Jump to content











Photo
- - - - -

offlinereg


  • Please log in to reply
190 replies to this topic

#51 darren rose

darren rose

    Frequent Member

  • Advanced user
  • 427 posts
  • Location:Norwich, Norfolk
  •  
    United Kingdom

Posted 4 weeks ago

You could for binary data like 

OfflineReg.exe D:\a\mount\Windows\System32\config\SOFTWARE Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32 setvalue " " 25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,61,00,74,00,61,00,65,00,78,00,63,00,68,00,61,00,6e,00,67,00,65,00,2e,00,64,00,6c,00,6c,00,00,00 3

or else use a string but then as spotted by Misty, you need to handle the % character.

 

Unfortunately doing it as binary data doesn't work

 

So string only way, but need to find some way to handle the % character - unless your tool could have a method / switch to handle that



#52 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2249 posts
  • Location:Nantes - France
  •  
    France

Posted 4 weeks ago

 

And there are references to a 64-bit version, but it's not included in the current download.

 

 

This was work in progress - I dropped it for now as I could not see any added value.

Unless there is a desire to use it from a winpe having 64bits support only?



#53 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2249 posts
  • Location:Nantes - France
  •  
    France

Posted 4 weeks ago

Unfortunately doing it as binary data doesn't work

 

So string only way, but need to find some way to handle the % character - unless your tool could have a method / switch to handle that

 

I am working on Misty "import" feedback.

Your request is right behind in the queue :)


  • darren rose likes this

#54 darren rose

darren rose

    Frequent Member

  • Advanced user
  • 427 posts
  • Location:Norwich, Norfolk
  •  
    United Kingdom

Posted 4 weeks ago

 

Unless there is a desire to use it from a winpe having 64bits support only?

 

Personally I could certainly see benefit for a 64-bit version to use in my 64-bit only PE



#55 Atari800XL

Atari800XL

    Frequent Member

  • Advanced user
  • 109 posts
  •  
    Netherlands

Posted 4 weeks ago

I could also see the benefit of a 64-bit version for 64-bit only PE.

(if it's not too much trouble)



#56 misty

misty

    Silver Member

  • Developer
  • 869 posts
  •  
    United Kingdom

Posted 4 weeks ago

let me give it a try, possibly later today (locked again in a hotel room :) ).

Take your time. BTW, taking into consideration your usual development cycle, the being locked again in a hotel room would explain why we are not already testing a new release :rofl2:
 

And there are references to a 64-bit version, but it's not included in the current download.

This was work in progress - I dropped it for now as I could not see any added value.
Unless there is a desire to use it from a winpe having 64bits support only?

Whilst a 64-bit release may be useful in a WinPE, if I'm honest I'm not sure when I'd actually use it. Your time would probably be better spent working on improving the already very useful 32-bit version.

Hope you are having fun wherever you are this week my friend.

#57 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2249 posts
  • Location:Nantes - France
  •  
    France

Posted 4 weeks ago

@Misty, regarding your post 43 , this is what offlinereg is expecting to see (it treats a reg file as an ini file i.e each section (being unique) and its sub values) :

 

Give it a try.

Now, I am not sure offlinereg understand the '@' as default key.

Try and let me know.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InProcServer32]
@="C:\\Windows\\System32\\actxprxy.dll"
"ThreadingModel"="Both"


#58 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2249 posts
  • Location:Nantes - France
  •  
    France

Posted 4 weeks ago

Hope you are having fun wherever you are this week my friend.

 

South Place, London near Moorgate station :)



#59 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2249 posts
  • Location:Nantes - France
  •  
    France

Posted 4 weeks ago

@Misty : new version uploaded which will support the @ character (meaning default key) while importing a reg file.



#60 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2249 posts
  • Location:Nantes - France
  •  
    France

Posted 4 weeks ago

Think so? :)

 

I have a small dev environelent on my work laptop and source code available wherever I go.

This way I bring the fun with me wherever I go !

 

Take your time. BTW, taking into consideration your usual development cycle, the being locked again in a hotel room would explain why we are not already testing a new release :rofl2:



#61 misty

misty

    Silver Member

  • Developer
  • 869 posts
  •  
    United Kingdom

Posted 4 weeks ago

Goodness me - just checking in to post my results from a test and you've uploaded a new version!

I'll test the new release and will feedback. You are able to update your software faster than I can test it! :frusty:

:worship:

Misty

#62 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13988 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 4 weeks ago

Wait a minute.
This has nothing to do with the tool, it is generic escaping in command line or in batch.

In batch you double the percentage sign.
On command line you use ^%.

