It is currently Thu Nov 23, 2017 7:14 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 12 posts ] 
Author Message
 Post subject: RawReg - reghive viewer/editor
PostPosted: Sat Jun 11, 2016 11:59 pm 
Offline
User avatar

Joined: Sat Feb 09, 2008 9:57 am
Posts: 2902
Location: Romania
http://reboot.pro/files/file/95-rawreg/
http://reboot.pro/topic/4684-raw-registry-editor/
Quote:
RawReg allows to edit offline Windows NT registry hives.

It can be used (for example) to edit BCD hives, NTUSER, software and many other registry hives found inside Windows NT (2000, XP, Vista, 7, 8, ...)

This tool provides information about the physical offset position of each registry key on the hive file, a very handy feature if you are debugging a registry hive with the aid of an hexadecimal editor.

What can it do?

- Browse the hive structure
- Edit the data on values
- Change the title of values
- Show a map with information of data inside each bin
- Show details about physical offset of any given key

Please note that unlike any other raw registry editors, this is the only program that can really add more data onto a given registry hive and manage the bin space properly. In the past, people were limited to only change data on keys that needed to have the exact same size, there are no such restrictions here and many things can be added - post your requests and I'll see if they can be included.

This tool is available "as is". With so many things going on at the same time, it is not possible to add extra features or correct reported defects. My apologies.

What is the advantage of not using Win32 API?

- No need to load a hive into the local registry
- Overcome any security restrictions imposed by Win32 API
- Works on every Windows platform (from Windows 9x all the way up to Vista)
- No UAC restrictions regarding hive load without administrator permissions
- More features can be added in the future.

Image

Note: this tool works great with the small RegHive files created by Sandboxie.
Tested version 1.3 and it saves its settings in RawReg.ini file inside its own folder while being stealth.

Database entry: http://www.portablefreeware.com/index.php?id=2786

_________________
My Tox ID


Top
 Profile  
 
 Post subject: Re: RawReg - reghive viewer/editor
PostPosted: Sun Jun 12, 2016 12:42 am 
Offline
User avatar

Joined: Mon Mar 12, 2007 5:21 am
Posts: 423
Location: The Netherlands
joby_toss wrote:
Note: this tool works great with the small RegHive files created by Sandboxie.
Tested version 1.3 and it saves its settings in RawReg.ini file inside its own folder while being stealth.

Database entry: http://www.portablefreeware.com/index.php?id=2786


Thanks for sharing, voted

_________________
Tough times never last but tough people do
-- Robert H. Schuller --


Top
 Profile  
 
 Post subject: Re: RawReg - reghive viewer/editor
PostPosted: Sun Jun 12, 2016 7:12 am 
Offline

Joined: Sat Jul 11, 2015 12:59 am
Posts: 244
Apart from RawReg (upvoted!), Registry Viewer (my default), and Buster's Sandbox Analyser (complex and only works with Sandboxie), are there any other programs that can open RegHives?


Top
 Profile  
 
 Post subject: Re: RawReg - reghive viewer/editor
PostPosted: Sun Jun 12, 2016 10:04 am 
Offline
User avatar

Joined: Mon Dec 07, 2009 7:09 am
Posts: 3868
Location: Sol3
RawReg looks like a valuable addition to any serious portablist toolbox -- especially for those of the sand-boxing persuasion... Thanks joby. 8)


Top
 Profile  
 
 Post subject: Re: RawReg - reghive viewer/editor
PostPosted: Sun Jun 12, 2016 11:56 am 
Offline

Joined: Sat Jun 23, 2012 4:28 pm
Posts: 449
Thank you, joby! :)

@shnbwmn: try Windows Registry Recovery


Top
 Profile  
 
 Post subject: Re: RawReg - reghive viewer/editor
PostPosted: Sun Jun 12, 2016 11:57 am 
Offline
User avatar

Joined: Sat Feb 09, 2008 9:57 am
Posts: 2902
Location: Romania
@shnbwmn: I use MiTeC Windows Registry Recovery to view them and now RawReg to edit them.

I'm glad you guys find this useful and I'd like to say Thank you! to Mr. Nuno Brito, the author. Although the app could use some improvements, I don't know of any other tool capable to edit these hive files in offline mode.

_________________
My Tox ID


Top
 Profile  
 
 Post subject: Re: RawReg - reghive viewer/editor
PostPosted: Mon Jun 13, 2016 5:20 am 
Offline
User avatar

Joined: Mon Dec 07, 2009 7:09 am
Posts: 3868
Location: Sol3
If memory serves me right, Nuno Brito is also the author and chief mod of Reboot.pro. The fact that he still finds the time to release free software is no mean feat, so all the praise is well deserved. 8)


Top
 Profile  
 
 Post subject: Re: RawReg - reghive viewer/editor
PostPosted: Mon Jun 13, 2016 7:33 am 
Offline

Joined: Sat Jul 11, 2015 12:59 am
Posts: 244
@billon @joby_toss : Thanks!


Top
 Profile  
 
 Post subject: Re: RawReg - reghive viewer/editor
PostPosted: Sat Jun 25, 2016 7:21 am 
Offline

Joined: Wed Apr 19, 2006 9:18 am
Posts: 360
Location: London, UK
@shnbwmn mentioned Buster's Sandbox Analyser (BSA) in passing. There is no other mention of it in TPFC.
I took a look at the program and just as shnbwmn wrote, it is complex.
The instructions blow your mind!
It is stated to be portable. I suspect that it isn't for its main use, as it requires WinPCap.
Nonetheless I extracted the appropriate files and placed them in the BSA directory. It seemed to run.
I then found that it is very easy to run Utilities and/or Analysis from the main menu.
It does indeed have an easy to use RegHive explorer as well as a PE explorer, a Process explorer, a File Disassembler, a Hasher, a Hex Editor etc
You can actually export the RegHive to a Reg file.
A few other features include PDF file analysis, URL analyzer and a APK analyzer.
I was intrigued by the last mentioned but it needed Java.
Anyway- just thought it might be of passing interest.


Top
 Profile  
 
 Post subject: Re: RawReg - reghive viewer/editor
PostPosted: Sun Jun 26, 2016 10:10 am 
Offline
User avatar

Joined: Thu Aug 07, 2008 4:51 am
Posts: 4139
JohnW wrote:
@shnbwmn mentioned Buster's Sandbox Analyser (BSA) in passing. There is no other mention of it in TPFC.


viewtopic.php?f=4&t=11118

_________________
Bəəs 2.0


Top
 Profile  
 
 Post subject: Re: RawReg - reghive viewer/editor
PostPosted: Sun Jun 26, 2016 11:07 am 
Offline

Joined: Wed Apr 19, 2006 9:18 am
Posts: 360
Location: London, UK
I stand corrected Baas. Sorry about that!
I'll excuse myself to some extent because the Search facility in the Forum is not very intelligent.


Top
 Profile  
 
 Post subject: Re: RawReg - reghive viewer/editor
PostPosted: Sun Jun 26, 2016 1:31 pm 
Offline

Joined: Sat Jul 11, 2015 12:59 am
Posts: 244
JohnW wrote:
... the Search facility in the Forum is not very intelligent.

viewtopic.php?p=66275#p66275

:wink:


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 12 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group