Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Colin

Inject Reg entries into Win 8.1 Reg from WinPE

Recommended Posts

Hi,

 

hoping someone can help me out.

 

I need to inject a reg entry into the windows 8.1 HKEY_LOCAL_MACHINE RunOnce registry tree from within a WinPE 5.0 environment. So far I have the following as part of a command file;

 

REG LOAD HKLM\TEMP c:\windows\system32\config\software (To load the correct hive into a temporary subkey)

REG ADD HKLM\TEMP\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v Act /t REG_SZ /d "%Drive%\Activate.cmd" /f (to add the reg entry)

REG UNLOAD HKLM\TEMP (to unload the hive from the subkey)

 

Where %Drive& is the USB drive letter ... this all works .. but .. When checking the reg entry (using REG EXPORT to a file)  is shows up as

 

[HKEY_LOCAL_MACHINE\TEMP\software\microsoft\windows\currentversion\runonce]

"Act"="D:\\Activate.cmd"

 

Entry has two \\ instead of a single \ and does not execute the command file upon booting into Windows 8.1

 

Where have I gone wrong?

 

Cheers in advance for any help.

Edited by Colin

Share this post


Link to post
Share on other sites

Backslashes are a "strange" thing (and particularly when used in a variable and then put in the Registry).

 

Are you sure that running

SET Drive

returns:

Drive=D:

and not:

Drive=D:\

 

Or simply try to use:

REG ADD HKLM\TEMP\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v Act /t REG_SZ /d "%Drive%Activate.cmd" /f

 

As a side-side note, personally I would rather use an Offline Registry editor from a PE:

http://reboot.pro/topic/11312-offline-registry/

http://erwan.labalec.fr/other/

 

jaclaz

Share this post


Link to post
Share on other sites

Backslashes are a "strange" thing (and particularly when used in a variable and then put in the Registry).

 

Are you sure that running

SET Drive

returns:

Drive=D:

and not:

Drive=D:\

 

Or simply try to use:

REG ADD HKLM\TEMP\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v Act /t REG_SZ /d "%Drive%Activate.cmd" /f

 

As a side-side note, personally I would rather use an Offline Registry editor from a PE:

http://reboot.pro/topic/11312-offline-registry/

http://erwan.labalec.fr/other/

 

jaclaz

Hi, thanks for your reply.

 

Drive does only contain D: and not D:\ ... Strange thing when I run a REG QUERY on the added entry it comes up as -

 

Act   REG_SZ   D:\Activate.cmd

 

which is correct, now I have to figure out why the Activate.cmd is not running on booting into windows. The only thing I can think of is that I am not loading the correct hive in the REG LOAD HKLM\TEMP c:\windows\system32\config\software command

Share this post


Link to post
Share on other sites

The only thing I can think of is that I am not loading the correct hive in the REG LOAD HKLM\TEMP c:\windows\system32\config\software command

 

Not a bad guess. :no:

Why don't you check loading the hive in a GUI Registry editor in the PE?

 

At first sight, if you mount the SOFTWARE hive to a TEMP hive the path to the "right" key will be: 

HKLM\TEMP\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

because:

HKLM\TEMP\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

should result in the booted windows as:

HKLM\SOFTWARE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

:unsure:

 

(and BTW another reason to use the offline Registry editing)

 

jaclaz

Share this post


Link to post
Share on other sites

 

The only thing I can think of is that I am not loading the correct hive in the REG LOAD HKLM\TEMP c:\windows\system32\config\software command

 

Not a bad guess. :no:

Why don't you check loading the hive in a GUI Registry editor in the PE?

 

At first sight, if you mount the SOFTWARE hive to a TEMP hive the path to the "right" key will be: 

HKLM\TEMP\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

because:

HKLM\TEMP\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

should result in the booted windows as:

HKLM\SOFTWARE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

:unsure:

 

(and BTW another reason to use the offline Registry editing)

 

jaclaz

 

Absolutely spot on, I didn't need \SOFTWARE in the REG ADD command.

 

Drop that out and it works perfectly :)

 

thank you.

Share this post


Link to post
Share on other sites

one month back i tested PE for first time 

while booted from PE C:\ is for PE Windows drive and D:\ is for actual C:\ while we booted normally 

(correct me if i am wrong)

 

if i am right then colin is loading wrong hive

Share this post


Link to post
Share on other sites

one month back i tested PE for first time 

while booted from PE C:\ is for PE Windows drive and D:\ is for actual C:\ while we booted normally 

(correct me if i am wrong)

 

if i am right then colin is loading wrong hive

 

Hi,

 

WinPE normally sets it's drive to X: when booted, C: remains the windows drive throughout the process ... I have tried the above solution and it works exactly as I required. I get a command file run once at boot time that changes the location of WinRE to the recovery partition instead of the one contained within windows itself.

 

Col

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...