Jump to content











Photo
- - - - -

RawReg


  • Please log in to reply
38 replies to this topic

#1 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 05 December 2011 - 05:32 PM

Posted Image

File Name: RawReg
File Submitter: Nuno Brito
File Submitted: 05 Dec 2011
File Updated: 06 Dec 2011
File Category: Security

RawReg allows to edit offline Windows NT registry hives.

It can be used (for example) to edit BCD hives, NTUSER, software and many other registry hives found inside Windows NT (2000, XP, Vista, 7, 8, ...)

This tool provides information about the physical offset position of each registry key on the hive file, a very handy feature if you are debugging a registry hive with the aid of an hexadecimal editor.


What can it do?

- Browse the hive structure
- Edit the data on values
- Change the title of values
- Show a map with information of data inside each bin
- Show details about physical offset of any given key

Please note that unlike any other raw registry editors, this is the only program that can really add more data onto a given registry hive and manage the bin space properly. In the past, people were limited to only change data on keys that needed to have the exact same size, there are no such restrictions here and many things can be added - post your requests and I'll see if they can be included.


Requests and bug fixes

This tool is available "as is". With so many things going on at the same time, it is not possible to add extra features or correct reported defects. My apologies.


What is the advantage of not using Win32 API?

- No need to load a hive into the local registry
- Overcome any security restrictions imposed by Win32 API
- Works on every Windows platform (from Windows 9x all the way up to Vista)
- No UAC restrictions regarding hive load without administrator permissions
- More features can be added in the future.

Click here to download this file

#2 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1986 posts
  • Location:Nantes - France
  •  
    France

Posted 05 December 2011 - 06:10 PM

Hi,

Fantastic job our great tool.

I have been playing with it and encountered the following bug :
I edit a cell, then finally choose cancel.
When exit the dialogbox, the app hangs (stops responding).

I run windows 7 32 bits.

Cheers,
Erwan

#3 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13750 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 05 December 2011 - 06:22 PM

@erwan.l
This is a "deja-vu" (or a re-release :ph34r:)
Rawreg version 1.3 has been already released (dated 2009-17-12).
The "new" file has the SAME size AND checksum as the old one.
Comments on the old one here :frusty::
http://reboot.pro/10004/

:cheers:
Wonko

#4 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1986 posts
  • Location:Nantes - France
  •  
    France

Posted 05 December 2011 - 07:06 PM

@erwan.l
This is a "deja-vu" (or a re-release :ph34r:)
Rawreg version 1.3 has been already released (dated 2009-17-12).
The "new" file has the SAME size AND checksum as the old one.
Comments on the old one here :frusty::
http://reboot.pro/10004/

:cheers:
Wonko


oops, now I feel stupid :)

#5 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13750 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 05 December 2011 - 07:09 PM

oops, now I feel stupid :)


You should NOT :) (someone else may ;) :whistling:)

:cheers:
Wonko

#6 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 05 December 2011 - 07:36 PM

So... may be in the next re-release Nuno will add visual comparison of 2 registries content similar to Beyond Compare package? :dubbio:

Say, compare the same OS registries when installed on different PCs, or snapshots before and after installing a certain application? That would be a truly useful package. :P

#7 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 06 December 2011 - 03:45 PM

Hi,

There is no further support available for this tool, sorry for the confusion from the first post. The idea is to make available this tool "as is".

I will update the topic description.

#8 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13750 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 06 December 2011 - 03:53 PM

There is no further support available for this tool, sorry for the confusion from the first post. The idea is to make available this tool "as is".

Maybe you could release the (Delphi) Source Code, it is not probable but maybe someone could take it from where you left it and add some of the missing features....:unsure: :)

:cheers:
Wonko

#9 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 06 December 2011 - 03:57 PM

Sorry, no source code will be made available either. Took me over a year to develop the tool and I would prefer seeing someone improving the current tool than creating off a new branch and just say it is "better" as it always happen.

#10 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13750 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 06 December 2011 - 05:18 PM

Sorry, no source code will be made available either. Took me over a year to develop the tool and I would prefer seeing someone improving the current tool than creating off a new branch and just say it is "better" as it always happen.

Sorry, but I don't get it. :unsure:
HOW can one improve the current tool without the Source of it?
Re-writing it from scratch? Then, it would not be an evolution of the "current tool", but rather a "brand new" one.

Of course it is your intellectual property and you are perfectly free :) to do whatever you want with it, and I do understand how much you are caring for your creature, but sometimes one needs to get pragmatical and ask (and answer) himself a few questions and decide "logically".

Like ;):
Q. Is this "as is" of any practical use?
A. No.

Q. Does it miss any feature?
A. Yes, several of them.

Q. Do I think I will ever be able to add the missing feature, finalize the project?
A. No.

Q. Is it likely that in the future I will get any money from it?
A. No.

Q. Could I have better spent the time it took me to write it?
A. Yes, undoubtedly, BUT that time is already spent.

Q.Then would I like to be remembered in connection with it as
  • "the brilliant guy that started a nice project and, when it had better things to do, released the Source Code so that others may benefit from it and improve the tool"
  • "the nice guy which tried to provide a useful tool to the Community but that due to personal issues had to abandon it, and thus provided the almost finished Source Code that was later completed by another nice guy"
  • "the guy that took two years to produce a half-@§§ed program malfunctioning and missing a whole lot of features and that later decided to keep it's code so that noone could see how badly it was programmed, nor fix it"
A. ...... <- write here either 1, 2 or 3

Seriously, when you originally released it, it was a nifty :yahoo: tool under development, very promising :thumbup:, now it is only a failed, unfinished attempt :(

As said maybe :dubbio: it can still have a future, if you really love your little creature, consider how this way you are effectively going to put a gravestone on it. :ph34r:

:cheers:
Wonko

#11 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 06 December 2011 - 05:34 PM

Basically, if there is some developer interested in expanding rawreg then I would be open to share the code under the goal that the tool has a new version rather than a completely new fork.

