Jump to content











Photo
- - - - -

Offline Registry


  • Please log in to reply
83 replies to this topic

#26 clascov

clascov
  • Members
  • 3 posts
  •  
    United Kingdom

Posted 06 January 2011 - 07:43 PM

For anyone using AutoIt to run OfflineReg I found a workaround for the problem I posted re. spaces in the registry key parameter passed to OfflineReg. The problem relates to the behaviour of CMD.EXE and has nothing to do with AutoIt.
An AutoIt command of the form
Run(@Comspec & " /c " & $cmd)
or
Run(@Comspec & " /k " & $cmd)
will run CMD.EXE, which will strip some quotes in $cmd if, among other restrictions, there are more than 2 quote chars in $cmd.
Given $cmd contains a correctly quoted OfflineReg command this will mean the quotes around the registry key will be removed causing the OfflineReg command to fail if the registry key parameter contains a space, otherwise not.

A workaround is to surround $cmd with extra quotes; e.g.
run(@Comspec & ' /c "' & $cmd & '"')
In that case CMD.EXE will strip the outer quotes only, leaving the others. This quote stripping behaviour does not occur if you run $cmd in a DOS box, or in a batch file presumably because CMD.EXE is already running.
For the full CMD.EXE syntax see
http://www.computerhope.com/cmd.htm

Incidentally OfflineReg.exe does not appear to require quotes around the hivepath and registry key parameters unless they contain a space.

#27 GBryant

GBryant
  • Members
  • 2 posts
  •  
    United States

Posted 24 June 2011 - 04:08 AM

Noob needs some help here.

offlinereg.exe is a perfect tool for a task I am trying to accomplish. I have to figure out a way to change some registry settings on a XP Embedded system that does not have an Ethernet connection, keyboard or monitor. The only way I have found so far to do this is by booting the system from a USB hard drive and making the registry changes with offlinereg. I am developing a command script to do this on a desktop running XP. The problem I am having is that the changes I make do not seem to be saved. When I run the command it says the change has been made and the results are saved to system.bak. If I use offlinereg to try and verify this, the value has not been changed. Running windiff on system and syatem.bak shows no differences other than system.bak being newer. I know I must be doing something wrong but I do not know what or how to figure it out.

If anyone has any insight, please let me know.

Thanks.

#28 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13803 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 24 June 2011 - 08:30 AM

Could it be the behaviour is due to a particular Hive or key? :cheers:
Can you specify WHICH exact hives/keys are you trying to modify?
Or can you try if the behaviour is consistent with "other" hives/keys?
Also, post the EXACT command line you are using....

:cheers:
Wonko

#29 GBryant

GBryant
  • Members
  • 2 posts
  •  
    United States

Posted 26 June 2011 - 11:10 PM

Wonko,

Thank you for pointing out my error. I had been trying to modify a value in the System hive. When I tried modifing a key in the Software hive, everything worked as expected.

I really appreciate the help.

Greg

#30 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1994 posts
  • Location:Nantes - France
  •  
    France

Posted 09 July 2011 - 12:29 PM

Hi,

This has been requested a few times : the attached zip contains the binary AND the delphi source code.

Regards,
Erwan.

Attached File  offlinereg.zip   90.92KB   623 downloads

#31 chestertomato

chestertomato

    Newbie

  • Members
  • 27 posts
  •  
    Hong Kong

Posted 12 October 2013 - 06:04 PM

hello everybody

----------------------------------------------------------------------------------------------------------------

HKey_Current_User\Software\Microsoft\Windows\Current Version\Policies\Explorer
Add a New DWORD  item and name it NoDrives
Give it a value of "3FFFFFF"

----------------------------------------------------------------------------------------------------------------

My offline Windows_8_x64_PE is in "C:\Win8PE\mount" :

 

   Program Files

   Program Files (x86)

   ProgramData

   sources

   Windows

   Users

   bootmgr

 

How can I use offlinereg to add the above value ? Should I use "offlinereg.exe" or "offlinereg64.exe" ?

