Linux редактор реестра windows

В связи с вирусами в винде и невозможностью запусить regedit, понадобилась возможность редактировать реестр извне. Нашел, пока, единственную утилиту в линуксе chntpw, которая изначально разрабатывалась для сброса паролей, а потом приобрела функцию редактирования реестра.

Редактирование реестра:

1. Загружаемся с LiveCD или устанавливаем второй системой Ubuntu

2. Устанавливаем утилиту chntpw

sudo aptitude install chntpw

3. Подключаем раздел windows

Смотрим где он:
sudo fdisk -l
ищем ntfs раздел и монтируем:
$ sudo mkdir /media/windows
$ sudo mount /dev/sda2 /media/windows

4. Редактируем реестр

chntpw -l /media/windows/Windows/system32/config/software
Редактирование осуществляется перемещением по веткам, например:
cd Microsoft\Windows NT\CurrentVersion\Winlogon
и самим редактированием ключей, например:
ed Shell

Сброс пароля:

1. Пункты 1-3 предыдущего параграфа

4. Смотрим у какого пользователя будем менять пароль

chntpw -l /media/windows/Windows/system32/config/SAM

5. Сбрасываем пароль

chntpw /media/windows/Windows/system32/config/SAM -u Administrator

Сразу привожу места в реестре где могут скрываться записи о запуске вирусов:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Значения по умолчанию в Regedit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
"Userinit"="C:\WINDOWS\system32\userinit.exe"

Проверьте файл Explorer.exe на наличие двойника… правильно лежать ему в папке Windows\ но не в Windows\System32\...

Эта статья была написана в дополнение темы борьбы с вирусами и sms-вымогателями
Очистка windows от вирусов с помощью Ubuntu

Если эта публикация вас вдохновила и вы хотите поддержать автора — не стесняйтесь нажать на кнопку

Источник

Title: How to Edit Windows Registry Using Ubuntu

Editing the Windows Registry can be a daunting task for many users, especially for those who primarily use Linux-based systems like Ubuntu. However, there are situations where accessing and editing Windows Registry files becomes necessary—such as when you need to modify settings for applications or troubleshoot issues that require registry edits. This article will guide you through the process of accessing and editing the Windows Registry using Ubuntu, including valuable tips and tools to help you safely make changes.

Understanding the Windows Registry

Before diving into the practical aspects of editing the Windows Registry using Ubuntu, it’s crucial to understand what the Windows Registry is and its significance. The Windows Registry is a hierarchical database used by the Windows operating system to store configuration settings and options. It contains information, settings, and options for the operating system and installed applications, allowing them to store and retrieve information efficiently.

The registry is structured like a tree, with keys and values, where:

  • Keys: These are analogous to folders in a file system. Each key can contain subkeys or values.
  • Values: Each key can have one or more values, which can be of various data types, such as string values, binary data, and DWORDs.

Editing the registry can lead to significant effects on system behavior, so caution is necessary. A wrong modification can lead to system instability or applications not functioning correctly.

Why Use Ubuntu to Edit the Windows Registry?

While editing the Windows Registry is typically performed on the Windows operating system itself (via the Registry Editor), users may find it necessary to use Ubuntu in certain scenarios, such as:

  1. Dual Boot Systems: If you have a dual-boot setup with Windows and Ubuntu, accessing the Windows partition via Ubuntu can allow you to manipulate registry files without booting into Windows.
  2. System Recovery: If Windows fails to boot and you need to edit the registry to recover access or fix issues, Ubuntu can provide a temporary environment to perform edits.
  3. Use of Specialized Tools: Certain tools on Ubuntu can provide additional functionality or a different method for editing registry files than what’s available in Windows.

Precautions Before Editing the Registry

Editing the Windows Registry comes with risks, and the first rule is to always create backups. Here are key precautionary steps:

  1. Backup your Registry: If you have access to Windows, you can export the registry using the Registry Editor. If not, you can make a copy of the SYSTEM and SOFTWARE hives directly from the registry files on the Windows system partition.
  2. Backup Important Data: Make sure you have backups of your important data in case something goes wrong during the process.
  3. Know What You’re Changing: Ensure you have a clear understanding of what changes you plan to make and their implications.

