设为首页收藏本站
开启辅助访问

无忧启动论坛

 找回密码
 注册
搜索
无忧启动论坛»论坛 ::启动制作:: PE讨论区 88mb网络版pe和微软原始winre.wim离线导入两注册表片段 ...

88mb网络版pe和微软原始winre.wim离线导入两注册表片段添加DWM桌面窗口管理功能的方法

查看数: 6524 | 评论数: 22 | 收藏 8
关灯 | 提示:支持键盘翻页<-左 右->
帖子模式
    组图打开中,请稍候......
sairen139
发布时间: 2022-11-14 19:00

正文摘要:

本帖最后由 sairen139 于 2022-12-8 08:40 编辑 88mb骨头网络版pe和微软原始winre.wim离线导入两注册表片段添加DWM桌面窗口管理功能的方法 找出了1904X(即10pe)的DWM最少15个依赖文件如下全加到pe的System32目 ...

回复

nowayer 发表于 2023-12-1 10:21:49
提示: 作者被禁止或删除 内容自动屏蔽
fjice 发表于 2022-12-14 15:31:01

谢谢分享!
2267981144 发表于 2022-11-15 17:32:48
谢谢版主无私分享实用的WinPE
sairen139 发表于 2022-11-15 14:53:05
artedu 发表于 2022-11-15 13:58
88mb网络版pe从哪里下?

链接: https://pan.baidu.com/s/1eE7eyArcPYUeu5gi7FmJAQ?pwd=8864 提取码: 8864
artedu 发表于 2022-11-15 13:58:42
88mb网络版pe从哪里下?

点评

sairen139
链接: https://pan.baidu.com/s/1eE7eyArcPYUeu5gi7FmJAQ?pwd=8864 提取码: 8864  详情 回复 发表于 2022-11-15 14:53
lx5815 发表于 2022-11-15 08:43:44
谢谢分享!
命令提示符CMD 发表于 2022-11-15 08:17:17
大佬牛蛙!
zrr890528 发表于 2022-11-15 08:14:01
不断地学习,越来越小巧的pe
dxhjh 发表于 2022-11-15 06:59:13

谢谢分享
in9 发表于 2022-11-15 00:05:00
谢谢分享!
jiangweiyuzhang 发表于 2022-11-14 22:34:12
学习了!
lusir401 发表于 2022-11-14 22:33:45
PE越来越小,功能越来越强。
春梦无痕 发表于 2022-11-14 22:21:56
感谢分享
回想曲 发表于 2022-11-14 22:02:03
感谢
tianyayouzi8 发表于 2022-11-14 21:49:45
谢谢分享!
番茄盖浇饭 发表于 2022-11-14 19:46:54
谢谢分享
liujun2000 发表于 2022-11-14 19:36:47
感谢分享
cph 发表于 2022-11-14 19:17:25
感谢分享
sairen139 发表于 2022-11-14 19:05:41
本帖最后由 sairen139 于 2022-11-14 23:57 编辑

注册表可以再精简,88mb骨头网络版pe-software离线添加DWM功能精简了最后的Svchost分支只加一个dwm必须的注册表.reg的内容如下所示:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\pe-SOFTWARE\Microsoft\SecurityManager\TransientObjects\%5C%5C.%5CAlpcPort%5CMPCManager]
"SecurityDescriptor"=hex:01,00,04,80,00,00,00,00,00,00,00,00,00,00,00,00,14,00,\
  00,00,02,00,c8,00,06,00,00,00,00,00,14,00,ff,ff,1f,11,01,01,00,00,00,00,00,\
  03,00,00,00,00,00,00,14,00,00,00,00,10,01,01,00,00,00,00,00,05,04,00,00,00,\
  00,00,14,00,ff,ff,1f,11,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,\
  ff,1f,11,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,34,00,00,00,\
  00,10,01,09,00,00,00,00,00,05,20,00,00,00,de,47,0c,02,cd,72,21,9f,9f,66,04,\
  7f,cf,21,e3,b6,56,01,c2,c3,d6,54,cb,77,a0,68,ba,8f,13,23,8f,30,00,00,38,00,\
  00,00,00,10,01,0a,00,00,00,00,00,0f,03,00,00,00,00,04,00,00,de,47,0c,02,cd,\
  72,21,9f,9f,66,04,7f,cf,21,e3,b6,56,01,c2,c3,d6,54,cb,77,a0,68,ba,8f,13,23,\
  8f,30

