Inject registry entries into windows 8.1 registry using WinPE 5.0

0
votes

Is it possible to inject registry entries into Win 8.1 registry when booted into a WinPE 5.0 environment?

I need to inject the string reg entry

"Act"="%Drive%\Activate.cmd" (where Drive is the USB drive letter)

into the Win 8.1 reg at location

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

when the WinPE enviourment, I can inject the reg entry I require, but this does so into the WinPE hive not the Windows hive.

Is there are way, using only WinPE command line to load the Win hive and inject the reg entry please?

1
registrydoswinpe

1 Answers

0
votes

You can use Reg.exe - which is available in WinPe, so you can do most everything from a .cmd file. You can use:

reg load hklm\temphive d:\windows\system32\config\software
reg import x:\runOnce.reg
reg unload hklm\temphive

First line loads a temporary hive. Second line imports some keys from a .reg file and then the last line unloads the temporary hive. I'm using d: here - but it may not be d: on your system.

The file you load should address the temporary hive:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\temphive\Microsoft\Windows\CurrentVersion\RunOnce]
"Act"=hex(2):25,00,44,00,72,00,69,00,76,00,65,00,25,00,5c,00,41,00,63,00,74,00,\
  69,00,76,00,61,00,74,00,65,00,2e,00,63,00,6d,00,64,00,00,00

BTW - This is what came out as when I added the expandable string to the registry at the ...\RunOnce key - and then scripted it out. I don't know why it scripted it out as hex - maybe something to do with expandable string support. I then edited the path to address the temporary key I know the .cmd has created.