Accessing Windows Registry Files on Ubuntu

To edit the Windows Registry from Ubuntu, you need to access the registry files directly. The registry data is stored in specific files located in the Windows installation directory, typically at:

  • C:WindowsSystem32Config for system-related hives.
  • User-specific registries are stored in files typically located at:
    • C:Users\NTUSER.DAT

Step 1: Mounting the Windows Partition

If you want to edit the Windows registry files from Ubuntu, the first step is to access the Windows partition. Here’s how you can do that:

  1. Open Terminal: Use Ctrl + Alt + T to open the terminal in Ubuntu.

  2. Identify the Windows Partition: Run the following command to list all disks and partitions:

    sudo fdisk -l

    Look for your Windows partition, which is usually formatted as NTFS. It will be something like /dev/sda1, /dev/sda2, etc.

  3. Mount the Partition: Create a mount point and mount the Windows partition. Replace /dev/sdXY with the actual partition identifier you noted earlier.

    sudo mkdir /mnt/windows
sudo mount /dev/sdXY /mnt/windows

  4. Navigate to the Config Directory:

    cd /mnt/windows/Windows/System32/config

Extracting Registry Files

Once you have access to the Windows directory, you will notice several files that represent different parts of the registry:

  • SYSTEM: Contains the system configuration.
  • SOFTWARE: Contains application settings.
  • DEFAULT: Settings for new user profiles.
  • SAM: Security settings.
  • SECURITY: Security policies.

To edit these registry values, you’ll typically use external tools.

Tools for Editing Windows Registry in Ubuntu

There are various tools available on Ubuntu that can help you work with Windows Registry files. Some popular choices include:

  1. Chntpw: This is a utility for editing the Windows Registry and can help recover lost passwords as well. It can directly load and edit the registry files.

    To install Chntpw, run:

    sudo apt install chntpw

    To use it, simply run:

    sudo chntpw -e SYSTEM

    This command will allow you to edit the SYSTEM hive directly.

  2. Registry Editor for Linux (Reged): Some users have developed registry editors for Linux that allow modifications with a GUI. These tools provide a more familiar interface for Windows users.

  3. Wine: You can even run Windows-based registry editors under Wine, though functionality may vary.

Editing the Registry with Chntpw

Using Chntpw is one of the most straightforward methods to manipulate the Windows Registry from Ubuntu. To edit a particular hive, follow these steps:

  1. Load the Hive: For example, to edit the SYSTEM hive, run:

    sudo chntpw -e SYSTEM

    This opens an interactive console interface.

  2. Navigate the Registry: Use the arrow keys to navigate through keys and subkeys.

  3. Editing Values: To edit a value, navigate to it and press Enter. You’ll be prompted to enter the new value.

  4. Saving Changes: After making changes, use the command W to write the changes to the hive.

  5. Exit: Exit the application by typing Q or quit.

Editing User Specific Registry Values

If you need to access and edit user-specific settings, you can also open the NTUSER.DAT file. To edit the user registry:

  1. Load the NTUSER.DAT file: For user-specific registry edits, navigate to the user folder.

    cd /mnt/windows/Users/
sudo chntpw -e NTUSER.DAT

  2. Follow Similar Steps: Navigate, edit, save, and exit as described before.

Important Registry Paths and Their Functions

Understanding the key paths in the Windows Registry is essential when you are working with it. Here are some commonly edited paths and their functions:

  • HKEY_LOCAL_MACHINESYSTEM: Contains settings specific to the hardware and operating system.
  • HKEY_LOCAL_MACHINESOFTWARE: Stores all the software installations and settings that apply to all users.
  • HKEY_CURRENT_USER: Stores user-specific settings.
  • HKEY_CLASSES_ROOT: Handles file associations and OLE registration.

Solve Common Issues When Editing the Registry

While editing the registry is comparatively straightforward, you might encounter various issues:

  1. Inaccessible Files: Ensure that you have root permissions to edit the files. Always run Chntpw or other tools with sudo.

  2. Read-Only Filesystem: If the NTFS partition is mounted as read-only, remount it with write permissions:

    sudo mount -o remount,rw /mnt/windows

  3. Corruption Risks: After making changes, consider running chkdsk on the Windows side to ensure filesystem integrity.

Unmounting the Windows Partition

After finishing your edits, it’s essential to unmount the Windows partition correctly to avoid data loss or filesystem errors:

cd ~
sudo umount /mnt/windows

Final Thoughts

Editing the Windows Registry using Ubuntu might initially appear challenging, but by following the procedures outlined in this guide, you can navigate and make edits with confidence. Always remember the critical importance of backing up data and being cautious with the registry edits you make. With the right tools and methodologies, accessing Windows Registry from Ubuntu can be effectively managed.