[HKEY_LOCAL_MACHINE\pe-SOFTWARE\Microsoft\SecurityManager\TransientObjects\%5C%5C.%5CAlpcPort%5CWM_RegistrarServer]
"SecurityDescriptor"=hex:01,00,04,80,00,00,00,00,00,00,00,00,00,00,00,00,14,00,\
  00,00,02,00,f4,00,08,00,00,00,00,00,14,00,ff,ff,1f,11,01,01,00,00,00,00,00,\
  03,00,00,00,00,00,00,14,00,00,00,00,80,01,01,00,00,00,00,00,05,04,00,00,00,\
  00,00,14,00,00,00,00,80,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,14,00,ff,\
  ff,1f,11,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,ff,1f,11,01,02,\
  00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,34,00,00,00,00,80,01,09,00,\
  00,00,00,00,05,20,00,00,00,ce,4a,93,59,b9,cf,0b,75,75,c0,f2,9b,b2,b4,c2,98,\
  d4,46,dd,f9,02,7a,87,ec,14,65,11,77,d6,e9,96,55,00,00,18,00,00,00,00,80,01,\
  02,00,00,00,00,00,0f,02,00,00,00,01,00,00,00,00,00,38,00,00,00,00,80,01,0a,\
  00,00,00,00,00,0f,03,00,00,00,00,04,00,00,ce,4a,93,59,b9,cf,0b,75,75,c0,f2,\
  9b,b2,b4,c2,98,d4,46,dd,f9,02,7a,87,ec,14,65,11,77,d6,e9,96,55

[HKEY_LOCAL_MACHINE\pe-SOFTWARE\Microsoft\SecurityManager\TransientObjects\%5C%5C.%5CAlpcPort%5CWM_SystemWindowIDManager]
"SecurityDescriptor"=hex:01,00,04,80,00,00,00,00,00,00,00,00,00,00,00,00,14,00,\
  00,00,02,00,c8,00,06,00,00,00,00,00,14,00,ff,ff,1f,11,01,01,00,00,00,00,00,\
  03,00,00,00,00,00,00,14,00,00,00,00,80,01,01,00,00,00,00,00,05,04,00,00,00,\
  00,00,14,00,ff,ff,1f,11,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,\
  ff,1f,11,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,34,00,00,00,\
  00,80,01,09,00,00,00,00,00,05,20,00,00,00,9c,79,50,5b,47,d6,d1,bb,11,36,28,\
  23,f9,84,cc,57,c6,05,f8,73,fb,e7,8b,6b,3d,e4,6a,5a,89,e2,84,5b,00,00,38,00,\
  00,00,00,80,01,0a,00,00,00,00,00,0f,03,00,00,00,00,04,00,00,9c,79,50,5b,47,\
  d6,d1,bb,11,36,28,23,f9,84,cc,57,c6,05,f8,73,fb,e7,8b,6b,3d,e4,6a,5a,89,e2,\
  84,5b

[HKEY_LOCAL_MACHINE\pe-SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassID\Windows.UI.Composition.Compositor]
"ActivationType"=dword:00000000
"DllPath"="X:\\Windows\\System32\\dcomp.dll"
"Threading"=dword:00000000
"TrustLevel"=dword:00000000

[HKEY_LOCAL_MACHINE\pe-SOFTWARE\Microsoft\Windows\Dwm]
"AnimationAttributionEnabled"=dword:00000001
"AnimationAttributionHashingEnabled"=dword:00000001
"GradientWhitePixelGPUBlacklist"="10DE:0245 10DE:009d 10DE:029e 10DE:029d 10DE:029f 10DE:029c 10DE:029b 10DE:029a 10DE:01de 10DE:01dc 10DE:01d7 10DE:01da 10DE:01db 10DE:039e 10DE:039c 10DE:039a 10DE:019e 10DE:019d 10DE:040f 10DE:040a 10DE:040e 10DE:040d 10DE:040c 10DE:040b 10DE:042f 10DE:042d 10DE:042a 10DE:042b 10DE:0429 10DE:061a 10DE:0619 10DE:061b 10DE:061d 10DE:061c 10DE:061e 10DE:061f 10DE:0638 10DE:063a 10DE:0658 10DE:0659 10DE:065a 10DE:065c 10DE:06fd 10DE:06f8 10DE:06fa 10DE:06f9 10DE:06fb 10DE:06ea 10DE:06eb 10DE:06dd 10DE:06d9 10DE:06d8 10DE:06dc 10DE:109b 10DE:06da 10DE:109a 10DE:0e3a 10DE:0e3b 10DE:0dd8 10DE:0dda 10DE:0df8 10DE:0dfa 10DE:0df9 10DE:1057 10DE:11bb 10DE:11b4 10DE:11ba 10DE:11be 10DE:11b6 10DE:11bd 10DE:11b7 10DE:11bc 10DE:11b8 10DE:11fa 10DE:11fc 10DE:0fff 10DE:0ffe 10DE:0ff9 10DE:0ff3 10DE:0ffa 10DE:0ffc 10DE:0ff6 10DE:0ffb 10DE:0ff8 10DE:103c 10DE:103a 10DE:12ba 10DE:12b9 10DE:13bc 10DE:13ba 10DE:13bb 10DE:13b3 10DE:13b1 10DE:13b6 10DE:13b0 10DE:13b2 10DE:13b4 10DE:137a 10DE:137b 10DE:17f1 10DE:17f0 10DE:13f1 10DE:13f0 10DE:13fa 10DE:13f9 10DE:13f8 10DE:13fb 10DE:1430 10DE:1436 10DE:15f0 10DE:1b30 10DE:1bb1 10DE:1bb0 10DE:1bb8 10DE:1bb7 10DE:1bb6 10DE:1c30 10DE:1cb1 10DE:1cb3 10DE:1cb2 10DE:05f9 10DE:05ff 10DE:05fe 10DE:05fd 10DE:05ed 10DE:05f8 10DE:0cbc 10DE:0a38 10DE:0a3c 10DE:0a78 10DE:0a7c 10DE:05be 10DE:0103 10DE:0113 10DE:0153 10DE:017a 10DE:017c 10DE:0178 10DE:017b 10DE:018a 10DE:018c 10DE:018b 10DE:0188 10DE:0203 10DE:025b 10DE:0259 10DE:0258 10DE:0289 10DE:0288 10DE:028c 10DE:0309 10DE:0308 10DE:031c 10DE:032b 10DE:032a 10DE:0338 10DE:033f 10DE:034c 10DE:034e 10DE:00fc 10DE:00fd 10DE:00fe 10DE:00f8 10DE:004e 10DE:00ce 10DE:00cc 10DE:00cd 10DE:014a 10DE:014e 10DE:014d 10DE:0165"
"OneCoreNoBootDWM"=dword:00000000
"ShaderLinkingGPUBlacklist"="8086:08C* 8086:0BE* 8086:258* 8086:259* 8086:277* 8086:278* 8086:279* 8086:27A* 8086:29B* 8086:29C* 8086:29D* 8086:2E5* 8086:410* 8086:810* 8086:A00* 8086:A01*"
"DwmInitSessionActivityId_00000001"="32745683-F7B3-0002-4357-7432B3F7D801"

