17 replies to this topic

[Vegaredo]

Hey i'm trying to export registry hives after i have made changes to them, but when i export the hives they don't take with them all
the keys and values.
I used regshotunicode to see the changes of the working hive and the exported hive.
3600 keys and values was missing. Why??

Here is an image of what i'm trying to do. http://img192.images.../7112/pereg.png

[Wonko the Sane]

It is not clear (to me at least) what you are trying to do.

A few more words in describing the problem may help.

WHICH EXACT hives/sub-hives or keys are you missing?

If you are looking for correspondences between a Registry (once in use) and it's "backing files", you should read here:
http://msdn.microsof...7(v=vs.85).aspx


Wonko

[Vegaredo]

None of your run/runonce/ registry entries will be included in exported registry

[RoyM]

Okey, i will explain all in detail. step by step.

1.Booting up winpe
2.Make changes to the registry.
3.Exporting the changed system and software registry hives to the usb.
4.Take out the USB and boot in normal windows 7 local installation.
5.Mount the wim using gimagex.
6.Goes to windows\system32\config\ and deletes, software and system.
7.Copy the exported new and updated hives to windows\system32\config\
8.Unmount the wim file.
9.Copy the changed wim file to sources on the USB.
10.Boot up winpe on the USB.
11.When trying to open any program i get error messeges.
12.When compering the hive files from when winpe worked and not worked, it was missing over 3600 files.

So the question is: When you export the registry hives software and system. Why doesn't it take with all the keys and values?

If this is not clear, then nothing is.

[RoyM]

None of your run/runonce/ registry entries will be included in exported registry
Sorry for above post, On laptop and keys are very touchy

[Vegaredo]

So it's not possible to trick the system?

[Vegaredo]

I though that the export function was a backup, so when your system crashed you could only import it and all was back to normal?

[MedEvil]

On a PE registry changes are not written back to the hives, but exist only in RAM.
What you can do, is open Regedit and export registry keys to *.reg files and then merge them into the hives offline.

[joakim]

Like MedEvil said in PE registry is volatile (in memory only) and never written back to disk.

So if;

3.Exporting the changed system and software registry hives to the usb.

Means you just copied the hives in explorer, then for sure no changes will be kept. However, if you used regedit.exe or reg.exe to export/save your "in memory" registry, then you for sure will have your changes in that exported registry hive.

[Vegaredo]

And how do you merge reg files to only selected hive then?
Do you need a program?
Have tried to import reg files to hives, but then it only import it to the local hives not to the hives i've manually loaded.

Edited by Vegaredo, 15 April 2011 - 09:11 PM.

[Vegaredo]

Like MedEvil said in PE registry is volatile (in memory only) and never written back to disk.

So if;

Means you just copied the hives in explorer, then for sure no changes will be kept. However, if you used regedit.exe or reg.exe to export/save your "in memory" registry, then you for sure will have your changes in that exported registry hive.

There isn't a problem to save changes to hive. You go to cmd and type: reg save hklm\software x:\windows\system32\config\software
No, i use regedit. But the problem is when i export the hive, it doesn't take the registry files that is in use. I compered it and 3600 files are missing when exported the hives from regedit.

Edited by Vegaredo, 15 April 2011 - 09:14 PM.

[joakim]

And how do you merge reg files to only selected hive then?
Do you need a program?
Have tried to import reg files to hives, but then it only import it to the local hives no the hives i've manually loaded

Check out reg.exe load/import/save, but beware of changed paths like HKLM\SOFTWARE -> HKLM\mysoft.

[joakim]

There isn't a problem to save changes to hive. You go to cmd and type: reg save hklm\software x:\windows\system32\config\software
No, i use regedit. But the problem is when i export the hive, it doesn't take the registry files that is in use. I compered it and 3600 files are missing when exported the hives from regedit.

Can you provide some examples of keys that are missing?

[Vegaredo]

Check out reg.exe load/import/save, but beware of changed paths like HKLM\SOFTWARE -> HKLM\mysoft.

Yes, but when you import you import to the whole registry not just the selected hive. If we had a standalone registry that could import reg files, then we're talking.

Edited by Vegaredo, 15 April 2011 - 09:21 PM.

[Vegaredo]

Can you provide some examples of keys that are missing?

Yes. Every single key and value that the system is using. Like all the drivers and PE network manager.

[MedEvil]

- Export with regedit to *.reg file.
- load the PE hives into the registry of your main system. (load, for instance, Software hive as WB-Software into HKLM)
- OPen your software.reg in notepad and exchange all HKLM\\software\\ with HKLM\\WB-Software\\ and save.
- Merge your patched software.reg into the registry
- unload the software hive

About missing registry keys.
Export in regedit to .reg file and check if it worked or not. If not, you might have some trouble with rights. But i doubt it.

[Vegaredo]

Tried what you said. All seem find, but when the system try to load PE network manager to look for drivers i get a bluescreen with the following message.
tcpipreg.sys
DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPERATIONS

Maybe i did somthing wrong when i edited the reg file?

I switched all HKLM\SOFTWARE and clicked replace button in notepad. Switched it to HKLM\winpesoftware.

[MedEvil]

Well you'll have to remember that a PE is designed by M$ to NOT allow all the things we do with it. So there is A WHOLE LOT of tricking involved to get all things working. You'll need to keep all those trickery in your build or you get into trouble.
For instance there are a bunch of registry settings which get switched at specific points during boot.
Have the final setting right from the start and PE won't start, because it thinks it is a regular Windows, don't change them and certain things will not start because they are forbidden to run on a PE.