I think what you are looking for is chntpw
(it's the same as mentioned in Ben's question, btw). It comes as package (Ubuntu sudo apt-get install chntpw
) with modern distros and allows listing or editing the registry, given the hive file of a Windows installation. Hive files are ntuser.dat
in the profile directories of user as well as the files under %SystemRoot%\system32\config
such as software
.
From the man chntpw
page:
-e Registry editor with limited capabilities.
Caution: keep in mind that the format isn't officially documented by Microsoft and therefore any third-party editing tools could potentially damage the hives they load and manipulate. Take a backup!
As for applying a .reg
file I don't think you'll get around parsing it yourself. It is basically just an INI/INF file with a special first line and sections named after the keys and values that have been escaped according to the type of the value. @
is a special value name for the default key. The rest is self-evident from looking at the file.
Python comes with built-in capabilities to parse INI files, so it provides a good starting point.
Not sure if this would work but you could try booting the dd image in a virtual machine and then applying the fixes from within the actual windows environment. You might need to take an image of the changed machine at the end. Again, not at all sure if this is possible but it might be worth a try. – terdon – 2013-03-18T20:44:22.387