If you find yourself frequently needing to edit the registry, it might be worth gaining familiarity with both the Windows environment and registry structure, allowing you to make informed decisions rather than guesswork. The benefits of such knowledge are invaluable, whether you are troubleshooting, optimizing system performance, or simply curious about how different settings affect your Windows experience.

Источник

It will prompt something like this (for SOFTWARE, for example).

chntpw version 1.00 140201, (c) Petter N Hagen
Hive <SOFTWARE> name (from header): <emRoot\System32\Config\SOFTWARE>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c <lh>
File size 89653248 [5580000] bytes, containing 19648 pages (+ 1 headerpage)
Used for data: 1535227/88876216 blocks/bytes, unused: 34/29512 blocks/bytes.

<>========<> chntpw Main Interactive Menu <>========<>

Loaded hives: <SOFTWARE>

  3 - RecoveryConsole settings
  4 - Show product key (DigitalProductID)
      - - -
  9 - Registry editor, now with full write support!
  q - Quit (you will be asked if there is something to save)


What to do? [1] -> 9
Simple registry editor. ? for help.

Источник

Существуют ли программы под Linux для редактирования системного реестра Windows?

В общем, есть ли такое вообще?

Унесено в talks, ибо проект исчез с гитхаба.

И где его теперь искать?

Исчез проект файловой системы HIVEXFS, использующей HIVEX. Сам HIVEX никуда не исчез, всё так же в составе libguestfs.

app-crypt chntpw 110511 Offline Windows NT Password & Registry Editor

app-misc hivex 1.3.7 Library for reading and writing Windows Registry ‘hive’ binary files

Установил. Оно без графического интерфейса что-ли?

а с GUI ничего не существует?

дык regedit идет в комплекте с wine и отлично работает.

он не открывает файлы реестра Windows 7 почему-то

потому, что реестр не нужен

Помню в сборке с касперским что-то такое было.

Видел на DrWeb Live, но не пользовался — ненужно.

существуют, но не нужны.

сказал бы хоть названия что-ли

Текстовый редактор. Я серьезно.

я пользовал KAV 2012 Rescue CD, там в составе была тулза для копания в реестре винды.. помоему это какой-то их самописный проджект.

а отдельно его нет? Лайвсиди я могу и виндовый использовать, но хочется чинить винду из-под загруженной Убунты.

не знаю, зайди к ним на сайт, может они распространяют эту штуку отдельно

Нет конечно, ибо им смысла нет.

Редкктировать текстовым редактором бинарные файлы? Ну-ну… Может HEX редактор всё таки?

Может хватит гнать-то? Вот эти «Ну-ну» или от снобизма, или от обскурантизма. Если ты реестор не знаешь и формат бинаря — тебе HEX не поможет. Если знаешь сам реестр, можешь написать .reg (на край бэкап из .sav нужного улья можно на другой винде открыть и сдампить — отличаться он будет несильно, и как правило в лучшую сторону) и отредактировать как тебе надо, а потом так же к реестру результат применить.

Источник

Сброс пароля, редактирование реестра Windows из Ubuntu

Редактирование реестра:

1. Загружаемся с LiveCD или устанавливаем второй системой Ubuntu
2. Устанавливаем утилиту chntpw
3. Подключаем раздел windows
4. Редактируем реестр

chntpw -l /media/windows/Windows/system32/config/software
Редактирование осуществляется перемещением по веткам, например:
cd Microsoft\Windows NT\CurrentVersion\Winlogon
и самим редактированием ключей, например:
ed Shell

Сброс пароля:

1. Пункты 1-3 предыдущего параграфа
4. Смотрим у какого пользователя будем менять пароль
5. Сбрасываем пароль

chntpw /media/windows/Windows/system32/config/SAM -u Administrator

Сразу привожу места в реестре где могут скрываться записи о запуске вирусов:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Значения по умолчанию в Regedit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
«Shell»=»Explorer.exe»
«Userinit»=»C:\WINDOWS\system32\userinit.exe»

Проверьте файл Explorer.exe на наличие двойника… правильно лежать ему в папке Windows\ но не в Windows\System32\.

Эта статья была написана в дополнение темы борьбы с вирусами и sms-вымогателями
Очистка windows от вирусов с помощью Ubuntu

Источник

How to Edit Windows Registry Using Ubuntu?

