PDA

View Full Version : Accessing Windows Registry Through Knoppix



kaplan71
02-11-2005, 04:23 PM
I am running Knoppix 3.7 to recover from a damaged Windows installation and I need to access the Windows Registry. Does Knoppix have a way to access and modify the Registry? Thanks.

greenfly
02-11-2005, 07:21 PM
Yes it's possible to edit the windows registry from within Knoppix using a tool called "chntpw". I go over this in detail in Knoppix Hacks, but here's the gist of it:

Download the chntpw deb from http://packages.debian.org/unstable/admin/chntpw

Extract the chntpw binary by turning the deb into a tarball:

alien --to-tgz chntpw_0.99.2-1_i386.deb

Then untar it. Make sure the windows partition is mounted read/write (if it's NTFS you'll need to make sure you have already set up captive-ntfs). Then you can use the chntpw utility to access a specific hive (usually you'll want something like the SAM or SOFTWARE hive under winnt\system32\config):


/home/knoppix/chntpw SAM

As you can see I just left the chntpw utility in my home directory. The chntpw tool has an integrated help you can use to get a handle on how to use it, but basically it's like navigating a filesystem. Once you are finished editing the registry, sync, and unmount your partition to make sure the changes stuck (extra important if you are using captive-ntfs). Also make a backup copy of the registry hive you are editing just in case.

ulrich
02-15-2005, 09:22 AM
hey, great tool, provided it works as one might expect.

however, concerning conversion to *.tar:
isn't it already a compressed *.tar if downloaded using this link:
http://ftp.debian.org/debian/pool/non-free/c/chntpw/chntpw_0.99.2.orig.tar.gz
?

have a nice day,
ulrich

greenfly
02-18-2005, 07:25 PM
hey, great tool, provided it works as one might expect.

however, concerning conversion to *.tar:
isn't it already a compressed *.tar if downloaded using this link:
http://ftp.debian.org/debian/pool/non-free/c/chntpw/chntpw_0.99.2.orig.tar.gz
?

have a nice day,
ulrich

Unfortunately, that is just a link to the original source in tarball form. There isn't a precompiled binary to be found there like with the .deb, so you would have to add a step of compiling chntpw.

foamrotreturns
02-21-2005, 07:58 PM
Just wondering, why do we need to turn it into a tarball? Can't we just install using dpkg?

greenfly
02-24-2005, 10:09 AM
Just wondering, why do we need to turn it into a tarball? Can't we just install using dpkg?

You can if you are installed to a hard drive, but if you are running off of a Knoppix CD most Debian packages won't directly install, as all of /usr is read-only. I turn it into a tarball so I can just extract the binary I need into the home directory (which I can write to).