Jump to content
Sign in to follow this  
dazza

selecting Registry windows

Recommended Posts

dazza

On running regedt32, the registry is displayed as sub-windows within a window. How can I select one of these windows?

I have tried Winactivate(sub-window name) but this doesnt work.

:)

Share this post


Link to post
Share on other sites
BrettF
KaFu

Share this post


Link to post
Share on other sites
Leigh

The ultimate goal here is to load the hive ntuser.dat into the registry HKEY_USERS. At present there does not seem to be a function that will do this, so we are trying to select the 'sub-window' in regedt32 in order to use key strokes to load the hive. However, the subwindows change position and class name each time regedt32 is opened. The only information that does not chanfe is the subwindows title.

Share this post


Link to post
Share on other sites
BrettF
Leigh

Ok, what do you mean by parsing it? I have not come across this term before.

cheers,

Leigh

Share this post


Link to post
Share on other sites
azure

Ok, what do you mean by parsing it? I have not come across this term before.

cheers,

Leigh

Umm...

$wheretomount = "HKEY_USERS\MOUNTEDHIVE"
$filetomount = "C:\WINNT\PROFILES\USERID\NTUSER.DAT"
Run("reg load " & $wheretomount & " " & $filetomount)

That should work. Change the location of wherever your user's profile ntuser.dat is located. Also, you cannot mount a ntuser.dat that's in use!

Share this post


Link to post
Share on other sites
weaponx

I was just going to post the same thing as azure.

Share this post


Link to post
Share on other sites
Leigh

Umm...

$wheretomount = "HKEY_USERS\MOUNTEDHIVE"
$filetomount = "C:\WINNT\PROFILES\USERID\NTUSER.DAT"
Run("reg load " & $wheretomount & " " & $filetomount)

That should work. Change the location of wherever your user's profile ntuser.dat is located. Also, you cannot mount a ntuser.dat that's in use!

thanks for the help guys,

Ive tried this but to no avail, i can definitly load the hive manually so there is now worries about mounting in use.

Would this be affected by the fact this is on windows 2000?

Share this post


Link to post
Share on other sites
azure

thanks for the help guys,

Ive tried this but to no avail, i can definitly load the hive manually so there is now worries about mounting in use.

Would this be affected by the fact this is on windows 2000?

Y:\>reg /?

Console Registry Tool for Windows - version 3.0

Copyright © Microsoft Corp. 1981-2001. All rights reserved

REG Operation [Parameter List]

Operation [ QUERY | ADD | DELETE | COPY |

SAVE | LOAD | UNLOAD | RESTORE |

COMPARE | EXPORT | IMPORT ]

Return Code: (Except of REG COMPARE)

0 - Succussful

1 - Failed

For help on a specific operation type:

REG Operation /?

Examples:

REG QUERY /?

REG ADD /?

REG DELETE /?

REG COPY /?

REG SAVE /?

REG RESTORE /?

REG LOAD /?

REG UNLOAD /?

REG COMPARE /?

REG EXPORT /?

REG IMPORT /?

It comes with Windows XP. For Windows 2000, it's available via the 2000 Resource Kit. Edited by azure

Share this post


Link to post
Share on other sites
Leigh

It comes with Windows XP. For Windows 2000, it's available via the 2000 Resource Kit.

ahh that would make sense, thanks guys!

Share this post


Link to post
Share on other sites
Leigh

ahh that would make sense, thanks guys!

It makes sense, but sometimes sense is not the way to go!, unfortunately using .exe will not be possible for security issues. :-(

Any other ideas!? :)

Share this post


Link to post
Share on other sites
trancexx

It makes sense, but sometimes sense is not the way to go!, unfortunately using .exe will not be possible for security issues. :-(

Any other ideas!? :)

Do what BrettF said.

parse (singular) - division of input into small sections that are easy for a program to process


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites
azure

It makes sense, but sometimes sense is not the way to go!, unfortunately using .exe will not be possible for security issues. :-(

Any other ideas!? :)

RE: BrettF -> You can't parse ntuser.dat files like that.. they're all binary and stuff.

Use these two UDF's:

Privilege.au3

reg.au3

#include <reg.au3>

_RegLoadHive("C:\Documents and Settings\Guest\ntuser.dat", "HKU\TempHive")
RunWait("regedit.exe")
_RegUnloadHive("HKU\TempHive")

These mount the registry hives with advapi32.dll's RegLoadKey function.

Enjoy.

Share this post


Link to post
Share on other sites
Leigh

Nice one fellas! what a helpful forum this is!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×