Jump to content











Photo
- - - - -

How to Move c:\Windows\System32\Config\Software for RamDisk XP

windows xp tinyxp minixp moving the registry how to move the registry ramdisk

  • Please log in to reply
9 replies to this topic

#1 m8ty.com

m8ty.com
  • Members
  • 2 posts
  •  
    United States

Posted 27 August 2013 - 03:49 AM

Hi,

 

I am having a real dilema here that has costed me hours of googling with no results.  Here's the problem:

 

I have successfully created a ram disk with the objective of making it much much more difficult for this installation to get infected with a virus for a computer.  I am doing this in my attempts to study many fronts in making Windows as virus proofs and robust as possible.

 

The Ram Drive is a XP-1.vhd file of size 800MB

 

Operating System: TinyXP (nLited) c:\windows folder measures about 400MB

 

Next, I installed hardlinks and JunctionsXP to create junctions directories for XP.  With this, I was able to Junction the following directories:

 

c:\Documents and Settings\User\Desktop  and

c:\Documents and Settings\User\My Documents

To d:\RamDisk\User\Desktop and

      d:\RamDisk\User\My Documents

Any documents and pictures saved on this computer wont get lost between reboots as they will be saved on the D drive which happens to be a real 500GB hard drive.

 

Also I created junctions for the c:\Program and files and the c:\documents and settings\all users

 

Next, I need wireless information to be saved between reboots, and here is where my dilema falls:

Windows XP (and Vista, 7 and 8 as well) Store the Wireless Zero Passwords and SSID list on the following registry file:

c:\Windows\System\Config\SOFTWARE

So, I though that maybe I could create a Junction for "C:\Windows\System\Config" and store the Config on Drive D.  Although I was able to create the junction, Windows XP will not boot claiming that the registry is corrupted, so I reverted this change and it now boots.

 

Later on, I found out that Windows does not read Junctions at that early stages of boot, so Junctions are out of the question.

 

My next attempt to move the SOFTWARE registry file to Drive D consisted in copying this file to:

d:\Win\System32\Config\ (note, on Drive D)

Then I loaded up Regedit and proceeded to go to the following hive:

HKey Local Machine>System>CurrentControlSet>hivelist

 

Here I see a list of each registry files and its mount point.  I can see that SOFTWARE is mounted here:

\Device\HarddiskVolume5\WINDOWS\system32\config\software

 

So, I though that the fix would be to change it to:

\Device\HarddiskVolume4\WIN\system32\config\software

 

the Mountpoint HarddiskVolume4 represents my Drive D partition and the Volume5 represents my VHD image

so, after I made that change, I restarted the computer, windows loaded, but when I went back to check on regedit, I see that SOFTWARE reverted itself back to its previous value of:

 

\Device\HarddiskVolume5\WINDOWS\system32\config\software

 

I have reached a dead end here, is there a program that can at least save registry changes elsewhere??  I have read about Faronics Data Igloo which suppose to do this job, but it requires the dreaded .Net Framework 2.1 or greater which would add an extra 400MB to my TinyXP installtion -- NOWAY!! and besides its not freeware, so I am mainly looking for non-framework freeware utilities or the proper registry key that will accept the change I am trying to do. 

 

Thanks

 



#2 wimb

wimb

    Platinum Member

  • Developer
  • 3756 posts
  • Interests:Boot and Install from USB
  •  
    Netherlands

Posted 27 August 2013 - 08:25 AM

I have reached a dead end here, is there a program that can at least save registry changes elsewhere?? 

 

 

ERUNT can be used for XP to backup and restore of the registry http://www.larsheder...nline.de/erunt/

 

ERUNT is used also by IMG_XP_Update.exe

http://www.911cd.net...showtopic=23553

IMG_XP_Update.exe is used after booting with XP Image file from RAMDISK, to Update the Image file that you just booted from.
Boot with full XP Image file in RAMDISK and Update Drivers using DriverForge with Drivers folder that you supply.
Then run IMG_XP_Update.exe to improve full XP Image file in 1 minute with drivers for New Hardware.

 

 

 

Other OS 7/8 require Portable RegistryBackup http://www.tweaking....try_backup.html

 

:cheers:



#3 joakim

joakim

    Silver Member

  • Team Reboot
  • 912 posts
  • Location:Bergen
  •  
    Norway

Posted 27 August 2013 - 09:48 AM

I think the answer is that when Windows boots, it is writing that registry value. It starts with the SYSTEM hive which has a hardcoded relative path of a folder called "config" which is expected to be on the systemvolume. The hardcoding is present in winload.exe (and ntldr on nt5.x I think). The rest of the hives are loaded by the kernel and are also expected to be found within the same path as the SYSTEM hive. I don't think it is possible to configure this.



#4 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 27 August 2013 - 11:53 AM

Maybe useful, may be not, I once made some experiments and it seems like hard links (limited thus to the SAME volume) do work, whilst soft links (junctions) do not, see:

http://www.911cd.net...showtopic=23626

 

joakim, who is probably the only one with the "right" knowledge and attitude :worship: at the time "passed" :w00t:, this could be the right occasion to re-vamp that topic :unsure:

 

:cheers:

Wonko



#5 erwan.l

erwan.l

    Platinum Member

  • Developer
  • 3041 posts
  • Location:Nantes - France
  •  
    France

Posted 27 August 2013 - 11:57 AM

Hi Joakim,

 

May be a bit out of topic but using the regreplacekey MS api, it might be possible to point at another file to support a system hive.