 

Thanks



#32 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1994 posts
  • Location:Nantes - France
  •  
    France

Posted 12 October 2013 - 06:26 PM

should be 

 

OfflineReg "c:\my_folder\my_hive.bak" "HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer" setvalue NoDrives 67108863 4
 

/Erwan



#33 chestertomato

chestertomato

    Newbie

  • Members
  • 27 posts
  •  
    Hong Kong

Posted 12 October 2013 - 06:51 PM

So I've tried :

 

OfflineReg "C:\Win8PE\mount" "HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer" setvalue NoDrives 67108863 4

 

error message :

 

OROpenHive failed:5



#34 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1994 posts
  • Location:Nantes - France
  •  
    France

Posted 12 October 2013 - 07:14 PM

5 = access denied.

 

your file / hive is opened by another process.

 

beware that offlinereg is meant to modify offline (i.e not in used) hives.



#35 chestertomato

chestertomato

    Newbie

  • Members
  • 27 posts
  •  
    Hong Kong

Posted 12 October 2013 - 07:35 PM

Actually , it's Win8PE_SE_2013-10-03 , I made this and obtain a boot.wim.

 

1. I mount it to C:\Win8PE\mount , like before "OROpenHive failed:5" error.

 

2. I've tried to copy this boot.wim to U:\

    dism /Apply-Image /ImageFile:"C:\Win8PE\boot.wim" /Index:1 /ApplyDir:U:\

 

    Try with error message : "OROpenKey failed:3"

   OfflineReg "U:\" "HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer" setvalue NoDrives 67108863 4

 

    Try with error message : "OROpenKey failed:2"

    OfflineReg "U:\Users\Default\NTUSER.DAT" "HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer" setvalue NoDrives 67108863 4



#36 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1994 posts
  • Location:Nantes - France
  •  
    France

Posted 12 October 2013 - 07:41 PM

net helpmsg 5 : access denied

net helpmsg 2 : file not found

net helpmsg 3 : path not found

 

copy NTUSER.DAT to c:\temp then try again with :

 

OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\Current Version\Policies\Explorer" setvalue NoDrives 67108863 4



#37 chestertomato

chestertomato

    Newbie

  • Members
  • 27 posts
  •  
    Hong Kong

Posted 12 October 2013 - 07:48 PM

I copy NTUSER.DAT to "c:\temp\NTUSER.DAT" with same error "OROpenKey failed:2"

I found that NTUSER.DAT 's attrib is +s +h , so i made it -s -h , but with same error message



#38 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1994 posts
  • Location:Nantes - France
  •  
    France

Posted 12 October 2013 - 08:44 PM

if the following:

OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\Current Version\Policies\Explorer" setvalue NoDrives 67108863 4

give you error 2, it could mean that they key does not exist.

 

Try creating it first :

OfflineReg "c:\temp\NTUSER.DAT"Software\Microsoft\Windows\Current Version\Policies\Explorer" createkey NoDrives 

 

/Erwan



#39 chestertomato

chestertomato

    Newbie

  • Members
  • 27 posts
  •  
    Hong Kong

Posted 12 October 2013 - 08:48 PM

Still OROpenKey failed:2 



#40 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1994 posts
  • Location:Nantes - France
  •  
    France

Posted 12 October 2013 - 08:54 PM

you are still getting error 2 on this command :

OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\Current Version\Policies\Explorer" createkey NoDrives ?

 

try this to check if your file can be read :

OfflineReg "c:\temp\NTUSER.DAT" environment getvalue temp

 

it should give you the temp path for the system.