It is that simple.

At the moment, it takes a whole lot of my daily free time to reply questions from some forum members. :lol:

#12 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13750 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 06 December 2011 - 05:45 PM

Basically, if there is some developer interested in expanding rawreg then I would be open to share the code under the goal that the tool has a new version rather than a completely new fork.

It is that simple.


...and it's also a deal, MUCH better than the previous one :fine: IMNSHO:

Sorry, no source code will be made available either. Took me over a year to develop the tool and I would prefer seeing someone improving the current tool than creating off a new branch and just say it is "better" as it always happen.


At the moment, it takes a whole lot of my daily free time to reply questions from some forum members. :lol:

Sure, but you see, this way we have moved forward from a stale point. :)

:cheers:
Wonko

#13 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 06 December 2011 - 05:59 PM

Yes, you are right. :)

#14 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 06 December 2011 - 06:37 PM

BUT... Isn't this app title copyright? :afro:

#15 erwan.l

erwan.l

    Gold Member

  • Developer
  • 1986 posts
  • Location:Nantes - France
  •  
    France

Posted 07 December 2011 - 01:01 AM

Hi Nuno,

As a delphi dev guy, I am would happy to help debug and bring (eventually) new features per request.

If I can be of any help, feel free to let me know.
if not, please ignore!

Note that I fully understand the reluctance to sometimes release source code for many good or less good reasons : code need to be cleanup (which I am many times too lazy to do) , you might spend more time explaining what you wrote (dont know what is worse : a end user or a dev guy ) , you might not like what your code becomes once released, etc etc etc....
And my personal ultimate reason (sometimes....) : yes sir, I am selfish bastard and I dont share some some of my toys :)

I have myself released many binaries out there myself and only a small part of these are released with source code for the one of reasons above.

Cheers,
Erwan
  • Nuno Brito likes this

#16 paraglider

paraglider

    Gold Member

  • .script developer
  • 1716 posts
  • Location:NC,USA
  •  
    United States

Posted 07 December 2011 - 01:15 PM

If you were to take over support of the program following changes are required:

1) Support adding new values of any available registry value type
2) Support editing of all registry value types
3) Support editing and adding new security descriptors
4) Expanding the tree by clicking on + does not always work.
5) Support search.
6) Show CurrentControlSet in system registry hive.
7) Ideally should support transactional writes so that under no circumstances, i.e. power loss during updates, should the registry become corrupted.
  • Nuno Brito likes this

#17 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 07 December 2011 - 01:16 PM

Very well then, I have sent a message to Erwan.

:)

#18 paraglider

paraglider

    Gold Member

  • .script developer
  • 1716 posts
  • Location:NC,USA
  •  
    United States

Posted 07 December 2011 - 01:21 PM

Another enhancement would be to add command line support using command line features of reg.exe

All that should keep you going for a year or two.

Also will need to keep up with any changes MS will do to the registry in windows 8.

#19 paraglider

paraglider

    Gold Member

  • .script developer
  • 1716 posts
  • Location:NC,USA
  •  
    United States

Posted 07 December 2011 - 01:25 PM

Also assuming you are using a recent version of Delphi both 64 bit and 32 bit versions of the exe would be useful.

#20 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13750 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 07 December 2011 - 01:50 PM

Another enhancement would be to add command line support using command line features of reg.exe

Actually IMHO it would be easier/more appropriate "integrate" it with the little tool erwan.l ALREADY made:
http://reboot.pro/11312/

I.e. developing the two tools "in parallel" :unsure:

:cheers:
Wonko

#21 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12688 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 07 December 2011 - 02:43 PM

Actually IMHO it would be easier/more appropriate "integrate" it with the little tool erwan.l ALREADY made:

With the small difference that erwan's tool uses registry library functions of Billy The Door, and Nuno's RawReg uses own functions.

Peter :dubbio:

#22 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13750 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 07 December 2011 - 02:52 PM

With the small difference that erwan's tool uses registry library functions of Billy The Door, and Nuno's RawReg uses own functions.

Peter :dubbio:

Yes, whilst REG.EXE uses notoriously something else. :frusty:

What the heck, we have something right from the mouth of the wolf, that EXCEPTIONALLY is also redistributable, and we should not use it? :unsure:

Right now we have a Library (that wasn't available at the time Nuno started coding RawReg) which comes from the same guys who failed to publicly document the Registry format (which BTW is a filesystem ;)), until there is proof (*any* proof) of the library not working properly I would presume that something written by people who have access to the specification is to be considered more reliable that something that was derived from direct observation of the Registry and it's behaviour.


:cheers:
Wonko

#23 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 07 December 2011 - 04:50 PM

They are different things. RawReg provides details and features not available on the MS libraries.

For example, it provides details about the physical offfset location of keys inside the registry. It can see the raw format, meaning that keys with invalid format that are typically used by root kits to conceal data are perfectly visible on rawreg.

Also, it does not require administrative permissions to edit any key inside the registry, while the libraries will enforce security policies and prevent protected keys from being edited unless the current user holds permission to do so.

So, MS is indeed more reliable but they are not really opening things up that much.. :)

#24 Buster_BSA

Buster_BSA

    Member

  • Developer
  • 57 posts
  •  
    Spain

Posted 07 December 2011 - 06:51 PM

erwan: RawReg has problems travelling big reghive archives. Take that in consideration if you review the code.

#25 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 07 December 2011 - 07:36 PM

I wonder, if MS lib can be used as a base, and complemented by Nuno's lib only when a user calls a feature not offered by the MS lib?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users