it down. Everytime I applied the tweaks and installed it in VM, I'd get BSOD and restart when the windows was supposed to start.

One stupid key typed slightly wrong. Jeez I'm dumblind... But then again, I've been trying to get this part working for 2 days pretty much nonstop and 3 hours a day worth of sleep is BAD.

I still have one question though: do I really need to use REG_EXPAND_CZ type for those keys that contain variables like for example %systemroot% which I am very fond of lately?

Edited by TheWalrus
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...