How to create a registry hive file from a .reg backup

0

Long story short, I accidentally royally screwed up my HKLM\SYSTEM registry directory trying to fix WinApps permissions that were changed with a Windows security patch.

As of right now, my system is completely unable to boot with a BSOD message of "inaccessible boot device" caused by my changes. I've tried

  • changing values of registry keys to enable AHCI
  • Safe Mode
  • sfc /scannow + chkdsk
  • Checking for pending packages in DISM
  • Moving files from Regback to /config

  • importing my working backup of SYSTEM.reg into the registry under windows recovery command prompt and WinPE

    One of those would normally work, but my issue is caused by a junk SYSTEM registry.

I need to create a SYSTEM HIVE file from my .REG backup of the HKLM\SYSTEM directory.

I thought this would be a very simple solution, but the only thing that I've managed to find on this topic is a random MSDN post from years ago that seems like it would accomplish what I want, but I can't get the script to work. (https://blogs.msdn.microsoft.com/sergey_babkins_blog/2014/11/10/how-to-create-a-brand-new-registry-hive/)

  • Trying to run his script as a .bat returns an error stating:function' is not recognized as an internal or external command, operable program or batch file.
  • Trying to run the .bat in powershell returns: merge.bat : The term 'merge.bat' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

If anyone knows how to get the above powershell script to work, please let me know.

Toast

Posted 2018-07-25T19:43:18.510

Reputation: 3

We don’t like questions that say “X doesn’t work”.  Please describe the results of your attempt to use the MSDN solution (and anything else you’ve tried).   Please do not respond in comments; [edit] your question to make it clearer and more complete. – Scott – 2018-07-25T20:48:14.780

Added more information. – Toast – 2018-07-25T21:11:08.517

Answers

2

The script you have linked is a PowerShell script, it needs to be saved with a .ps1 extension and executed in PowerShell.

Can you try saving it as a .ps1 file and running it, does this resolve your issues?

Edit:

The contents of your .ps1 file should be:

function ConvertTo-RegistryHive
{
<#
.SYNOPSIS
Convert a registry-exported  text (contents of a .reg file) to a binary registry hive file.

.EXAMPLE
PS> ConvertTo-RegistryHive -Text (Get-Content my.reg) -Hive my.hive
#>
    param(
        ## The contents of registry exported (.reg) file to convert into the hive.
        [string[]] $Text,
        ## The hive file name to write the result to.
        [parameter(Mandatory=$true)]
        [string] $Hive
    )

    $basefile = Join-Path ([System.IO.Path]::GetTempPath()) ([System.IO.Path]::GetRandomFileName())
    $regfile = $basefile + ".reg"
    $inifile = $basefile + ".ini"
    $subkey = [System.Guid]::NewGuid().ToString()

    &{
        foreach ($chunk in $Text) {
            foreach ($line in ($chunk -split "`r")) {
                $line -replace "^\[\w*\\\w*","[HKEY_LOCAL_MACHINE\$subkey"
            }
        }
    } | Set-Content $regfile

    # Since bcdedit stores its data in the same hives as registry,
    # this is the way to create an almost-empty hive file.
    bcdedit /createstore $Hive
    if (!$?) { throw "failed to create the new hive '$Hive'" }

    reg load "HKLM\$subkey" $Hive
    if (!$?) { throw "failed to load the hive '$Hive' as 'HKLM\$subkey'" }

    try {
        # bcdedit creates some default entries that need to be deleted,
        # but first the permissions on them need to be changed to allow deletion
@"
HKEY_LOCAL_MACHINE\$subkey\Description [1]
HKEY_LOCAL_MACHINE\$subkey\Objects [1]
"@ | Set-Content $inifile
        regini $inifile
        if (!$?) { throw "failed to change permissions on keys in 'HKLM\$subkey'" }
        Remove-Item -LiteralPath "hklm:\$subkey\Description" -Force -Recurse
        Remove-Item -LiteralPath "hklm:\$subkey\Objects" -Force -Recurse

        # now import the file contents
        reg import $regfile
        if (!$?) { throw "failed to import the data from '$regfile'" }
    } finally {
        reg unload "HKLM\$subkey"
        Remove-Item -LiteralPath $inifile -Force
    }

    Remove-Item -LiteralPath $regfile -Force
}

ConvertTo-RegistryHive -Text (Get-Content C:\MyHive.reg) -Hive HiveName

And then just change this C:\MyHive.reg to point to your .reg file and HiveName to the name of the Hive to be created.

Jacob

Posted 2018-07-25T19:43:18.510

Reputation: 134

This does make a hive file correctly. I loaded the hive file and exported it as a .reg file. Comparing that file back to the original .reg with Registry Workshop file shows that the hive file is basically the same expect for some Japanese calendar stuff. I'll update this post after I try cold swapping the file in system32\config – Toast – 2018-07-25T23:12:29.847

The script works, although I threw errors whenever I used anything besides ConvertTo-RegistryHive -Text (Get-Content my.reg) -Hive my.hive

I just renamed each of the files one at a time to make them into hives. Thanks! – Toast – 2018-07-26T15:19:29.690

Asked: 2018-07-25T19:43:18.510

Viewed: 754 times

Active: 2018-10-21T17:08:35.177