Here is the behaviour on XP (normal) command line:



C:\>SET SystemRoot
SystemRoot=C:\WINDOWS
C:\>ECHO %SystemRoot%
C:\WINDOWS
C:\>ECHO %%SystemRoot%%
%C:\WINDOWS%
C:\>ECHO ^%SystemRoot^%
%SystemRoot%

But there are a few exceptions, where the escape character is the backslash:
https://ss64.com/nt/syntax-esc.html

But - again here - the ^% works just fine on command line.



OfflineReg.exe TEMPREG.DAT Classes create
OfflineReg.exe TEMPREG.DAT Classes createkey CLSID nobackup
OfflineReg.exe TEMPREG.DAT Classes\CLSID createkey {C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} nobackup
OfflineReg.exe TEMPREG.DAT Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} createkey InProcServer32 nobackup
OfflineReg.exe TEMPREG.DAT Classes enumkeys
OfflineReg.exe TEMPREG.DAT Classes\CLSID enumkeys
OfflineReg.exe TEMPREG.DAT Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6} enumkeys
OfflineReg.exe TEMPREG.DAT Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InProcServer32 setvalue " " ^%SystemRoot^%\system32\dataexchange.dll 2  nobackup
OfflineReg.exe TEMPREG.DAT Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InProcServer32 enumallvalues

""=reg_expand_sz:"%SystemRoot%\system32\dataexchange.dll"


:duff:
Wonko

@erwan.l
A couple of observation
the "nobackup" at the end of the command line is seriously inconvenient, a /F (like Force) or a /W (like Write) switch at the beginning would be much more handy on command line. (where recalling the last command used and editing only the last few characters/parameters in it is usual/common)

I was surprised (it is only a very minor nuisance in batch, but not so trifling on command line) that the tool cannot parse (and thus create) a multi-level path key.



#63 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2249 posts
  • Location:Nantes - France
  •  
    France

Posted 4 weeks ago

@Wonko, you beat me to it, with my own software :)

I was getting to the same conclusion indeed as I am not sure how I could/should interpret these characters.

Side note : you are creating a hive from scratch, nice example.

 

@Darren Rose : even if you call offlinereg from a langage such as c#, vb.net, c++, etc you should be able to pipe in the right chars.



#64 misty

misty

    Silver Member

  • Developer
  • 869 posts
  •  
    United Kingdom

Posted 4 weeks ago

Wait a minute.
This has nothing to do with the tool, it is generic escaping in command line or in batch....

...But - again here - the ^% works just fine on command line....

It didn't when I did a quick test earlier. The entry was added to the registry as -
^%SystemRoot^%\...
I can't recall whether I enclosed the command in quotes (") - this may cause issues.

Misty

#65 darren rose

darren rose

    Frequent Member

  • Advanced user
  • 427 posts
  • Location:Norwich, Norfolk
  •  
    United Kingdom

Posted 4 weeks ago

@Wonko @erwan.l

 

Whether I pipe in the right characters or not it is still not stopping it from parsing %SystemRoot%

 

I have tried %% and as per post 45 misty has also tried %% and ^% and neither work from the command line

 

%% works from a batch file but NOT from command line

 

Hence asking the question

 

If either method worked already from command line I would be using it and not coming back saying it didn't work



#66 misty

misty

    Silver Member

  • Developer
  • 869 posts
  •  
    United Kingdom

Posted 4 weeks ago

@Misty : new version uploaded which will support the @ character (meaning default key) while importing a reg file.

Previous release -
2018.01.22_1.jpg

New release -
2018.01.22_2.jpg

:thumbsup:

#67 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2249 posts
  • Location:Nantes - France
  •  
    France

Posted 4 weeks ago

 

@erwan.l
A couple of observation
the "nobackup" at the end of the command line is seriously inconvenient, a /F (like Force) or a /W (like Write) switch at the beginning would be much more handy on command line. (where recalling the last command used and editing only the last few characters/parameters in it is usual/common)

I was surprised (it is only a very minor nuisance in batch, but not so trifling on command line) that the tool cannot parse (and thus create) a multi-level path key.

 

About nobackup : point taken, it is only recently that I improved my command line parser functions.

i am worried thus that changing the syntax now may break a few scripts here and there.

 

About parsing a multi-level key this is indeed on my todo list : currently you need to handle each level manually.

It applies to the "import" discussion as well actually, as reported by Misty.



#68 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2249 posts
  • Location:Nantes - France
  •  
    France

Posted 4 weeks ago

Previous release -
2018.01.22_1.jpg

New release -
2018.01.22_2.jpg

:thumbsup:

 

Cool, thanks for testing/reporting so quickly !