 

Had been willing to give a try at some point but never had time.

 

 

Regsavekey is a similar api I used to make a "live" copy of my hives in my tools.

 

Regards,

Erwan



#6 m8ty.com

m8ty.com
  • Members
  • 2 posts
  •  
    United States

Posted 27 August 2013 - 05:18 PM

ERUNT can be used for XP to backup and restore of the registry http://www.larsheder...nline.de/erunt/

 

ERUNT is used also by IMG_XP_Update.exe

http://www.911cd.net...showtopic=23553

 

Other OS 7/8 require Portable RegistryBackup http://www.tweaking....try_backup.html

 

:cheers:

 

I have tried ERUNT, and while ERUNT does a fantastic job at backing up the registry on another volume (from Drive C [the XP-1.vhd) to Drive D:) it doesn't do a good job at restoring the registry.  Well, it does restore the registry at perfection, but the problem here is that a reboot is required in order to make the restored registry active, and if I have booted XP-1.VHD from RAM and, lets say, the user have installed a new software that writes a new key to: c:\windows\system32\config\SOFTWARE while with the correct parameters I can make ERUNT auto backup the registry on shutdown, on reboot, ERUNT can restore the registry, BUT if the installation is going to require a REBOOT in order to make the restore active that would defeat the whole purposes here.  I have to complete a restore of at least a backed up SOFTWARE registry without requiring a reboot because on a reboot all changes are lost when loading the VHD from RAM. 

 

Let me mention the following to enlighten the idea:

 

a company named Faronics makes a tool called Data Igloo which has the capacity to know what changes are made to the SOFTARE registry and to reload these changes in realtime upon system reboot.  Now, this software seems to be using publicly available solutions for many, if not all of its tasks, such as moving the user profile folder to another partition, moving the program files folder to another partition, etc  All these can manually be done without having to install Data Igloo by making the respective changes to the ......Microsoft>Windows NT> registry hives and the other (non NT) hive along with the ...ProfileList hives after moving the files to the new parition.  Now, what I am trying to know is HOW does this software perform the saving the changes of the registry, just the changes and loading the SOFTWARE changes automatically upon restart so that I can configure these.  I have Data Igloo with me, well the Beta version which Faronics launched for Free about a year ago, now its not free and this software requires the .Net Framework 2 which adds a prohibitely 400MB+ to the c:\Windows folder which that alone I cannot consider this particular software even if I am able to get it one way or the other...  

 

I know that there has to be a freeware tool out there that can save just the changes of the SOFTWARE registry and automatically load these changes upon a reboot without requiring another reboot for the changes to be made.



#7 wimb

wimb

    Platinum Member

  • Developer
  • 3756 posts
  • Interests:Boot and Install from USB
  •  
    Netherlands

Posted 27 August 2013 - 05:30 PM

May be this is what you need:

 

IMG_XP_Update.exe is used after booting with XP Image file from RAMDISK, to Update the Image file that you just booted from.

 

It updates the registry in the VHD file so that next time you boot from RAMDISK with the updated registry.



#8 joakim

joakim

    Silver Member

  • Team Reboot
  • 912 posts
  • Location:Bergen
  •  
    Norway

Posted 27 August 2013 - 07:18 PM

@Erwan

Nice api. I never heard of it.

 

I think it could be useful to get back at the topic and think outside the box (you where stuck in last time..) :)

 

The challenge might still have a solution.



#9 joakim

joakim

    Silver Member

  • Team Reboot
  • 912 posts
  • Location:Bergen
  •  
    Norway

Posted 27 August 2013 - 08:27 PM

Since I have done some native app coding lately, I came to think that maybe some trickery (registry, processes, filesystem etc) might yield some interesting results. Not exactly sure what could be done, but would either way have to be limited/controlled by the ntapi (ntdll.dll), which by the way is rather powerful.



#10 genetix

genetix

    Frequent Member

  • Advanced user
  • 132 posts
  •  
    Finland

Posted 28 August 2013 - 11:35 AM

Hmm, could be offtopic, but

 

Why not use NTFS linking from physical drive for Write-back support and load the actual windows partition to RAM. I mean XP in itself takes 700MB with every update possible it takes 2,256GB (or very damn close to that) with few enhancements you could fix entire XP to 512MB or smaller space boot that core (without .NET of course, but even .NET could be implemented either with extra ram or as disk space) beside the fact in this scale project you most likely will be using older versions or specific versions of windows. In this case you could mirror the actual registry on system start, so, basically you would have 2 copies existing to the point of Operating system break by Malware/Virus and have full offlined capability to examine the registry / file system too, if configured.

 

Also this way it would be easy to debug the virus/malware as basically you would have space to write infomation about it out as a backup and it could never ever affect the system for real as ram doesn't write back to disk.


Edited by genetix, 28 August 2013 - 11:39 AM.






Also tagged with one or more of these keywords: windows xp, tinyxp, minixp, moving the registry, how to move the registry, ramdisk

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users