Jump to content

- - - - -

dll and ocx

  • Please log in to reply
79 replies to this topic

#76 MedEvil


    Platinum Member

  • .script developer
  • 7771 posts

Posted 30 July 2007 - 05:14 PM

Mir reicht's auch langsam :yahoo:
In DllInstall I first tried:

Map HKCR to HKCU\WB-Test
Map HKLM to HKCU\WB-Temp

Whatever was first, the corresponding target was empty.

I think that is the proof!


BTW: If I do not answer anymore today: That is not because I give up. I'm simply invited tonight.

Will try to find the link again and check if i just imagined things or they did something very clever.
Have fun!


#77 was_jaclaz



  • Advanced user
  • 7100 posts
  • Location:Gone in the mist

Posted 30 July 2007 - 06:34 PM

It seems to me that you all deserve some fun after this day of work, always think about how is a normal day for a WIN32 loader:




#78 Nuno Brito

Nuno Brito

    Platinum Member

  • .script developer
  • 10562 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
    European Union

Posted 12 September 2007 - 04:36 PM

Korale mentioned a small app that might be usefull here: http://www.911cd.net...showtopic=20277


#79 pscEx


    Platinum Member

  • Team Reboot
  • 12707 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
    European Union

Posted 12 September 2007 - 05:00 PM

Korale mentioned a small app that might be usefull here: http://www.911cd.net...showtopic=20277


I already have had a look on the link.
Looks interesting in the first view.

I'll go more into detail.


#80 Biatu



  • Members
  • 69 posts
    United Kingdom

Posted 08 June 2018 - 04:21 AM

Seems we had to many off topic posts, that nobody remembers the ones further down the line. :)

RegReMapper is a placeholder for the RegistryReMapper.exe which would do the Registry remapping. ie. The code you were writing, Peter.

As you've already found out here:

this is not the case since the mappings arn't global but are local for just one process, they can not even be inherited, which is actually our problem. :)

This problems has already been addressed by me, with 2 posts.
- My first solution was, to use memory injection to use RegOverridePredefKey with more than just the current process.
Idea was actually posted here: http://www.codeproje...2k/regsvrex.asp

but as posted her: http://www.boot-land...?...ost&p=18326
I have no experience with memory injections and have no clue if it can be applied to our problem in an easy way.

- Second idea was to use rather hooks than memory injections. http://www.boot-land...?...ost&p=18345
I came up with the idea, when i detected a flaw in our initial idea.

Remapping the registry will be good enough to create an automatic script builder. Because all that would be required, is installing and seting up. Both processes, that do not need global access.

But if we wanna run apps directly from an USB stick, we will need a little different behaviour.
We want our apps to take advantage of the guest OS.
So when i start a file manager from my USb stick, i want it to use the file associations that i saved on my stick, but for all the associations that i have not set up, i would want it to use the assotiazions of the guest OS!

To achieve this, my idea was to use hooks. Our hooked dll would change the behaviour of openKey, readKey, writeKey, closeKey, usw in the following way:
- writeKey - from 'our' apps always to 'our' registry. (In my example, that was the MedEvil key.)
- readKey - first in 'our' registry, if it isn't found there, check the 'real' Registry, if nothing there too - Failure.
- openKey - same as readKey
- closeKey - same as readKey

The one problem still unsolved is, how the hooked dll can tell our apps, that run from the USB-stick, from those running from system.


Sorry for the necro-post but i must ask, have you ever found a solution to this besides jauntePE? im looking for a registry only solution, like RunScanner...but without needing to create a fake windows installation

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users