| Version 2 (modified by , 12 years ago) (diff) |
|---|
In version 1.0.1, we have two libraries to access the Windows registry.
- http://www.opengnsys.es/browser/trunk/client/engine/Registry.lib
- http://www.opengnsys.es/browser/trunk/client/engine/PostConfEAC.lib
PostconfEAC.lib
To access to Windows registry, this library is oriented to manage a files importer type .reg of Windows.
- Phase 1:
- Locate all hive (register file) of Microsoft Windows and all users hive.
- ogLoadHiveWindows(int_disk int_partition)
- This function exports all system variable: hiveSAM hiveSYSTEM hiveSOFTWARE with the corresponding file path hive.
- Microsoft Windows user variable will be exported: $user=hiveUserX; hiveUserX=path_to_register_file_user(.dat)
- Phase 2:
- Compose a file *.reg but with format chntpwd (program Linux to access to Windows registry).
- This phase may contain all the accesses that we want, the file *.reg with format chntpwd will grown. This allow access multiple to differents hives.
- Some functions are:
- ogNTPolUserOn()
- NTChangeName()
- NTSetGroupName()
- NTSetOwner()
- NTAutoLogon()
- NTStatusRatonTeclado()
- NTRunOnceMachine()
- NTRunUser()
- NTStatusBootChk()
- For example, when Windows boots run an instruction, you should call ogHiveNTRunMachine "cmd /c del c:\ogboot.* " ogcleanboot
function ogHiveNTRunMachine (path_script|instruccion idscript) {
cat >> $TEMPhive << EOF # Generate a *reg file with format chntpwd.
h 2 # Use hive with id 2. It is corresponding to SYSTEM.
cd \Microsoft\Windows\CurrentVersion\Run # Go to corresponding path
nv 1 $2 # Create a new entry with the name of the parameter2 (identification)
ed $2 # Edit the entry with:
$1 # Include the path to run scripts or directly the cmd command.
EOF
}
- Phase 3:
- Update hive in file *.reg-chntpwd.
- ogUpdateHiveWindows()
- Example where Windows run an instruction every time it boots.
http://www.opengnsys.es/browser/trunk/client/engine/Boot.lib#L77
