Menu
I've got a neat question here.
There's a utility called reg.exe thats been shipped with Windows for quite some time. Its very handy to import .reg files from scripts, modify values from scripts, etc, etc. So when making a copy of it for a script scenario ("Why not use the copy in system32?" -> Software Restriction Policies, personal pref, etc) I noticed that renaming it makes it fail silently:
Windows Server 2008 x64:
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Windows\system32>reg.exe
ERROR: Invalid syntax.
Type "REG /?" for usage.
C:\Windows\system32>copy reg.exe reg2.exe
1 file(s) copied.
C:\Windows\system32>reg2.exe
C:\Windows\system32>reg2.exe /?
C:\Windows\system32>reg.exe /?
REG Operation [Parameter List]
Operation [ QUERY | ADD | DELETE | COPY |
SAVE | LOAD | UNLOAD | RESTORE |
COMPARE | EXPORT | IMPORT | FLAGS ]
Return Code: (Except for REG COMPARE)
0 - Successful
1 - Failed
For help on a specific operation type:
REG Operation /?
Examples:
REG QUERY /?
REG ADD /?
REG DELETE /?
REG COPY /?
REG SAVE /?
REG RESTORE /?
REG LOAD /?
REG UNLOAD /?
REG COMPARE /?
REG EXPORT /?
REG IMPORT /?
REG FLAGS /?
C:\Windows\system32>
But with Windows XP x86:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\chris>cd \WINDOWS\system32
C:\WINDOWS\system32>reg.exe
Console Registry Tool for Windows - version 3.0
Copyright (C) Microsoft Corp. 1981-2001. All rights reserved
REG Operation [Parameter List]
Operation [ QUERY | ADD | DELETE | COPY |
SAVE | LOAD | UNLOAD | RESTORE |
COMPARE | EXPORT | IMPORT ]
Return Code: (Except of REG COMPARE)
0 - Succussful
1 - Failed
For help on a specific operation type:
REG Operation /?
Examples:
REG QUERY /?
REG ADD /?
REG DELETE /?
REG COPY /?
REG SAVE /?
REG RESTORE /?
REG LOAD /?
REG UNLOAD /?
REG COMPARE /?
REG EXPORT /?
REG IMPORT /?
C:\WINDOWS\system32>copy reg.exe reg2.exe
1 file(s) copied.
C:\WINDOWS\system32>reg2.exe
Console Registry Tool for Windows - version 3.0
Copyright (C) Microsoft Corp. 1981-2001. All rights reserved
REG Operation [Parameter List]
Operation [ QUERY | ADD | DELETE | COPY |
SAVE | LOAD | UNLOAD | RESTORE |
COMPARE | EXPORT | IMPORT ]
Return Code: (Except of REG COMPARE)
0 - Succussful
1 - Failed
For help on a specific operation type:
REG Operation /?
Examples:
REG QUERY /?
REG ADD /?
REG DELETE /?
REG COPY /?
REG SAVE /?
REG RESTORE /?
REG LOAD /?
REG UNLOAD /?
REG COMPARE /?
REG EXPORT /?
REG IMPORT /?
C:\WINDOWS\system32>
WinDbg seems to tell me that the CRT is killing it:
Child-SP RetAddr Call Site
00000000`0016f798 00000000`779d2f8b ntdll!ZwTerminateProcess+0xa
00000000`0016f7a0 000007fe`fe97d832 ntdll!RtlExitUserProcess+0x8b
00000000`0016f7d0 00000000`ffe7f710 msvcrt!cinit+0x13b
00000000`0016f810 00000000`778a495d reg!DynArrayGetItemType2+0x1fc
00000000`0016f850 00000000`779d8791 kernel32!BaseThreadInitThunk+0xd
00000000`0016f880 00000000`00000000 ntdll!RtlUserThreadStart+0x1d
But as i'm not too experienced with WinDbg (and this one is 64bit, so, say, Ollydbg fails) i'm sort of at a loss here. Thanks for any information you guys have.
Thanks to CyberShadow's help and a bit of googling, I found the solution: it looks for .mui (it's translation) in a subfolder of the current language installed.
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Windows\system32>cd en-US
C:\Windows\System32\en-US>copy reg.exe.mui reg2.exe.mui
1 file(s) copied.
C:\Windows\System32\en-US>cd ..
C:\Windows\System32>reg2
ERROR: Invalid syntax.
Type "REG /?" for usage.
C:\Windows\System32>del en-US\reg2.exe.mui
C:\Windows\System32>reg2
C:\Windows\System32>
647
By playing around a bit with a debugger, I found that LoadString (which is used to get the usage and error messages) returns ERROR_MUI_FILE_NOT_LOADED. I think that somewhat explains it :)
Notes:
131
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