[HKEY_LOCAL_MACHINE\pe-SOFTWARE\Microsoft\Windows\Dwm\ExtendedComposition]
"Compositor"="HologramCompositor.dll"
"enableColorSeparation"=dword:00000001
"ExclusiveModeFramerateAveragingPeriodMs"=dword:000003e8
"ExclusiveModeFramerateThresholdPercent"=dword:0000002d
"ForwardOnlyOnly"=dword:00000001
"RemoveSRMeshInShell"=dword:00000001
"SydneyDownsampleFilterKernelSize"=dword:00000003

[HKEY_LOCAL_MACHINE\pe-SOFTWARE\Microsoft\Windows\CurrentVersion\Themes]
"Drop Shadow"="FALSE"
"Flat Menus"="FALSE"
"InstallTheme"="X:\\Windows\\resources\\Themes\\aero.theme"
"InstallThemeLight"="X:\\Windows\\resources\\Themes\\light.theme"
"InstallVisualStyle"="%ResourceDir%\\themes\\Aero\\Aero.msstyles"
"SetupVersion"="10"

[HKEY_LOCAL_MACHINE\pe-SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\DefaultColors]

[HKEY_LOCAL_MACHINE\pe-SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\DefaultColors\HighContrast]
"ActiveTitle"=dword:006e0037
"ButtonFace"=dword:00000000
"ButtonText"=dword:00ffffff
"GrayText"=dword:003ff23f
"Hilight"=dword:00ffeb1a
"HilightText"=dword:00000000
"HotTrackingColor"=dword:0000ffff
"InactiveTitle"=dword:002f0000
"InactiveTitleText"=dword:00ffffff
"MenuHilight"=dword:00800080
"TitleText"=dword:00ffffff
"Window"=dword:00000000
"WindowText"=dword:00ffffff

[HKEY_LOCAL_MACHINE\pe-SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\DefaultColors\Standard]
"ActiveTitle"=dword:00d1b499
"ButtonFace"=dword:00f0f0f0
"ButtonText"=dword:00000000
"GrayText"=dword:006d6d6d
"Hilight"=dword:00d77800
"HilightText"=dword:00ffffff
"HotTrackingColor"=dword:00cc6600
"InactiveTitle"=dword:00dbcdbf
"InactiveTitleText"=dword:00000000
"MenuHilight"=dword:00ff9933
"TitleText"=dword:00000000
"Window"=dword:00ffffff
"WindowText"=dword:00000000