Once you hit by any computer virus, there is a possibility for a corrupted Windows registry or modified by the virus. You will be stuck with that point, and you won’t be able to boot to Windows or edit the registry from Windows. Most of the time, it won’t allow you to execute Regedit command from your affected PC. One of the best solutions is to use a Linux thumb drive to temporary boot on your PC, access your Windows registry and modify it.

Let us see how to modify the Windows Registry using Ubuntu from an external USB without harming the Windows OS installation.

Editor’s Note: If you don’t have a bootable Linux USB, please scroll down for the guide to create a Live Ubuntu Thumb Drive.

How to Edit Windows Registry Using Ubuntu from a Live USB

Linux is offering a fantastic utility named chntpw , which was originally designed to reset passwords, and then acquired the registry editing ability. You can use chntpw to edit your Windows registry, and it is coming with free Ubuntu OS.

Here are the steps to reset the password using the Ubuntu OS CD.

  1. Boot from a LiveCD (you can create from downloading ISO files from Ubuntu website) one or install a second system Ubuntu.
  2. Install chntpw utility:
    sudo apt-get install chntpw
  3. Find the Windows partition:
    sudo fdisk-l
  4. Assume it is on /dev/sda2. Next step is mounting of the partition:
    sudo mkdir /media/windows
    sudo mount /dev/sda2 /media/windows
  5. Edit Windows registry now
    chntpw -l /media/windows/Windows/system32/config/software
  6. Move to registry branch you need, for example:
    cd Microsoft\Windows NT\CurrentVersion\Winlogon
  7. And edit a key, for example:
    ed Shell

Just cite the places in the registry where they can hide a record of running viruses:

HKCU\Software\Microsoft\Windows\CurrentVersionRun
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersionRun
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersionWinlogonShell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersionWinlogonNotify HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersionWinlogonUserinit HKLM\SOFTWARE\Microsoft\Windows\CurrentVersionExplorerSharedTaskScheduler HKLM\SOFTWARE\Microsoft\WindowsCurrentVersionShellServiceObjectDelayLoad

The default values in Regedit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersionWinlogon]
«Shell» = «Explorer.exe»
«Userinit» = «C:WINDOWSsystem32userinit.exe»

Check Explorer.exe file for the double presence, the right place for the file in Windows but not Windows > System32.

Turn off your Ubuntu, after this procedure and remove the USB drive from Windows Machine. Now restart Windows and make sure the Windows is loading properly without any issues. Good Luck!

Create a Live Ubuntu Thumb Drive

Now, your Windows PC is obviously not booting so you can’t use it to create a live Ubuntu USB. You may have to borrow a friend’s or use another PC you may have around.

  1. Download any version of Ubuntu (preferably the latest) from their official website.

    Картинка с сайта: comp.post-ap.ru

  2. Download Rufus. Rufus is a utility that helps create bootable USB flash drives, such as USB keys/pen drives, memory sticks, etc.
  3. Insert a USB drive into the PC with 4GB or more capacity. This should be the USB drive you will use to boot Ubuntu and edit Windows registry.
  4. Launch Rufus.
  5. Select your USB drive from the Device drop-down menu.
  6. Next, click SELECT then navigate to and select the downloaded Ubuntu image file.

    Картинка с сайта: comp.post-ap.ru

  7. Make sure all the other options are as shown in the screenshot above.
  8. Click START.
  9. You may be asked to download additional Syslinux files, choose Yes.
  10. Then you’ll see a ISOHybrid image detected warning. Choose to Write in ISO Image mode (Recommended) and click OK.

Rufus will take some time to copy all the necessary image files to the USB drive. You can track the progress from the progress bar. When it’s complete, click CLOSE and remove the USB. Now you have a bootable Linux OS in your USB drive.

Repair Windows Registry with Linux Live USB

You did the Windows registry fix from Linux OS. Now you can boot back to Windows, and make sure Windows is loading. Before you start using the Windows, you have to run all possible scan to makes sure that you completely removed the malware or virus affected in your system. Please use some virus scanner and antimalware tools to clean up the Windows System.

Disclosure: Mashtips is supported by its audience. As an Amazon Associate I earn from qualifying purchases.

Источник

Editing Windows registry entries(hive) from Linux

By Sorin Tudor
Post date

I want to share this with you and also it’s also very useful for me in case i come to this problem again.

