Offline Registry
#26
Posted 06 January 2011 - 07:43 PM
An AutoIt command of the form
Run(@Comspec & " /c " & $cmd)
or
Run(@Comspec & " /k " & $cmd)
will run CMD.EXE, which will strip some quotes in $cmd if, among other restrictions, there are more than 2 quote chars in $cmd.
Given $cmd contains a correctly quoted OfflineReg command this will mean the quotes around the registry key will be removed causing the OfflineReg command to fail if the registry key parameter contains a space, otherwise not.
A workaround is to surround $cmd with extra quotes; e.g.
run(@Comspec & ' /c "' & $cmd & '"')
In that case CMD.EXE will strip the outer quotes only, leaving the others. This quote stripping behaviour does not occur if you run $cmd in a DOS box, or in a batch file presumably because CMD.EXE is already running.
For the full CMD.EXE syntax see
http://www.computerhope.com/cmd.htm
Incidentally OfflineReg.exe does not appear to require quotes around the hivepath and registry key parameters unless they contain a space.
#27
Posted 24 June 2011 - 04:08 AM
offlinereg.exe is a perfect tool for a task I am trying to accomplish. I have to figure out a way to change some registry settings on a XP Embedded system that does not have an Ethernet connection, keyboard or monitor. The only way I have found so far to do this is by booting the system from a USB hard drive and making the registry changes with offlinereg. I am developing a command script to do this on a desktop running XP. The problem I am having is that the changes I make do not seem to be saved. When I run the command it says the change has been made and the results are saved to system.bak. If I use offlinereg to try and verify this, the value has not been changed. Running windiff on system and syatem.bak shows no differences other than system.bak being newer. I know I must be doing something wrong but I do not know what or how to figure it out.
If anyone has any insight, please let me know.
Thanks.
#28
Posted 24 June 2011 - 08:30 AM
Can you specify WHICH exact hives/keys are you trying to modify?
Or can you try if the behaviour is consistent with "other" hives/keys?
Also, post the EXACT command line you are using....
Wonko
#29
Posted 26 June 2011 - 11:10 PM
Thank you for pointing out my error. I had been trying to modify a value in the System hive. When I tried modifing a key in the Software hive, everything worked as expected.
I really appreciate the help.
Greg
#30
Posted 09 July 2011 - 12:29 PM
This has been requested a few times : the attached zip contains the binary AND the delphi source code.
Regards,
Erwan.
offlinereg.zip 90.92KB 1050 downloads
#31
Posted 12 October 2013 - 06:04 PM
hello everybody
----------------------------------------------------------------------------------------------------------------
HKey_Current_User\Software\Microsoft\Windows\Current Version\Policies\Explorer
Add a New DWORD item and name it NoDrives
Give it a value of "3FFFFFF"
----------------------------------------------------------------------------------------------------------------
My offline Windows_8_x64_PE is in "C:\Win8PE\mount" :
Program Files
Program Files (x86)
ProgramData
sources
Windows
Users
bootmgr
How can I use offlinereg to add the above value ? Should I use "offlinereg.exe" or "offlinereg64.exe" ?
Thanks
#32
Posted 12 October 2013 - 06:26 PM
should be
OfflineReg "c:\my_folder\my_hive.bak" "HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer" setvalue NoDrives 67108863 4
/Erwan
#33
Posted 12 October 2013 - 06:51 PM
So I've tried :
OfflineReg "C:\Win8PE\mount" "HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer" setvalue NoDrives 67108863 4
error message :
OROpenHive failed:5
#34
Posted 12 October 2013 - 07:14 PM
5 = access denied.
your file / hive is opened by another process.
beware that offlinereg is meant to modify offline (i.e not in used) hives.
#35
Posted 12 October 2013 - 07:35 PM
Actually , it's Win8PE_SE_2013-10-03 , I made this and obtain a boot.wim.