[HKEY_LOCAL_MACHINE\pe-SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Schemes]
"@themeui.dll,-850"=hex:02,00,00,00,46,00,00,00,01,00,00,00,11,00,00,00,11,00,\
  00,00,14,00,00,00,14,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,\
  00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\
  6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,\
  00,66,00,00,00,fc,7f,22,14,fc,7f,b0,fe,12,00,00,00,00,00,00,00,00,00,98,23,\
  eb,77,0f,00,00,00,0f,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,\
  00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\
  6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,\
  00,66,00,00,00,f0,77,00,20,14,00,00,00,00,10,80,05,14,00,f0,1f,14,00,00,00,\
  14,00,12,00,00,00,12,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,\
  00,90,01,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\
  6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,\
  00,66,00,00,00,14,00,88,fb,e8,77,02,02,00,00,ac,b9,f0,77,00,00,00,00,20,00,\
  00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,\
  00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,\
  53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,7c,6b,e8,77,00,00,00,00,f5,ff,ff,ff,00,00,\
  00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,4d,00,69,\
  00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,\
  20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,06,00,00,00,18,00,00,00,ff,\
  ff,ff,ff,f0,4b,21,fc,00,c4,f0,77,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,\
  00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,\
  00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,\
  69,00,66,00,00,00,14,00,0b,00,00,00,00,ff,12,00,50,00,00,00,c0,fe,12,00,0c,\
  10,00,01,00,00,00,00,00,00,00,00,00,00,ff,00,00,ff,ff,00,00,00,00,00,00,00,\
  00,00,ff,ff,ff,00,ff,ff,ff,00,ff,ff,00,00,ff,ff,ff,00,00,00,ff,00,00,ff,ff,\
  00,00,00,00,00,00,80,00,00,ff,ff,ff,00,00,00,00,00,80,80,80,00,00,ff,00,00,\
  ff,ff,ff,00,00,00,00,00,c0,c0,c0,00,ff,ff,ff,00,ff,ff,ff,00,ff,ff,00,00,00,\
  00,00,00,c0,c0,c0,00,80,80,ff,00,00,00,ff,00,00,ff,ff,00
"@themeui.dll,-851"=hex:02,00,00,00,46,00,00,00,01,00,00,00,11,00,00,00,11,00,\
  00,00,14,00,00,00,14,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,\
  00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\
  6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,\
  00,66,00,00,00,fc,7f,22,14,fc,7f,b0,fe,12,00,00,00,00,00,00,00,00,00,98,23,\
  eb,77,0f,00,00,00,0f,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,\
  00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\
  6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,\
  00,66,00,00,00,f0,77,00,20,14,00,00,00,00,10,80,05,14,00,f0,1f,14,00,00,00,\
  14,00,12,00,00,00,12,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,\
  00,90,01,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\
  6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,\
  00,66,00,00,00,14,00,88,fb,e8,77,02,02,00,00,ac,b9,f0,77,00,00,00,00,20,00,\
  00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,\
  00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,\
  53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,7c,6b,e8,77,00,00,00,00,f5,ff,ff,ff,00,00,\
  00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,4d,00,69,\
  00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,\
  20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,06,00,00,00,18,00,00,00,ff,\
  ff,ff,ff,f0,4b,21,fc,00,c4,f0,77,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,\
  00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,\
  00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,\
  69,00,66,00,00,00,14,00,0b,00,00,00,00,ff,12,00,50,00,00,00,c0,fe,12,00,0c,\
  10,00,01,00,00,00,00,00,00,00,00,00,ff,ff,00,00,00,ff,00,00,00,00,00,00,00,\
  00,00,ff,ff,ff,00,00,ff,00,00,00,ff,00,00,00,00,00,00,00,ff,ff,00,00,00,ff,\
  00,ff,ff,ff,00,00,00,ff,00,ff,ff,ff,00,00,00,00,00,80,80,80,00,c0,c0,c0,00,\
  00,ff,00,00,ff,ff,ff,00,c0,c0,c0,00,ff,ff,ff,00,ff,ff,ff,00,00,00,00,00,ff,\
  ff,00,00,c0,c0,c0,00,80,80,ff,00,00,ff,ff,00,00,00,ff,00
"@themeui.dll,-852"=hex:02,00,00,00,46,00,00,00,01,00,00,00,11,00,00,00,11,00,\
  00,00,14,00,00,00,14,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,\
  00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\
  6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,\
  00,66,00,00,00,fc,7f,22,14,fc,7f,b0,fe,12,00,00,00,00,00,00,00,00,00,98,23,\
  eb,77,0f,00,00,00,0f,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,\
  00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\
  6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,\
  00,66,00,00,00,f0,77,00,20,14,00,00,00,00,10,80,05,14,00,f0,1f,14,00,00,00,\
  14,00,12,00,00,00,12,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,\
  00,90,01,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\
  6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,\
  00,66,00,00,00,14,00,88,fb,e8,77,02,02,00,00,ac,b9,f0,77,00,00,00,00,20,00,\
  00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,\
  00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,\
  53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,7c,6b,e8,77,00,00,00,00,f5,ff,ff,ff,00,00,\
  00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,4d,00,69,\
  00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,\
  20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,06,00,00,00,18,00,00,00,ff,\
  ff,ff,ff,f0,4b,21,fc,00,c4,f0,77,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,\
  00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,\
  00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,\
  69,00,66,00,00,00,14,00,0b,00,00,00,00,ff,12,00,50,00,00,00,c0,fe,12,00,0c,\
  10,00,01,00,00,00,00,00,00,00,00,80,00,80,00,00,80,00,00,00,00,00,00,00,00,\
  00,00,ff,ff,ff,00,ff,ff,ff,00,ff,ff,ff,00,ff,ff,ff,00,ff,ff,00,00,00,80,00,\
  00,00,00,00,00,80,00,80,00,ff,ff,ff,00,00,00,00,00,80,80,80,00,00,ff,00,00,\
  ff,ff,ff,00,ff,ff,ff,00,c0,c0,c0,00,ff,ff,ff,00,ff,ff,ff,00,ff,ff,ff,00,00,\
  00,00,00,c0,c0,c0,00,80,80,ff,00,80,00,80,00,00,80,00,00
"@themeui.dll,-853"=hex:02,00,00,00,46,00,00,00,01,00,00,00,11,00,00,00,11,00,\
  00,00,14,00,00,00,14,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,\
  00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\
  6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,\
  00,66,00,00,00,fc,7f,22,14,fc,7f,b0,fe,12,00,00,00,00,00,00,00,00,00,98,23,\
  eb,77,0f,00,00,00,0f,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,\
  00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\
  6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,\
  00,66,00,00,00,f0,77,00,20,14,00,00,00,00,10,80,05,14,00,f0,1f,14,00,00,00,\
  14,00,12,00,00,00,12,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,\
  00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\
  6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,\
  00,66,00,00,00,14,00,88,fb,e8,77,02,02,00,00,ac,b9,f0,77,00,00,00,00,20,00,\
  00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,\
  00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,\
  53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,7c,6b,e8,77,00,00,00,00,f5,ff,ff,ff,00,00,\
  00,00,00,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,\
  00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,\
  20,00,53,00,65,00,72,00,69,00,66,00,00,00,00,00,06,00,00,00,18,00,00,00,ff,\
  ff,ff,ff,f0,4b,21,fc,00,c4,f0,77,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,\
  00,00,bc,02,00,00,00,00,00,00,00,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,\
  00,6f,00,66,00,74,00,20,00,53,00,61,00,6e,00,73,00,20,00,53,00,65,00,72,00,\
  69,00,66,00,00,00,14,00,0b,00,00,00,00,ff,12,00,50,00,00,00,c0,fe,12,00,0c,\
  10,00,01,ff,ff,ff,00,ff,ff,ff,00,00,00,00,00,ff,ff,ff,00,ff,ff,ff,00,ff,ff,\
  ff,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,00,80,80,80,00,c0,c0,c0,\
  00,80,80,80,00,00,00,00,00,ff,ff,ff,00,ff,ff,ff,00,80,80,80,00,00,80,00,00,\
  00,00,00,00,00,00,00,00,c0,c0,c0,00,00,00,00,00,c0,c0,c0,00,00,00,00,00,ff,\
  ff,ff,00,c0,c0,c0,00,00,00,00,00,00,00,00,00,ff,ff,ff,00
"@themeui.dll,-854"=hex:02,00,00,00,f4,01,00,00,01,00,00,00,10,00,00,00,10,00,\
  00,00,12,00,00,00,12,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,\
  00,bc,02,00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,0c,00,00,00,0f,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,\
  00,bc,02,00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,12,00,00,00,12,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,\
  00,90,01,00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,\
  00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,f5,ff,ff,ff,00,00,\
  00,00,00,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,00,00,54,00,61,\
  00,68,00,6f,00,6d,00,61,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,f5,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,\
  00,00,90,01,00,00,00,00,00,00,00,00,00,00,54,00,61,00,68,00,6f,00,6d,00,61,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,d4,d0,c8,00,3a,6e,a5,00,0a,24,6a,00,80,80,80,00,d4,d0,c8,00,ff,ff,\
  ff,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,00,d4,d0,c8,00,d4,d0,c8,\
  00,80,80,80,00,0a,24,6a,00,ff,ff,ff,00,d4,d0,c8,00,80,80,80,00,80,80,80,00,\
  00,00,00,00,d4,d0,c8,00,ff,ff,ff,00,40,40,40,00,d4,d0,c8,00,00,00,00,00,ff,\
  ff,e1,00,b5,b5,b5,00,00,00,80,00,a6,ca,f0,00,c0,c0,c0,00

