This week was also important because I finally understand how to handle registry hives.
It was a goal I had set my mind to accomplish a year ago.
Other Raw registry editors available out there were not "true" registry editors - they would indeed allow you to browse a hive structure but your actions would be very limited since it would only be possible to change the value of a given key with another value of similar size (DWORD/QWORD numbers for example) and this happened because they'd just hex edit the hive file but are unable of doing anything else or the registry hive becomes corrupted. Adding/removing/renaming keys or importing new data was a mission considered "impossible".
There were several difficulties that kept me away from succeeding on this task. Official documentation explaining how registry hives were structured was nearly zero and the few official sources were so vague and only covered a few of the mechanics as viewed from the perspective of an end user and not meant for someone who desired to understand how they were assembled.
The other sources of information that seemed somewhat focused on the information that I required were very disappointing, most of their assumptions were erroneous and lead me several times to dead-ends were things just didn't seem (or sounded) logical or efficient.
My own codings were extremely inefficient - my primary concern was getting to the part were data was displayed all nice and tidy and completely avoided any interest in fully understanding how the other registry structures would fit this puzzle.
So a year ago - I presented a small raw registry reader and quit from this idea.
------------------------------------
However, for my luck I stumbled on some non-official documents from one the original registry developers that explained how the registry hive concept worked and this gave me some hope to understand the magic behind the registry.
And shortly after - I read a very interesting article that explained how delphi could be used to interpret binary structures much alike C does and this was the breaking point to start a new project from scratch.
This time no stone was left untouched and I tried as much as possible to fully understand all possible components about the registry hive structure and document my own findings (and corrections to the documentation sources that I found from the internet). Starting from the base all the way up the key data structure was possible to disassemble piece by piece how the hives were composed and learn how to properly write back the needed data and manage the space that is created inside each bin.
The code produced by Alex Ionescu for ReactOS was also a very good guide to learn more about the registry structure in C format but even Alex left out some details that were not accurate enough to fully debug hives but were still a great help for learning more about the "official" MS name designations for each cell component. The missing concepts were either explained by the non-official MS white papers and discovered using trial & error for weeks (literally).
Once we understand all pieces of this giant and magic puzzle it literally becomes a piece of pie to introduce and implement the registry write portion.
The registry is no more of a mistery to me and I feel quite happy and confident to use and manipulate registry hives as needed.
This software fully respects MS intelectual property and shares no code from any other publicly available development so it's safe to be used without risk of legal actions.
From my perspective, this is the best possible solution for overcoming the limitations imposed by any Vista UAC or anything else that appear in the future and an excellent addon feature for winbuilder to continue building boot disks without need to bother about having administrative permissions.
Guess it's Microsoft loss as their registry structure is suddenly not as safe as before
but.. wait a minute - wasn't UAC meant to provide more security in the first place?
If we can now write to registry hives without need for Win32 Registry API or constraints by API then where are the security guards now?
You find the Raw Registry Editor on this link: http://reboot.pro/files/file/95-rawreg/
:)
404 - Not Found
ReplyDeleteI've updated the link, now you can find the tool at http://reboot.pro/files/file/95-rawreg/
ReplyDeleteTake care,
Nuno