Windows registry

[whiteh777]

I am using a BartPE disc to boot up some user PCs that have a virus. I have fixed the problem manually in the registry but some of the other PCs are at remote sites. I would love to be able to have this fix run via a script instead of manually. Is there anyway I can create a script to:
run regedit
select hkey_users;
load c:\windows\system32\config;
open it and give it a name (xpfix)
navigate to hkey_users\xpfix\microsoft\windows nt\current version\winlogon
open the key and make a change (IE change a (.) to a (,)
and last, unload the hive XPfix...

is this even possible???

[Gintaras]

Yes, possible. For example, hives and keys in regedit can be selected using accessible object functions.

But at first try RegLoadKey function. It is Windows function, documented in MSDN library. I did not try it, but I think it does the same as the Load Hive menu item in regedit. Then use rset to change . to ,. Then call RegUnLoadKey function.

Macro Macro1267

Code:

Copy      Help

int e=RegLoadKey(HKEY_USERS "xpfix" _s.expandpath("$system$\config"))
if(e) end _s.dllerror("" "" e)
rset "," "some value" "xpfix\microsoft\windows nt\current version\winlogon" HKEY_USERS
RegUnLoadKey(HKEY_USERS "xpfix")

[whiteh777]

It looks like your script will work, but I think I may have missed a few steps. This is what I am trying to actually do:

After I bootup my BartPE CD,

start regedit
select HKey_users hive
Load hive c:\windows\system32\config\
open a file called "software" w/no extensions
name the opened hive "fixxp"
now open "fixxp" which in now under the Hkey_users base hive
navigate to hkey\users\fixxp\microsoft\windows nt\currentversion\winlogon
double click "userinit" and change its value:
from: c:\windows\system32\winlogin32.exe to: c:\windows\system32\userinit.exe, <--needs the comma

If you have an easier way to do that....please help

[Gintaras]

The code with RegLoadKey is the easiest way, just change some strings. If it is (Default), change "some string" to "".