[HKEY_LOCAL_MACHINE\pe-SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\VisualStyleDirs]
"1"=hex(2):25,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,44,00,69,00,\
  72,00,25,00,5c,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00

[HKEY_LOCAL_MACHINE\pe-SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"LocalServiceNoNetwork"=hex(7):43,00,6f,00,72,00,65,00,4d,00,65,00,73,00,73,00,\
  61,00,67,00,69,00,6e,00,67,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,61,\
  00,72,00,00,00,00,00



88mb骨头网络版pe-software离线添加DWM功能精简了最后的Svchost分支注册表.reg.TXT

18.62 KB, 下载次数: 9, 下载积分: 无忧币 -2

88mb骨头网络版pe-software离线添加DWM功能精简了最后的Svchost分支注册表留一个对应的.reg
sairen139 发表于 2022-11-14 19:05:15
本帖最后由 sairen139 于 2022-11-15 01:01 编辑

11pe增加DWM功能須wuceffects.dll文件!如组织行变宽且有错位现象可精简shell32.dll.mun剩下2个图标解决。
sairen139 发表于 2022-11-14 19:04:56
本帖最后由 sairen139 于 2022-12-4 15:56 编辑

无视权限离线导入注册表的绝赞工具offlineReg的使用方法:
http://mistyprojects.co.uk/documents/offlinereg/offlinereg.htm#builtinHelp

OfflineReg

Registry Basics
Registry entries use the following format in the Windows Registry Editor (regedit.exe) -


