New version of RegSearcher is uploaded. NtCreateKey is now replaced by NtOpenKey, and will now not create any new keys (as previous version did under certain circumstances). A couple of bugs fixed too (too small name buffer and infinite loop when invalid handle on NtEnumerateKeys).
RegKeyFixer
Started by
joakim
, Aug 19 2012 08:31 PM
30 replies to this topic
#26
joakim
-
- Team Reboot
-
- 912 posts
Silver Member
- Location:Bergen
-
Norway
Posted 29 August 2012 - 10:15 PM
#27
joakim
-
- Team Reboot
-
- 912 posts
Silver Member
- Location:Bergen
-
Norway
Posted 30 August 2012 - 10:09 PM
Finally merged recursive mode into RegKeyFixer. There's now 3 modes: plain search, rename and delete. Choose between regular enumeration and recursion.
As a suggestion, I would recommend to first search the registry for invalid keys. Then evaluate output, and try one of the repair modes only on specific keys. Recursion has been tested and seems ok, but recursively modifying the registry is inherently risky. Enough said.
Also added a second PoC, that create some really bastard keys. My program are not able to handle them, and I almost certain these keys have to be modified in offline mode. I don't know about any program that are able to handle this sort of keys, so if you find one then please let me know.
@PscEx
How did you go with your attempt?
As a suggestion, I would recommend to first search the registry for invalid keys. Then evaluate output, and try one of the repair modes only on specific keys. Recursion has been tested and seems ok, but recursively modifying the registry is inherently risky. Enough said.
Also added a second PoC, that create some really bastard keys. My program are not able to handle them, and I almost certain these keys have to be modified in offline mode. I don't know about any program that are able to handle this sort of keys, so if you find one then please let me know.
@PscEx
How did you go with your attempt?
#28
Surfy
-
- Members
-
- 10 posts
Newbie
-
Germany
Posted 30 October 2013 - 03:42 PM
Hi Joakim
I try your tool today, to cleanup an undeletable key:
RegKeyFixer.exe "\Registry\Machine\SOFTWARE\Network Group" -r -s
C:\temp>RegKeyFixer.exe "\Registry\Machine\SOFTWARE\Network Group" -r -s
Location: \Registry\Machine\SOFTWARE\Network Group\MyKey_
Error in NtOpenKey 2 : 0xC0000034 -> The system cannot find the file specified.Job took 0.02 seconds
Unfortunately i run into an error. Do you can help me out?
Surfy
Edited by Surfy, 30 October 2013 - 03:43 PM.
#29
joakim
-
- Team Reboot
-
- 912 posts
Silver Member
- Location:Bergen
-
Norway
Posted 30 October 2013 - 08:19 PM
Hi
This tool has a very specific and limited usage. It is not a general registry tool for fixing any corrupt registry key/value. The troublesome key in your registry may be caused by something else.
I don't know why you can't delete the key, but my tool is at least showing an ntstatus as returned from NtOpenKey...
Do you get any clue if there is NULL's that is messing up for you if you substitute the "-r" switch with "-f"? If it returns nothing, then it may be caused by something else.
#30
pscEx
-
- Team Reboot
-
- 12707 posts
Platinum Member
- Location:Korschenbroich, Germany
- Interests:What somebody else cannot do.
-
European Union
Posted 30 October 2013 - 08:48 PM
Hi Joakim
I try your tool today, to cleanup an undeletable key:
RegKeyFixer.exe "\Registry\Machine\SOFTWARE\Network Group" -r -s
Unfortunately i run into an error. Do you can help me out?
Surfy
I did not test anything about undeletable keys, but perhaps you try my Billy-The-Door independent tool RegeditEx.
Peter
#31
hason
-
- Members
-
- 50 posts
Member
-
Vietnam
Posted 05 October 2015 - 10:45 AM
How to create invalid registry key? I found Reghide but I can't not use. 
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