#69 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2249 posts
  • Location:Nantes - France
  •  
    France

Posted 4 weeks ago

@Wonko @erwan.l

 

Whether I pipe in the right characters or not it is still not stopping it from parsing %SystemRoot%

 

I have tried %% and as per post 45 misty has also tried %% and ^% and neither work from the command line

 

%% works from a batch file but NOT from command line

 

Hence asking the question

 

If either method worked already from command line I would be using it and not coming back saying it didn't work

 

Can you describe your context a bit more?

I tried from command line (using Wonko's syntaxt) and it works straight away.

I did not try in a batch thus.

 

Or are you calling offlinereg from another langage (interpreted or not)?

 

%systemroot% is translated by windows shell before it gets to offlinereg.



#70 misty

misty

    Silver Member

  • Developer
  • 869 posts
  •  
    United Kingdom

Posted 4 weeks ago

Tested again, this time NOT enclosing the data in quotes ("). It worked fine.

If the data is enclosed in quotes, then the ^ escape character is not working.

#71 darren rose

darren rose

    Frequent Member

  • Advanced user
  • 427 posts
  • Location:Norwich, Norfolk
  •  
    United Kingdom

Posted 4 weeks ago

Simply trying to add registry value from command prompt

 

Value I want to add is as below, and I DON'T want it to parse %SystemRoot% and replace it with C:\Windows as when I then boot PE it shows as C:\Windows when should be %SystemRoot% which in PE would then be X:\Windows

 

%SystemRoot%\system32\dataexchange.dll

 

I have tried following commands and it parses them all - even using escape characters that Wonko says should stop it doing so - and as shown in testing done by misty as well

OfflineReg.exe D:\a\mount\Windows\System32\config\SOFTWARE Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32 setvalue " " "%SystemRoot%\system32\dataexchange.dll" 2 nobackup

OfflineReg.exe D:\a\mount\Windows\System32\config\SOFTWARE Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32 setvalue " " "%%SystemRoot%%\system32\dataexchange.dll" 2 nobackup

OfflineReg.exe D:\a\mount\Windows\System32\config\SOFTWARE Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32 setvalue " " "^%SystemRoot^%\system32\dataexchange.dll" 2 nobackup


#72 erwan.l

erwan.l

    Gold Member

  • Developer
  • 2249 posts
  • Location:Nantes - France
  •  
    France

Posted 4 weeks ago

Simply trying to add registry value from command prompt

Value I want to add is as below, and I DON'T want it to parse %SystemRoot% and replace it with C:\Windows as when I then boot PE it shows as C:\Windows when should be %SystemRoot% which in PE would then be X:\Windows

%SystemRoot%\system32\dataexchange.dll

I have tried following commands and it parses them all - even using escape characters that Wonko says should stop it doing so - and as shown in testing done by misty as well

OfflineReg.exe D:\a\mount\Windows\System32\config\SOFTWARE Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32 setvalue " " %SystemRoot%\system32\dataexchange.dll 2 nobackupOfflineReg.exe D:\a\mount\Windows\System32\config\SOFTWARE Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32 setvalue " " %%SystemRoot%%\system32\dataexchange.dll 2 nobackupOfflineReg.exe D:\a\mount\Windows\System32\config\SOFTWARE Classes\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32 setvalue " " ^%SystemRoot^%\system32\dataexchange.dll 2 nobackup

Not sure what to add, using Wonko's syntax works perfectly for me, and now is also reported OK by Misty ?

OfflineReg.exe c:\temp\software Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InProcServer32 setvalue " " ^%SystemRoot^%\system32\dataexchange.dll 2  nobackup

Double check it all, restart from clean hive and re evaluate?

 

Or else this is your command prompt which is different from ours?



#73 misty

misty

    Silver Member

  • Developer
  • 869 posts
  •  
    United Kingdom

Posted 4 weeks ago

A picture is worth a thousand words -

offlinereg.exe PATH\SOFTWARE Classes setvalue some_rubbish "^%SystemRoot^%\actxprxy.dll" 7 nobackup
offlinereg.exe PATH\SOFTWARE Classes setvalue some_more_rubbish ^%SystemRoot^%\actxprxy.dll 7 nobackup
2018.01.22_3.jpg

#74 darren rose

darren rose

    Frequent Member

  • Advanced user
  • 427 posts
  • Location:Norwich, Norfolk
  •  
    United Kingdom

Posted 4 weeks ago

Yes I had originally done testing with value in quotes as well - hence reporting same as misty that it didn't work

 

Thanks Misty!!

 

Will now try it again without quotes and confirm back in a few moments



#75 darren rose

darren rose

    Frequent Member

  • Advanced user
  • 427 posts
  • Location:Norwich, Norfolk
  •  
    United Kingdom

Posted 4 weeks ago

Thank you all so much - turns out it was because of surrounding it in quotes - doing it without and using ^% works fine

 

Sorry again for initial confusion about using quotes






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users