    <Key> <Value> <Type> <Data>
The <Key> is displayed as a folder tree in the left panel of the Windows Registry Editor. <Keys> in a registry hive can be viewed/accessed in a similar manner to that used when browsing a folder tree in the Windows Explorer file-manager - with an expandable/collapsible tree view. The currently selected <Key> is displayed in the form of a path in the bar at the bottom of the Registry Editor window.
<Value> is a value under the <Key> selected in the folder tree in the left panel . Each <Value> in a <Key> must have a unique name - included <Values> of different <Types>. Please note that a <Value> is displayed under the Namecolumn in the Windows Registry Editor.
<Type> can be one of the data types listed in table 1
<Data> is the information contained in the selected <Key> <Value>.
Using an example from the HKLM\SYSTEM\ControlSet001\Control <Key>, the <Value> CurrentUser is a REG_SZ <Type> entry containing the <Data>USERNAME
Table 1.
Table displaying the different <Value> <Types> supported in OfflineReg. The first column displays the <Type> as displayed in the Windows Registry Editor, the second column displays the corresponding numeric identifier used in the OfflineReg setvalue command, and the third column lists a summary of each <Type> (the Descriptions below have been copied from here) -
TypeOfflineReg IDDescription
REG_SZ1A fixed-length text string.
REG_MULTI_SZ7A multiple string. Values that contain lists or multiple values in a form that people can read are generally this type. Entries are separated by spaces, commas, or other marks.
REG_EXPAND_SZ2A variable-length data string. This data type includes variables that are resolved when a program or service uses the data.
REG_DWORD4Data represented by a number that is 4 bytes long (a 32-bit integer). Many parameters for device drivers and services are this type and are displayed in Registry Editor in binary, hexadecimal, or decimal format. Related values are DWORD_LITTLE_ENDIAN (least significant byte is at the lowest address) and REG_DWORD_BIG_ENDIAN (least significant byte is at the highest address).
REG_QWORD11Data represented by a number that is a 64-bit integer. This data is displayed in Registry Editor as a Binary Value and was introduced in Windows 2000.
REG_BINARY3Raw binary data. Most hardware component information is stored as binary data and is displayed in Registry Editor in hexadecimal format.

OfflineReg
OfflineReg has been developed by Erwan.l. It is a console program that provides a frontend for the Windows API functions in the off-line registry library (Offreg.dll), and can be used to access off-line registry hives. Please note the use of off-line - if a registry hive is already loaded/mounted then OfflineReg will not be able to access it. Offreg.dll is "...a binary redistributable dynamic-link library (DLL)....Offreg.dll is provided in the Windows Driver Kit (WDK)..." - it is included in the OfflineReg download package. Please refer to the Offline Registry Library web-page for more information about the Offreg.dll library.
The common method of accessing an off-line registry hive involves mounting/loading it to make any required changes and then unmounting/unloading it. Loading a registry hive requires elevated user privileges. OfflineReg provides a scriptable tool for editing off-line registry hives and can be executed from an account with standard user privileges.
It is also worth mentioning that certain registry keys have security and access rights/permissions, and these cannot be edited when an off-line hive is loaded. Security permissions are not an issue when using OfflineReg as it will bypass them.
OfflineReg Commands
The command syntax in OfflineReg varies depending on the command being executed. table 2 contains a list of commands supported in OfflineReg version 0.9.9.
Table 2.
The following table displays a list of supported commands with a brief summary of each. Click on the Command to view the syntax and examples -
CommandSummary
createCreate a new (empty) registry <Hive>.
createkeyCreate a new <Key>. If this is a subkey, then any parent <Key> must already be present in the target registry hive or this command will fail.
deletevalueDelete a <Value> (and its <Data>) from the selected <Key>.
deletekeyDelete the selected <Key>. If the <Key> contains subkeys this command will fail. Use the deletekeyscommand if a <Key> contains subkeys.
deletekeysDelete the selected <Key> and all subkeys it contains.
enumkeysList all subkeys contained in the selected <Key>.
enumkeysrList all subkeys contained in the selected <Key> and recursively loop through all subkeys to display the full <Key> structure.
enumvaluesList all <Values> in the selected <Key>.
enumallvaluesList all <Values> (including its corresponding <Type>and <Data>) in the selected <Key>.
getvalueParse the <Value> <Type> and <Data> of the selected <Key> <Value>
getvaluebyteatRetrieve a REG_BINARY byte at a given offset from the selected <Key><Value> in the target <Hive>.
importAdd settings from a registry file (.reg).
runRun (multiple) commands from a file.
setvalueWrite <Value> and <Data> to the selected <Key>, or write the <Data> to the selected <Key> <Value>.
setvaluebyteatWrite a byte at a given offset in the selected <Key><Value> in the target <Hive> (supported <Value><Type> is REG_BINARY).

create
Create a new (empty) registry <Hive>. The <Key> specified in this command must be at the <Hive> root.
Syntax: -


    offlinereg-win32.exe  <Hive>  " "  create
Or


    offlinereg-win32.exe  <Hive>  <Key>  create

Example 1: -  
Create an empty <Hive> -
Output -

Example 2: -  
Create a new <Hive> with <Key> ControlSet001 at its root -
Output -

createkey
Create a new <Key>.
NOTES - see example 2 (below) for instructions on creating a <Key> at the root of the selected <Hive>.
Syntax: -


    offlinereg-win32.exe  <Hive>  <Key>  createkey  <new_key>
Or (see Example 2)


    offlinereg-win32.exe  <Hive>  <Key><new_key>  createkey  
Or (see Example 3)


    offlinereg-win32.exe  <Hive>  <new_Key>  createkey  " "