 

edit : 

you may have to

-create the explorer key (does not exist at my place)

OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\Current Version\Policies" createkey explorer

-create/set the nodrives value

OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\Current Version\Policies\Explorer" setvalue NoDrives 67108863 4



#41 chestertomato

chestertomato

    Newbie

  • Members
  • 27 posts
  •  
    Hong Kong

Posted 13 October 2013 - 03:22 PM

OfflineReg "c:\temp\NTUSER.DAT" environment getvalue temp
"temp"=%USERPROFILE%\AppData\Local\Temp

 

OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\Current Version\Policies" createkey explorer
OROpenHive failed:2

 

OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\Current Version\Policies\Explorer" setvalue NoDrives
OROpenHive failed:2



#42 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1994 posts
  • Location:Nantes - France
  •  
    France

Posted 13 October 2013 - 03:29 PM

got it : "currentversion" and NOT "current version" ! (no space)

 

tried at my place :

 

offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows\CurrentVersion\Policies" createkey explorer
createkey ok
saved to c:\temp\ntuser.bak
 
OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" setvalue NoDrives 67108863 4
setvalue ok
saved to c:\temp\NTUSER.bak
 
/Erwan


#43 chestertomato

chestertomato

    Newbie

  • Members
  • 27 posts
  •  
    Hong Kong

Posted 13 October 2013 - 04:15 PM

Thanks very much , I've check it CurrentVersion with no space. But will same result :

OROpenHive failed:2

 

Is it that becuase I'm use UEFI/GPT ? Does it matter ? I'm sure this time you must test it right and write down the answser for me.



#44 chestertomato

chestertomato

    Newbie

  • Members
  • 27 posts
  •  
    Hong Kong

Posted 13 October 2013 - 04:21 PM

Sir, my main purpose is to hide all the physical drive when boot into Win8PE_SE_2013-10-03 desktop.

 

Is there another way to do that. Can I use autorun.exe to do so , I've tried to do the registry in winpeshl.ini but fail. But I don't know how to do it in autorun.exe



#45 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1994 posts
  • Location:Nantes - France
  •  
    France

Posted 13 October 2013 - 04:26 PM

Good news is that you can read your hive file fine so this part is ok.

 

Try this : offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows" enumkeys

 
At my place I get this :
CurrentVersion
Shell
ShellNoRoam
 
Then, try this : offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows\currentversion" enumkeys
 
At my place I get this :
App Management
Applets
Controls Folder
Device Installer
Explorer
Ext
Group Policy
GrpConv
Internet
Internet Settings
Policies
Run
RunOnce
Settings
Shell Extensions
Syncmgr
Telephony
ThemeManager
Themes
Webcheck
WindowsUpdate
WinTrust


#46 chestertomato

chestertomato

    Newbie

  • Members
  • 27 posts
  •  
    Hong Kong

Posted 13 October 2013 - 04:33 PM

offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows" enumkeys

CurrentVersion
Windows Error Reporting

 

 

offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows\currentversion" enumkeys

Explorer
Internet Settings
ThemeManager
WinTrust



#47 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1994 posts
  • Location:Nantes - France
  •  
    France

Posted 13 October 2013 - 04:35 PM

almost there .

 

do a :  offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows\currentversion\policies" enumkeys

should give

Associations
Attachments
Explorer
 

and a offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows\currentversion\policies\explorer" enumvalues

should give something like

NoDriveTypeAutoRun

NoSMHelp


#48 chestertomato

chestertomato

    Newbie

  • Members
  • 27 posts
  •  
    Hong Kong

Posted 13 October 2013 - 04:40 PM

Sorry sir , at my place :

 

offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows\currentversion\policies" enumkeys

 

OROpenKey failed:2



#49 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1994 posts
  • Location:Nantes - France
  •  
    France

Posted 13 October 2013 - 05:04 PM

offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows\currentversion" createkey policies
 
(reading your previous post, I realise you are missing the policies key)
 
then
 
offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows\currentversion\policies" createkey explorer
 
then
 
OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" setvalue NoDrives 67108863 4


#50 chestertomato

chestertomato

    Newbie

  • Members
  • 27 posts
  •  
    Hong Kong

Posted 13 October 2013 - 05:30 PM

Sir , sorry to spend you so much time , but I still got the error message. I apologise. May be it's my unknow program. Thanks

 

offlinereg c:\temp\ntuser.dat "Software\Microsoft\Windows\currentversion\policies" createkey explorer

OROpenKey failed:2

 

OfflineReg "c:\temp\NTUSER.DAT" "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" setvalue NoDrives 67108863 4

OROpenKey failed:2






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users