1. I mount it to C:\Win8PE\mount , like before "OROpenHive failed:5" error.
2. I've tried to copy this boot.wim to U:\
dism /Apply-Image /ImageFile:"C:\Win8PE\boot.wim" /Index:1 /ApplyDir:U:\
Try with error message : "OROpenKey failed:3"
OfflineReg "U:\" "HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer" setvalue NoDrives 67108863 4
Try with error message : "OROpenKey failed:2"
OfflineReg "U:\Users\Default\NTUSER.DAT" "HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer" setvalue NoDrives 67108863 4
#36
Posted 12 October 2013 - 07:41 PM
net helpmsg 5 : access denied
net helpmsg 2 : file not found
net helpmsg 3 : path not found
copy NTUSER.DAT to c:\temp then try again with :
OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\Current Version\Policies\Explorer" setvalue NoDrives 67108863 4
#37
Posted 12 October 2013 - 07:48 PM
I copy NTUSER.DAT to "c:\temp\NTUSER.DAT" with same error "OROpenKey failed:2"
I found that NTUSER.DAT 's attrib is +s +h , so i made it -s -h , but with same error message
#38
Posted 12 October 2013 - 08:44 PM
if the following:
OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\Current Version\Policies\Explorer" setvalue NoDrives 67108863 4
give you error 2, it could mean that they key does not exist.
Try creating it first :
OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\Current Version\Policies\Explorer" createkey NoDrives
/Erwan
#39
Posted 12 October 2013 - 08:48 PM
Still OROpenKey failed:2
#40
Posted 12 October 2013 - 08:54 PM
you are still getting error 2 on this command :
OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\Current Version\Policies\Explorer" createkey NoDrives ?
try this to check if your file can be read :
OfflineReg "c:\temp\NTUSER.DAT" environment getvalue temp
it should give you the temp path for the system.
edit :
you may have to
-create the explorer key (does not exist at my place)
OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\Current Version\Policies" createkey explorer
-create/set the nodrives value
OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\Current Version\Policies\Explorer" setvalue NoDrives 67108863 4
#41
Posted 13 October 2013 - 03:22 PM
OfflineReg "c:\temp\NTUSER.DAT" environment getvalue temp
"temp"=%USERPROFILE%\AppData\Local\Temp
OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\Current Version\Policies" createkey explorer
OROpenHive failed:2
OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\Current Version\Policies\Explorer" setvalue NoDrives
OROpenHive failed:2
#42
Posted 13 October 2013 - 03:29 PM
got it : "currentversion" and NOT "current version" ! (no space)
tried at my place :
#43
Posted 13 October 2013 - 04:15 PM
Thanks very much , I've check it CurrentVersion with no space. But will same result :
OROpenHive failed:2
Is it that becuase I'm use UEFI/GPT ? Does it matter ? I'm sure this time you must test it right and write down the answser for me.
#44
Posted 13 October 2013 - 04:21 PM
Sir, my main purpose is to hide all the physical drive when boot into Win8PE_SE_2013-10-03 desktop.
Is there another way to do that. Can I use autorun.exe to do so , I've tried to do the registry in winpeshl.ini but fail. But I don't know how to do it in autorun.exe
#45
Posted 13 October 2013 - 04:26 PM
Good news is that you can read your hive file fine so this part is ok.
Try this : offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows" enumkeys
#46
Posted 13 October 2013 - 04:33 PM
offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows" enumkeys
CurrentVersion
Windows Error Reporting
offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows\currentversion" enumkeys
Explorer
Internet Settings
ThemeManager
WinTrust
#47
Posted 13 October 2013 - 04:35 PM
almost there .
do a : offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows\currentversion\policies" enumkeys
should give
and a : offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows\currentversion\policies\explorer" enumvalues
should give something like
NoDriveTypeAutoRun
#48
Posted 13 October 2013 - 04:40 PM
Sorry sir , at my place :
offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows\currentversion\policies" enumkeys
OROpenKey failed:2
#49
Posted 13 October 2013 - 05:04 PM
#50
Posted 13 October 2013 - 05:30 PM
Sir , sorry to spend you so much time , but I still got the error message. I apologise. May be it's my unknow program. Thanks
offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows\currentversion\policies" createkey explorer
OROpenKey failed:2
OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" setvalue NoDrives 67108863 4
OROpenKey failed:2
2 user(s) are reading this topic
0 members, 2 guests, 0 anonymous users