Example 1: -  
The following command will create <Key> E and all parent <Keys> and subkeys in the chain.
Output -
A screenshot of the <Hive> is displayed below. The screenshot shows the <Hive> mounted as HKLM\_TEMPREG in the Windows Registry Editor, with all <Keys> and subkeys created after running the above command expanded in the tree view -
Example 2: -  
The following command will achieve identical results to the command in Example 1 - creating <Key> E and all parent <Keys> and subkeys in the chain. The only difference in the syntax is appending the new key to the existing <Key> parameter, rather than as a seperate parameter following the createkeycommand.
Example 3: -
To create a <Key> at the root of a <Hive>, use the following syntax -


    offlinereg-win32.exe  <Hive>  <new_Key>  createkey  " "

E.g. -

Output -

deletevalue
Delete a <Value> (and its <Data>) from the selected <Key>.
Syntax: -


    offlinereg-win32.exe  <Hive>  <Key>  deletevalue <Value>

Attempting to delete a <Value> that does not exist will result in the following error message -
Attempting to delete a <Value> from a <Key> that does not exist will result in the following error message -
Example: -  
Output -

deletekey
Delete the selected <Key>.
NOTE - whilst this command can be used to delete a <Key>, it will not be able to delete a <Key> that contains any subkeys. If a <Key> contains subkeys, use the deletekeys command.
Syntax: -


    offlinereg-win32.exe  <Hive>  <Key>  deletekey <Value>

The following error will be displayed if attempting to delete a <Key> containing subkeys -
The following error message will be displayed if attempting to delete a <Key>that does not exist in the target <Hive> -
The following error message will be displayed if attempting to delete a <Key>when the parent <Key> does not exist in the target <Hive> -
Example 1: -  
Output -

deletekeys
Delete the selected <Key> and all subkeys it contains.
Syntax: -


    offlinereg-win32.exe  <Hive>  <Key>  deletekeys

The following error will be displayed if attempting to delete a <Key> that does not exist in the target <Hive> -
Example 1: -  
Output -

enumkeys
Display a list of subkeys contained in the selected <Key>.
Syntax: -


    offlinereg-win32.exe  <Hive>  <Key>  enumkeys

The following error will be displayed if attempting to read a <Key> that does not exist in the target <Hive> -
Example: -


    offlinereg-win32.exe  D:\PATH\System  ControlSet001  enumkeys

Output -

enumkeysr
List all subkeys contained in the selected <Key> and recursively loop through all subkeys to display the full <Key> structure.
Syntax: -


    offlinereg-win32.exe  <Hive>  <Key>  enumkeysr

Example:
Output -
enumvalues
Display a list of all <Values> contained in the selected <Key>.
Syntax: -


    offlinereg-win32.exe  <Hive>  <Key>  enumvalues

The following error will be displayed if the target <Key> does not contain any <Values>
The following error will be displayed if the target <Key> does not exist -
Example: -  
Output -

enumallvalues
Display a list of all <Values> (including <Data> and <Type>) contained in the selected <Key>.
Syntax: -


    offlinereg-win32.exe  <Hive>  <Key>  enumallvalues

The following error will be displayed if the target <Key> does not contain any <Values>
The following error will be displayed if the target <Key> does not exist -
Example: -  
Output -

getvalue
Parse the <Value> <Type> and <Data> of the selected <Key> <Value>
Syntax: -


    offlinereg-win32.exe  <Hive>  <Key>  getvalue  <Value>

Attempting to read a <Value> that does not exist will result in the following error messages -
Attempting to read a <Value> from a <Key> that does not exist will result in the following error message -
Example(s): -  
Output -

getvaluebyteat
Retrieve a byte at a given offset in the selected <Key><Value> in the target <Hive>. Supported <Value> <Type> - REG_BINARY.
Syntax: -


    offlinereg-win32.exe  <Hive>  <Key>  getvaluebyteat  v  <Offset>

Example 1:
Output -
import
Import the settings from a Registry File to the selected <Hive>.
NOTE - the import command is not fully implemented. Some <Types> in a .reg file may cause error. Caution should also be used as .reg files may contain entries for multiple <Hives>.
Syntax: -


    offlinereg-win32.exe  <Hive>  " "  import  <FILE.reg>

Example 1: -  
Contents of D:\settings.reg -

Output -


OfflineReg version 1.0.1 improves the handling of .reg files and will create the required key structure. The following example will work even if any of the parent keys and subkeys are missing -
Output -
run
Execute a series of commands from a file to the selected <Hive>.
NOTE - the run command is similar to the import command in terms of syntax and execution. The target registry <Hive> will not be saved until after all commands in the <FILE> have been executed. Seperate commands should be added line by line.
Syntax: -


