Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Windows registry
I am using a BartPE disc to boot up some user PCs that have a virus. I have fixed the problem manually in the registry but some of the other PCs are at remote sites. I would love to be able to have this fix run via a script instead of manually. Is there anyway I can create a script to:
run regedit
select hkey_users;
load c:\windows\system32\config;
open it and give it a name (xpfix)
navigate to hkey_users\xpfix\microsoft\windows nt\current version\winlogon
open the key and make a change (IE change a (.) to a (,)
and last, unload the hive XPfix...

is this even possible???
Yes, possible. For example, hives and keys in regedit can be selected using accessible object functions.

But at first try RegLoadKey function. It is Windows function, documented in MSDN library. I did not try it, but I think it does the same as the Load Hive menu item in regedit. Then use rset to change . to ,. Then call RegUnLoadKey function.

Macro Macro1267
Copy      Help
int e=RegLoadKey(HKEY_USERS "xpfix" _s.expandpath("$system$\config"))
if(e) end _s.dllerror("" "" e)
rset "," "some value" "xpfix\microsoft\windows nt\current version\winlogon" HKEY_USERS
RegUnLoadKey(HKEY_USERS "xpfix")
It looks like your script will work, but I think I may have missed a few steps. This is what I am trying to actually do:

After I bootup my BartPE CD,

start regedit
select HKey_users hive
Load hive c:\windows\system32\config\
open a file called "software" w/no extensions
name the opened hive "fixxp"
now open "fixxp" which in now under the Hkey_users base hive
navigate to hkey\users\fixxp\microsoft\windows nt\currentversion\winlogon
double click "userinit" and change its value:
from: c:\windows\system32\winlogin32.exe to: c:\windows\system32\userinit.exe, <--needs the comma

If you have an easier way to do that....please help Sad
The code with RegLoadKey is the easiest way, just change some strings. If it is (Default), change "some string" to "".

Forum Jump:

Users browsing this thread: 1 Guest(s)