Does anyone have a link to a comprehensive breakdown of the structure of a registry hive ? I am looking for one for a module I am writing and have been pretty much relying on this one (http://www.microsoft.com/technet/archive/winntas/tips/winntmag/inreg.mspx) from Microsoft but though it is complete it does not go into enough detail.
Donkey
I guess I should talk a bit about what I am planning to do with the info, I want an application that will allow an administrator to read the hives of all user data on a system and possibly affect changes to them though that is not critical if it proves to unstable. I am working on a set of admin tools for WinExplorer that will tie into my larger project and user keys are a critical requirement.
You might check the library for a registry book, which I own and have rarely cracked open. I can get the name if you wish or look something up unless you think it's too long.
Donkey check this flower out:
I discovered that Samba 4.x contains a command-line utility called editreg that dumps the contents of registry hive files, so I quickly ported the C code from Unix to Win32 -- basically changing mmap() to MapViewOfFile() -- and dumped the registry file. Sure enough, except for a couple of keys using XP-specific formats, it managed to dump out the entire registry hive's contents. The basic structure of the hive had to be OK, so started comparing the header description in the editreg source code to the actual data in the file, since not all of the fields were validated....
http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/editreg.c?rev=1.63.2.1&content-type=text/x-cvsweb-markup
I would be interested in the results.
Regards, P1 :8)
Thanks Doc,
I would like the name if you can find it.
Thanks P1,
Looks promising but I will probably not have results for some time (I am quite busy these days) they will be included in the WinExplorer source as that is my current test bed for all of my projects.
Sorry to intrude but out of curiosity, won't reverse engineering regedit or RegEditX do it?
reverse engineering is not a welcome topic on this forum, please be advised and admonished.
Paul
Quote from: w0lfshad3 on August 24, 2006, 01:27:12 PMSorry to intrude but out of curiosity, won't reverse engineering regedit or RegEditX do it?
It's not welcomed as a topic because, for most EULAs, it's a violation of the vendor's stated right's. We try not to tangle ourselves in legal issues here.
M$ is open enough, that if you want to buy the support software/information, you can.
Regards, P1 :8)
RegEditX is freeware.
Quote from: w0lfshad3 on August 24, 2006, 02:45:07 PMRegEditX is freeware.
But it's not open source. Donkey was looking hive access programically for WinExplorer.
Regards, P1 :8)
Windows XP Registry Guide (http://www.amazon.com/gp/product/0735622183/sr=8-1/qid=1156433107/ref=pd_bbs_1/103-6640558-2519864?ie=UTF8)