    offlinereg-win32.exe  <Hive>  " "  run  <FILE>

Example 1: -  
Contents of D:\commands.txt -

Output -

setvalue
Write <Value> and <Data> to the selected <Key>, or write the <Data> to the selected <Key> <Value>.
NOTE(S) - To add a Default <Value> to a <Key> refer to example 4. Refer to Example 2 and/or the Handling Spaces in Keys/Paths section for examples on dealing with spaces in paths. Refer to the Escape Characters section for dealing with special characters (e.g. percentage (%)).
Syntax: -


    offlinereg-win32.exe  <Hive>  <Key>  setvalue  <Value>  <Data>  <Type>

<Type> must use a numeric identifier. These are shown in the table below - with the different <Types> mapped to the numeric identifier used in the setvalue command in OfflineReg -
TypeOfflineReg IDExample
REG_SZ1see here
REG_EXPAND_SZ2see here
REG_BINARY3see here
REG_DWORD4see here.

NOTE - use decimal values in the <Data> field.
REG_MULTI_SZ7see here.

NOTE - enclose the contents of the <Data> field in quotes ("), with a space as a seperater.
REG_QWORD11

Example 1: (REG_SZ)  
The above example will add the following entry to the A\B\C\D\E\Test <Key> -
  • <Value>: NewValue
  • <Type>: REG_SZ
  • <Data>: NewValueData

Example 2: (REG_SZ)  
The above example is similar to Example 1, but will handle spaces in the <Value> and <Data> fields. This command will add the following entry to the A\B\C\D\E\Test <Key> -
  • <Value>: New Value
  • <Type>: REG_SZ
  • <Data>: New Value Data

Example 3: (REG_SZ)
The above example will add the following entry to the A\B\C\D\E\Test <Key> -
  • <Value>: ThreadingModel
  • <Type>: REG_SZ
  • <Data>: Both

Example 4: (REG_EXPAND_SZ)  
Use in a console -
The above example will add the following entry to the A\B\C\D\E\Test <Key> -
  • <Value>: (default)
  • <Type>: REG_EXPAND_SZ
  • <Data>: %SystemRoot%\System32\actxprxy.dll

Example 5: (REG_EXPAND_SZ) -  
Use in a batch file
The above example will add the following entry to the A\B\C\D\E\Test <Key> -
  • <Value>: (default)
  • <Type>: REG_EXPAND_SZ
  • <Data>: %SystemRoot%\System32\actxprxy.dll

Example 6: (REG_BINARY) -  
The above example will add the following entry to the A\B\C\D\E\Test <Key> -

Example 7: (REG_DWORD) -  
The above example will add the following entry to the A\B\C\D\E\Test <Key> -
  • <Value>: BootDriverFlags
  • <Type>: REG_DWORD
  • <Data>: 28 (Hex: 1c)

Example 8: (REG_MULTI_SZ) -  
The above example will add the following entry to the A\B\C\D\E\Test <Key> -
  • <Value>: PreshutdownOrder
  • <Type>: REG_MULTI_SZ
  • <Data>: wuauserv gpsvc trustedinstaller

Sample batch file containing all of the setvalue examples above (with the exception of example 4). The first command in the batch will create a new registry hive (see here).
A screenshot of the <Hive> created after running the above batch file is displayed below. The screenshot shows the <Hive> mounted as HKLM\_TempSystem in the Windows Registry Editor, with all <Keys> and subkeys created after running the above commands expanded in the tree view -
setvaluebyteat
Write a byte at a given offset to the selected <Key><Value> in the target <Hive>. Supported <Value> <Type> - REG_BINARY.
Syntax: -


    offlinereg-win32.exe  <Hive>  <Key>  setvaluebyteat  v  <New_Value>  <Offset>

Example:
The following example can be adapted and used to allow logging in to a Windows account without a password. Use caution! The <Key> name (000003e9 in the example below) may need to be edited to reflect the account <Key> in the target <Hive>. This example has been adapted from a post made by the OfflineReg developer Erwan on the reboot.pro forum (see here).
First, lets check for the available account <Key> names using the enumkeyscommand -
Output -

  • 000001F4 - Default Admin Account
  • 000001F5 - Default Guest Account
  • 000003E9 - Local Account

Now lets check the existing values at <Offsets> 160 and 172 using the getvaluebyteat command -
Output -
Changing the values at <Offsets> 160 and 172 to 0 (zero) will allow log on without a password.
Output -
Now lets recheck the values at <Offsets> 160 and 172 using the getvaluebyteat command -
Output -
Handling Spaces in Keys/Paths
Using the setvalue command syntax as an example -


    offlinereg-win32.exe  <Hive>  <Key>  setvalue  <Value>  <Data>  <Type>


9527sss 发表于 2022-11-14 19:04:54
感谢分享

小黑屋|手机版|Archiver|捐助支持|无忧启动 ( 闽ICP备05002490号-1 )

闽公网安备 35020302032614号

GMT+8, 2025-2-18 04:50

Powered by Discuz! X3.3

© 2001-2017 Comsenz Inc.

快速回复 返回顶部 返回列表