The main reason for this is related to the fact that my Windows installation will not boot anymore. We thought that it was something related to a registry entry, so i started to take a look how can registries be modified from Linux (later saw that it was much easier to do it with a bootable Windows stick, a cmd window and regedit)

From what i managed to research on the net, it seems that the only tool for this scope is chntpw

I will no go into details o installing this tool, you can find that in different posts from other sites. What i consider important is how you find the right “hive” to edit (and by hive they understand directory structure)

So, in order to have access to the registry, you will need to mount the Windows partition on Linux.

It should be relatively easy, find the partition using sudo fdisk -l and after that for example mkdir /mnt/windows; sudo mount /dev/sda2 (for example since sda1 should be the boot partition) /mnt/windows

After it is mounted, the easiest way to see the trees is by listing the content of /mnt/windows/Windows/System32/config

And it should look similar to this:

-rwxrwxrwx 1 root root 5505024 May 9 10:50 DRIVERS
-rwxrwxrwx 1 root root 2776 May 14 15:35 netlogon.ftl
-rwxrwxrwx 1 root root 18612224 May 15 2019 SYSTEM
-rwxrwxrwx 1 root root 96206848 May 15 2019 SOFTWARE
-rwxrwxrwx 1 root root 786432 May 15 2019 DEFAULT
-rwxrwxrwx 2 root root 53215232 May 15 2019 COMPONENTS

And of course a lot more other directories.

To edit one of the trees it as simple as running

me@mintworkstation:/mnt/windows/Windows/System32/config$ chntpw -e SYSTEM
chntpw version 1.00 140201, (c) Petter N Hagen
Hive name (from header):
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c
File size 18612224 [11c0000] bytes, containing 3776 pages (+ 1 headerpage)
Used for data: 257785/18420128 blocks/bytes, unused: 13/1632 blocks/bytes.

Simple registry editor. ? for help.

And the simplest way to navigate is by using ls to list and cd to change o a smaller tree (please put the name of the tree without “ ” like, cd Software for example.

Once you arrived at the record you want to edit just call ed [record_name] It will show you the actual value and ask you what is the update one.

Once the changes are done, just press q and it will as you to same the registry hive. After it is saved, you are all done.

Источник

Thread: Reset your Windows password, edit the Windows Registry from Ubuntu

Thread Tools
Display

Reset your Windows password, edit the Windows Registry from Ubuntu

THE MAIN GOAL OF THIS TOPIC IS TO SHOW AN ABILITY OF WINDOWS REGISTRY EDITING BUT NOT PASSWORD RESETTING ONLY. IT WAS CREATED AFTER READING OF THE FOLLOWING AT THE FORUM, WHERE THE QUESTIONS STILL WITHOUT ANSWERS INFACT:

In connection with the Windows viruses and impossibility to start regedit or Windows in whole, sometimes Windows users need to edit the registry from outside. I’ve found, so far, the only utility in Linux chntpw, which was originally designed to reset passwords, and then acquired the registry editing ability.

Editing the registry:

1. Boot from a LiveCD or install a second system Ubuntu.

2. Install chntpw utility:

3. Mount Windows partition:

Find the Windows partition:

Assume it is on /dev/sda2. Next step is mounting of the partiotion:

4. Registry editing

Move to registry branch you need, for example:

and edit a key, for example:

1. See 1-3 of the previous section

4. Find the user whose password will be changed

5. Password resetting

Just cite the places in the registry where they can hide a record of running viruses:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

The default values in Regedit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
«Shell» = «Explorer.exe»
«Userinit» = «C:\WINDOWS\system32\userinit.exe»

Check Explorer.exe file for double presence . the right place for the file is Windows\ but not Windows\System32\ .

This post was written to open the theme to combat viruses and sms-extortionists.

Last edited by melnichuk; August 1st, 2010 at 12:25 PM .

Re: Reset your Windows password, edit the Windows Registry from Ubuntu

I use Windows Password Key 8.0 to reset the lost password before,i think it is also OK.

Re: Reset your Windows password, edit the Windows Registry from Ubuntu

chntpw for x64 in Ubuntu repositories doesn’t work. Use version from Debian reps: http://packages.debian.org/sid/amd64/chntpw/download

Re: Reset your Windows password, edit the Windows Registry from Ubuntu

lovlely but win7 password is not clearing.it detects and says OK but when i log on windows it again says to give a password

Last edited by crucafix18; August 17th, 2011 at 03:30 AM .

