Jump to content

selecting Registry windows


dazza
 Share

Recommended Posts

The ultimate goal here is to load the hive ntuser.dat into the registry HKEY_USERS. At present there does not seem to be a function that will do this, so we are trying to select the 'sub-window' in regedt32 in order to use key strokes to load the hive. However, the subwindows change position and class name each time regedt32 is opened. The only information that does not chanfe is the subwindows title.

Link to comment
Share on other sites

Ok, what do you mean by parsing it? I have not come across this term before.

cheers,

Leigh

Umm...

$wheretomount = "HKEY_USERS\MOUNTEDHIVE"
$filetomount = "C:\WINNT\PROFILES\USERID\NTUSER.DAT"
Run("reg load " & $wheretomount & " " & $filetomount)

That should work. Change the location of wherever your user's profile ntuser.dat is located. Also, you cannot mount a ntuser.dat that's in use!

Link to comment
Share on other sites

Umm...

$wheretomount = "HKEY_USERS\MOUNTEDHIVE"
$filetomount = "C:\WINNT\PROFILES\USERID\NTUSER.DAT"
Run("reg load " & $wheretomount & " " & $filetomount)

That should work. Change the location of wherever your user's profile ntuser.dat is located. Also, you cannot mount a ntuser.dat that's in use!

thanks for the help guys,

Ive tried this but to no avail, i can definitly load the hive manually so there is now worries about mounting in use.

Would this be affected by the fact this is on windows 2000?

Link to comment
Share on other sites

thanks for the help guys,

Ive tried this but to no avail, i can definitly load the hive manually so there is now worries about mounting in use.

Would this be affected by the fact this is on windows 2000?

Y:\>reg /?

Console Registry Tool for Windows - version 3.0

Copyright © Microsoft Corp. 1981-2001. All rights reserved

REG Operation [Parameter List]

Operation [ QUERY | ADD | DELETE | COPY |

SAVE | LOAD | UNLOAD | RESTORE |

COMPARE | EXPORT | IMPORT ]

Return Code: (Except of REG COMPARE)

0 - Succussful

1 - Failed

For help on a specific operation type:

REG Operation /?

Examples:

REG QUERY /?

REG ADD /?

REG DELETE /?

REG COPY /?

REG SAVE /?

REG RESTORE /?

REG LOAD /?

REG UNLOAD /?

REG COMPARE /?

REG EXPORT /?

REG IMPORT /?

It comes with Windows XP. For Windows 2000, it's available via the 2000 Resource Kit. Edited by azure
Link to comment
Share on other sites

It makes sense, but sometimes sense is not the way to go!, unfortunately using .exe will not be possible for security issues. :-(

Any other ideas!? :)

Do what BrettF said.

parse (singular) - division of input into small sections that are easy for a program to process

♡♡♡

.

eMyvnE

Link to comment
Share on other sites

It makes sense, but sometimes sense is not the way to go!, unfortunately using .exe will not be possible for security issues. :-(

Any other ideas!? :)

RE: BrettF -> You can't parse ntuser.dat files like that.. they're all binary and stuff.

Use these two UDF's:

Privilege.au3

reg.au3

#include <reg.au3>

_RegLoadHive("C:\Documents and Settings\Guest\ntuser.dat", "HKU\TempHive")
RunWait("regedit.exe")
_RegUnloadHive("HKU\TempHive")

These mount the registry hives with advapi32.dll's RegLoadKey function.

Enjoy.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...