Hives without honey

donkey · August 21, 2006, 02:43:04 AM

Does anyone have a link to a comprehensive breakdown of the structure of a registry hive ? I am looking for one for a module I am writing and have been pretty much relying on this one from Microsoft but though it is complete it does not go into enough detail.

Donkey

donkey · August 21, 2006, 02:47:56 AM

I guess I should talk a bit about what I am planning to do with the info, I want an application that will allow an administrator to read the hives of all user data on a system and possibly affect changes to them though that is not critical if it proves to unstable. I am working on a set of admin tools for WinExplorer that will tie into my larger project and user keys are a critical requirement.

drhowarddrfine · August 21, 2006, 12:59:28 PM

You might check the library for a registry book, which I own and have rarely cracked open. I can get the name if you wish or look something up unless you think it's too long.

P1 · August 21, 2006, 02:57:44 PM

Donkey check this flower out:
I discovered that Samba 4.x contains a command-line utility called editreg that dumps the contents of registry hive files, so I quickly ported the C code from Unix to Win32 -- basically changing mmap() to MapViewOfFile() -- and dumped the registry file. Sure enough, except for a couple of keys using XP-specific formats, it managed to dump out the entire registry hive's contents. The basic structure of the hive had to be OK, so started comparing the header description in the editreg source code to the actual data in the file, since not all of the fields were validated....
http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/editreg.c?rev=1.63.2.1&content-type=text/x-cvsweb-markup

I would be interested in the results.

Regards, P1 :8)

donkey · August 24, 2006, 04:38:44 AM

Thanks Doc,

I would like the name if you can find it.

Thanks P1,

Looks promising but I will probably not have results for some time (I am quite busy these days) they will be included in the WinExplorer source as that is my current test bed for all of my projects.

w0lfshad3 · August 24, 2006, 01:27:12 PM

Sorry to intrude but out of curiosity, won't reverse engineering regedit or RegEditX do it?

PBrennick · August 24, 2006, 01:43:30 PM

reverse engineering is not a welcome topic on this forum, please be advised and admonished.

Paul

P1 · August 24, 2006, 02:08:39 PM

Quote from: w0lfshad3 on August 24, 2006, 01:27:12 PMSorry to intrude but out of curiosity, won't reverse engineering regedit or RegEditX do it?

It's not welcomed as a topic because, for most EULAs, it's a violation of the vendor's stated right's. We try not to tangle ourselves in legal issues here.

M$ is open enough, that if you want to buy the support software/information, you can.

Regards, P1 :8)

w0lfshad3 · August 24, 2006, 02:45:07 PM

RegEditX is freeware.

P1 · August 24, 2006, 02:54:44 PM

Quote from: w0lfshad3 on August 24, 2006, 02:45:07 PMRegEditX is freeware.

But it's not open source. Donkey was looking hive access programically for WinExplorer.

Regards, P1 :8)

drhowarddrfine · August 24, 2006, 03:25:56 PM

Windows XP Registry Guide

News:

Hives without honey

donkey

donkey

drhowarddrfine

P1

donkey

w0lfshad3

PBrennick

P1

w0lfshad3

P1

drhowarddrfine