Re: Reset your Windows password, edit the Windows Registry from Ubuntu

Hmmm. there’s no software folder in my config folder.

So on the step where you type chntpw -l /media/windows/Windows/system32/config/software, it says:

$ chntpw -l /media/windows/Windows/system32/config/software
chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
openHive(/media/windows/Windows/system32/config/software) failed: No such file or directory, trying read-only
openHive(/media/windows/Windows/system32/config/software) in fallback RO-mode failed: No such file or directory
closing hive /media/windows/Windows/system32/config/software
Unable to open/read a hive, exiting..

Am I doing something wrong? I’m using this to attempt to edit the Windows registry to delete specific registry keys to remove a virus. I would stick with Ubuntu and just use it but the problem is Windows CD’s don’t work on Linux. :/

By «assume it’s on sda2» on the mounting step, do you mean it is usually on sda2 by default? Because I checked the system monitor and it led me to believe that my Windows partition is on sda3.

Last edited by Ibuntufixmypc; January 2nd, 2012 at 11:23 PM .

Re: Reset your Windows password, edit the Windows Registry from Ubuntu

Hmmm. there’s no software folder in my config folder.

So on the step where you type chntpw -l /media/windows/Windows/system32/config/software, it says:

$ chntpw -l /media/windows/Windows/system32/config/software
chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
openHive(/media/windows/Windows/system32/config/software) failed: No such file or directory, trying read-only
openHive(/media/windows/Windows/system32/config/software) in fallback RO-mode failed: No such file or directory
closing hive /media/windows/Windows/system32/config/software
Unable to open/read a hive, exiting..

Am I doing something wrong? I’m using this to attempt to edit the Windows registry to delete specific registry keys to remove a virus. I would stick with Ubuntu and just use it but the problem is Windows CD’s don’t work on Linux. :/

By «assume it’s on sda2» on the mounting step, do you mean it is usually on sda2 by default? Because I checked the system monitor and it led me to believe that my Windows partition is on sda3.

I have no clue about the piece of software you’re using, but I think if Windows is on /dev/sda3, then use /dev/sda3. I think the OP meant /dev/sda2 is normal.

Re: Reset your Windows password, edit the Windows Registry from Ubuntu

Hmmm. there’s no software folder in my config folder.

So on the step where you type chntpw -l /media/windows/Windows/system32/config/software, it says:

$ chntpw -l /media/windows/Windows/system32/config/software
chntpw version 0.99.6 080526 (sixtyfour), (c) Petter N Hagen
openHive(/media/windows/Windows/system32/config/software) failed: No such file or directory, trying read-only
openHive(/media/windows/Windows/system32/config/software) in fallback RO-mode failed: No such file or directory
closing hive /media/windows/Windows/system32/config/software
Unable to open/read a hive, exiting..

Am I doing something wrong? I’m using this to attempt to edit the Windows registry to delete specific registry keys to remove a virus. I would stick with Ubuntu and just use it but the problem is Windows CD’s don’t work on Linux. :/

By «assume it’s on sda2» on the mounting step, do you mean it is usually on sda2 by default? Because I checked the system monitor and it led me to believe that my Windows partition is on sda3.

be careful to use capital or lowercase letters in windows 7 folder is media/windows/Windows/System32/config/SOFTWARE

Last edited by gato_negro87; January 5th, 2012 at 12:20 AM .

Источник

Источник

Category:

  • IT
  • Cancel 
HIVEXFS - Файловая система для работы с Windows-реестром 
из Unix/Linux операционных систем. 
Опирается на проекты FUSE (http://fuse.sourceforge.net) и 
HIVEX (http://libguestfs.org/hivex.3.html)





Реестр монтируется к любому пустому каталогу. 
В получившейся файловой системе каталоги соответствуют 
разделам реестра, файлы - параметрам, 
содержимое файла - значению соответствующего параметра.  
Параметр по умолчанию обозначается файлом ‘@’, 
тип параметра определяется через расширенные 
атрибуты файла (http://linux.die.net/man/5/attr).


Значения параметров имеющие типы 
REG_SZ, REG_EXPAND_SZ, REG_LINK REG_DWORD или REG_QWORD, 
автоматически конвертируется в текст (UTF-8) и обратно. 
Поэтому размер файла может не совпадать с размером 
соответствующего параметра в реестре.


