38 replies to this topic

[erwan.l]

I am not sure mixing both tools is a good idea.
Not only do they use a complete approach (raw vs library) but they also have a slightly different scope : offline is meant to be simple and command line oriented where rawreg is clearly an advanced/expert tool with a gui/

Regards,
Erwan

[Wonko the Sane]

They are different things. RawReg provides details and features not available on the MS libraries.

For example, it provides details about the physical offfset location of keys inside the registry. It can see the raw format, meaning that keys with invalid format that are typically used by root kits to conceal data are perfectly visible on rawreg.

Also, it does not require administrative permissions to edit any key inside the registry, while the libraries will enforce security policies and prevent protected keys from being edited unless the current user holds permission to do so.

So, MS is indeed more reliable but they are not really opening things up that much..

Exactly that's why I suggested "parallel" development.
If something is available in the "MS library", use it.
If something is NOT available in it, use the experimental approach implemented in RawReg.
Compare results for those "features" that are availalble in both (correct issues - if any ).

This said, the "right" approach is still, and still IMHO, the "other" one .

Anyway, just ideas....


Wonko

[pscEx]

IMHO some of the last posts are BullS***.

It does not make any sence to compare a MS independent tool with a MS dependent tool.
It does not make any sence to think about combining a MS independent tool with a MS dependent tool.

@Nuno: Great (to be improved ) tool!
@erwan.l: I appreciate your offer to continue the development of this tool.
@Paraglider: IMO you only tell possible difficulties and "think about-s". But I do not see further proposals.
@Wonko: As usual, sophisticated and correct comments and correct enumeration of possible issues. But I do not see further proposals.

Peter

[pscEx]

Because Nuno and erwan.l blocked their PM, here a message I sent to them:

Just for info for Erwan (Nuno possibly remembers):
I have SVN copy of this tool since 2008.
The SVN server changed in between, and maybe there is no longer edit access. I did not try ...
Peter

Peter

[Brito]

I didn't disabled my PM, it was night time and I was sleeping so I couldn't reply right away. Already replied to the message some hours ago..

[pscEx]

I didn't disabled my PM, it was night time and I was sleeping so I couldn't reply right away. Already replied to the message some hours ago..

I think that I misunderstood the software.

There was a red "Block" at your names. Now I know that that means "Block PMs to you from that person" rather than "That person has blocked PMs".

Sorry

Peter

[Wonko the Sane]

@pscEx
At the risk of seeming more picky than I really am (but not much ), "parallel":
http://www.thefreedi...ry.com/parallel

has actually a VERY different meaning from "combine":
http://www.thefreedi...ary.com/combine

The former means "keeping separate and at a given same distance whilst leading in the same direction", the latter means "merge, join, become united".


Wonko

[sambul61]

While in fact it might make perfect sense to combine and selectively use depending on a particular task several routings in a new single tool, regardless whether some of them are MS dependent or not.

[paraglider]

One approach would be separating the registry api in Nuno's tool from the UI and wrapping the api with functions of the same name and format as the MS raw api.

I would suspect anyway that Nuno seperated the UI and internal registry api anyway as he already stated that he wanted to use the raw access in winbuilder.

That way you could relatively easily have 2 versions of the tool - one that uses offreg.dll and one that goes directly to the raw registry.

[paraglider]

Regardless think it is more important to get the tool completed than spending too much effort on diversions from that goal.

[sambul61]

Not 2 versions, but different features of the same tool using different dlls.

"Completed" is quite a vague term given many proposals already made, or in the pipeline. And the "goal" is even more cloudy...

[sambul61]

Just a quick idea, what an advanced Registry manipulation tool can do:



Resplendence Registrar Registry Manager opens System hives of 2 attached VHDs for editing - in this example one with OS installed on a real PC and another inside a VM - and then compares their content. You can change and Save registry hives that were Open for Editing (in separate windows instead of Unloading hives from online OS Registry window). Their copies will be kept in online Registry until OS reboot as TempKeys, but can't be changed from it. Still I'd prefer to see the comparison results in 2 pans opposite to each other and synced similar to Beyond Compare tool.

[Wonko the Sane]

Maybe useful , maybe not :
http://www.codeproje...B/cs/ScanX.aspx


Wonko

[Buster_BSA]

Is the project dead?