Для монтирования реестра используется утилита hivexfs. 
В качестве первого аргумента надо указать точку 
монтирования windows-диска, второй аргумент - пустой каталог.


         # hivexfs /mnt/windows /mnt/registry


- Посмотреть доступный список типов параметра attr -l [value]
 
- Посмотреть тип параметра можно командой: 
   getfattr -n user.type [value] или attr -g type [value]

- Реальный размер праметра: getfattr -n user.size [value] 
    или attr -g size [value]

- Реальное побайтное содержимое параметра:
    getfattr --only-values -n user.value [value] 
    или attr -qg value [value]

- rmdir - удаляет разделы рекурсивно, без вопросов.


- копировать лучше командой ln (link),
  тогда копируются все атрибуты параметра.
  Команда cp использует вызовы read и write,
  которые строковые и числовые ключи перекодируют на лету,
  в UTF-8 и обратно.  Так что cp - это весьма накладно 
  + он ни чего не знает о типе параметра.
  Рекурсивно скопировать раздел можно командой cp -Rl [path1] [path2]

- по умолчанию создается тип REG_SZ, 
  если параметр модифицируется, то его тип не меняется

- Сменить тип параметра можно коммандой:
    setfattr -n user.type -v [new_type] [value] или 
    attr -s type -V [new_type] [value]
    
   Модификация типа возможна для параметров: 
   REG_SZ, REG_EXPAND_SZ, REG_LINK, REG_BINARY, REG_DWORD, REG_QWORD.
   В случае невозможности модификации типа возвращается ошибка.

 - Если что-то сделали не так, то отменить изменения можно 
   убив процесс hivexfs, тогда демонтирования не будет 
   и изменения в силу не вступят.
 
   Примеры:

        - Создадим параметр NEW_VALUE типа REG_SZ: 

            # echo qwerty > NEW_VALUE 

        - Посмотрим реальное содержимое: 

            # attr -qg value NEW_VALUE |hexdump -C

        00000000  71 00 77 00 65 00 72 00  74 00 79 00 0a 00 00 00  |q.w.e.r.t.y.....|
        00000010

        Как видим это строка в кодировке UTF-16LE, в конце завершается двумя нулями.

        - Преобразуем в тип REG_DWORD: 

          # attr -s type -V reg_dword NEW_VALUE 

            attr_set: Недопустимый аргумент
            Could not set "type" for NEW_VALUE 

        Выдана ошибка, так как строка в число не переводится,
        попробуем снова:

          # echo 12345 > NEW_VALUE 

        Attribute "type" set to a 9 byte value for NEW_VALUE :
        reg_dword


          # attr -g type NEW_VALUE

        Attribute "type" had a 9 byte value for NEW_VALUE :
        REG_DWORD
        

          # attr -g size  NEW_VALUE

        Attribute "size" had a 1 byte value for NEW_VALUE :
        4

          # cat NEW_VALUE
            12345

        Теперь все нормально.














Источник


	









    
    
    
    



    

                
Понравилась статья? Поделить с друзьями:

        
        

























    








    

    

            

            

            

                

                    0
                    0
                    голоса

                
Рейтинг статьи

                

            
    

                    

                            

            

                

                                            

                             Подписаться
                            
                        

                                            

                                                
                    

                

                                                    

                                                    

                                
Уведомить о 

                                

                                    
                                

                                                                    
                                                                    

                                    
                                

                                                            

                                                

                            

                                        

                                        

                        

                            

                                                                                                        

                                        guest                                    

                                                
                                        

                        

                    

                    
                                        
                    
                

                        

                
                    

                        

                

                    

                        0 комментариев                    

                                        

                    

                                                    

                                

                                                        

                                

                                                        

                                                                        Старые
                                                                        
                                

                                                                            Новые
                                                                                Популярные
                                                                        

                            

                                                

                

                

                    
 Межтекстовые Отзывы                     

                    
Посмотреть все комментарии

                

                                

                                        

                                            

                

            

                

        

    

    

    			
			

  • Host process for windows tasks обнаружена ошибка
    • 

  • Утилита для восстановления удаленных файлов windows 7
    • 

  • Автоматический вход в windows 10 без ввода пароля нет галочки
    • 

  • Программа для создания диска восстановления системы windows 10
    • 

  • Windows 10 изменить тип сети на сеть предприятия
    •