RiCH
2011-May-14 17:53 UTC
[Samba] regpatch writing to local registry hive with -F not working (registery-utils 4.0.0~alpha15~git20110124.dfsg1-2ubuntu1)
Hi, I was hoping I could modify a locally mounted registry hive using regpatch and a .reg file but the -F argument seems to have no function. (Strace shows it ignores it and just operates on /var/lib/samba/private/hklm.ldb) Below is output with debug on. rfm6 at ubuntuSSDx64:cp /mnt/xp/WINDOWS/system32/config/software /tmp/software rfm6 at ubuntuSSDx64:/tmp/config$ sudo regpatch -d=10 -F software RunOnceSoftware.reg lpcfg_load: refreshing parameters from /etc/samba/smb.conf params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" Unknown parameter encountered: "max log size" Ignoring unknown parameter "max log size" Unknown parameter encountered: "syslog" Ignoring unknown parameter "syslog" Unknown parameter encountered: "passdb backend" Ignoring unknown parameter "passdb backend" Unknown parameter encountered: "unix password sync" Ignoring unknown parameter "unix password sync" Unknown parameter encountered: "passwd program" Ignoring unknown parameter "passwd program" Unknown parameter encountered: "pam password change" Ignoring unknown parameter "pam password change" Unknown parameter encountered: "map to guest" Ignoring unknown parameter "map to guest" Unknown parameter encountered: "usershare allow guests" Ignoring unknown parameter "usershare allow guests" Processing section "[printers]" Unknown parameter encountered: "guest ok" Ignoring unknown parameter "guest ok" Processing section "[print$]" Unknown parameter encountered: "guest ok" Ignoring unknown parameter "guest ok" pm_process() returned Yes ldb: ldb_trace_request: SEARCH dn: @MODULES scope: base expr: (@LIST=*) attr: @LIST control: <NONE> ldb: ldb_trace_request: (tdb)->search ldb: no modules required by the db ldb: No modules specified for this database ldb: ldb_trace_request: REGISTER_CONTROL 1.2.840.113556.1.4.1413 control: <NONE> ldb: ldb_trace_request: SEARCH dn: <rootDSE> scope: base expr: (objectClass=*) attr: rootDomainNamingContext attr: configurationNamingContext attr: schemaNamingContext attr: defaultNamingContext control: <NONE> ldb: ldb_trace_request: (tdb)->search ldb_wrap open of /var/lib/samba/private/hklm.ldb ldb: start ldb transaction (nesting: 0) ldb: ldb_trace_request: (tdb)->start_transaction ldb: start ldb transaction error: (null) ldb: ldb_trace_request: ADD dn: @ATTRIBUTES changetype: add key: CASE_INSENSITIVE value: CASE_INSENSITIVE control: <NONE> ldb: ldb_trace_request: (tdb)->add ldb: ldb_trace_request: (tdb)->prepare_commit ldb: commit ldb transaction (nesting: 0) ldb: ldb_trace_request: (tdb)->end_transaction ldb: ldb_trace_request: SEARCH dn: @MODULES scope: base expr: (@LIST=*) attr: @LIST control: <NONE> ldb: ldb_trace_request: (tdb)->search ldb: no modules required by the db ldb: No modules specified for this database ldb: ldb_trace_request: REGISTER_CONTROL 1.2.840.113556.1.4.1413 control: <NONE> ldb: ldb_trace_request: SEARCH dn: <rootDSE> scope: base expr: (objectClass=*) attr: rootDomainNamingContext attr: configurationNamingContext attr: schemaNamingContext attr: defaultNamingContext control: <NONE> ldb: ldb_trace_request: (tdb)->search ldb_wrap open of /var/lib/samba/private/hkcr.ldb ldb: start ldb transaction (nesting: 0) ldb: ldb_trace_request: (tdb)->start_transaction ldb: start ldb transaction error: (null) ldb: ldb_trace_request: ADD dn: @ATTRIBUTES changetype: add key: CASE_INSENSITIVE value: CASE_INSENSITIVE control: <NONE> ldb: ldb_trace_request: (tdb)->add ldb: ldb_trace_request: (tdb)->prepare_commit ldb: commit ldb transaction (nesting: 0) ldb: ldb_trace_request: (tdb)->end_transaction ldb: ldb_trace_request: SEARCH dn: @MODULES scope: base expr: (@LIST=*) attr: @LIST control: <NONE> ldb: ldb_trace_request: (tdb)->search ldb: no modules required by the db ldb: No modules specified for this database ldb: ldb_trace_request: REGISTER_CONTROL 1.2.840.113556.1.4.1413 control: <NONE> ldb: ldb_trace_request: SEARCH dn: <rootDSE> scope: base expr: (objectClass=*) attr: rootDomainNamingContext attr: configurationNamingContext attr: schemaNamingContext attr: defaultNamingContext control: <NONE> ldb: ldb_trace_request: (tdb)->search ldb_wrap open of /var/lib/samba/private/hkcu.ldb ldb: start ldb transaction (nesting: 0) ldb: ldb_trace_request: (tdb)->start_transaction ldb: start ldb transaction error: (null) ldb: ldb_trace_request: ADD dn: @ATTRIBUTES changetype: add key: CASE_INSENSITIVE value: CASE_INSENSITIVE control: <NONE> ldb: ldb_trace_request: (tdb)->add ldb: ldb_trace_request: (tdb)->prepare_commit ldb: commit ldb transaction (nesting: 0) ldb: ldb_trace_request: (tdb)->end_transaction ldb: ldb_trace_request: SEARCH dn: @MODULES scope: base expr: (@LIST=*) attr: @LIST control: <NONE> ldb: ldb_trace_request: (tdb)->search ldb: no modules required by the db ldb: No modules specified for this database ldb: ldb_trace_request: REGISTER_CONTROL 1.2.840.113556.1.4.1413 control: <NONE> ldb: ldb_trace_request: SEARCH dn: <rootDSE> scope: base expr: (objectClass=*) attr: rootDomainNamingContext attr: configurationNamingContext attr: schemaNamingContext attr: defaultNamingContext control: <NONE> ldb: ldb_trace_request: (tdb)->search ldb_wrap open of /var/lib/samba/private/hku.ldb ldb: start ldb transaction (nesting: 0) ldb: ldb_trace_request: (tdb)->start_transaction ldb: start ldb transaction error: (null) ldb: ldb_trace_request: ADD dn: @ATTRIBUTES changetype: add key: CASE_INSENSITIVE value: CASE_INSENSITIVE control: <NONE> ldb: ldb_trace_request: (tdb)->add ldb: ldb_trace_request: (tdb)->prepare_commit ldb: commit ldb transaction (nesting: 0) ldb: ldb_trace_request: (tdb)->end_transaction Key 'key=SOFTWARE,hive=NONE' not found key added: key=SOFTWARE,hive=NONE Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=Winlogon,key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Winlogon,key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE About to write LegalNoticeCaption with type (null), length 0: About to write LegalNoticeText with type (null), length 0: About to write allocatecdroms with type (null), length 1: 1 About to write AutoAdminLogon with type (null), length 1: 1 regdiff also seems to ignore any .reg files passed to it. conversely regtree and regshell both seem to work fine operating on a local hive though. (actually regtree borks reading the software hive but is ok on others) The man pages elude to it being able to do this so is it me being thick or is it not meant to work? http://manpages.ubuntu.com/manpages/natty/en/man1/regpatch.1.html I am using 4.0.0~alpha15~git20110124.dfsg1-2ubuntu1 Regards Rich
Michael Wood
2011-May-14 20:09 UTC
[Samba] regpatch writing to local registry hive with -F not working (registery-utils 4.0.0~alpha15~git20110124.dfsg1-2ubuntu1)
On 14 May 2011 19:53, RiCH <rich at richud.com> wrote:> Hi, > > I was hoping I could modify a locally mounted registry hive using > regpatch and a .reg file but the -F argument seems to have no function.Try this patch (untested, but based on what regtree does). I haven't looked at the other issues you mention, though.> (Strace shows it ignores it and just operates > on /var/lib/samba/private/hklm.ldb) > Below is output with debug on. > > rfm6 at ubuntuSSDx64:cp /mnt/xp/WINDOWS/system32/config/software /tmp/software > rfm6 at ubuntuSSDx64:/tmp/config$ sudo regpatch -d=10 -F software > RunOnceSoftware.reg > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > params.c:pm_process() - Processing configuration file > "/etc/samba/smb.conf" > Processing section "[global]" > Unknown parameter encountered: "max log size" > Ignoring unknown parameter "max log size" > Unknown parameter encountered: "syslog" > Ignoring unknown parameter "syslog" > Unknown parameter encountered: "passdb backend" > Ignoring unknown parameter "passdb backend" > Unknown parameter encountered: "unix password sync" > Ignoring unknown parameter "unix password sync" > Unknown parameter encountered: "passwd program" > Ignoring unknown parameter "passwd program" > Unknown parameter encountered: "pam password change" > Ignoring unknown parameter "pam password change" > Unknown parameter encountered: "map to guest" > Ignoring unknown parameter "map to guest" > Unknown parameter encountered: "usershare allow guests" > Ignoring unknown parameter "usershare allow guests" > Processing section "[printers]" > Unknown parameter encountered: "guest ok" > Ignoring unknown parameter "guest ok" > Processing section "[print$]" > Unknown parameter encountered: "guest ok" > Ignoring unknown parameter "guest ok" > pm_process() returned Yes > ldb: ldb_trace_request: SEARCH > ?dn: @MODULES > ?scope: base > ?expr: (@LIST=*) > ?attr: @LIST > ?control: <NONE> > > ldb: ldb_trace_request: (tdb)->search > ldb: no modules required by the db > ldb: No modules specified for this database > ldb: ldb_trace_request: REGISTER_CONTROL > 1.2.840.113556.1.4.1413 > ?control: <NONE> > > ldb: ldb_trace_request: SEARCH > ?dn: <rootDSE> > ?scope: base > ?expr: (objectClass=*) > ?attr: rootDomainNamingContext > ?attr: configurationNamingContext > ?attr: schemaNamingContext > ?attr: defaultNamingContext > ?control: <NONE> > > ldb: ldb_trace_request: (tdb)->search > ldb_wrap open of /var/lib/samba/private/hklm.ldb > ldb: start ldb transaction (nesting: 0) > ldb: ldb_trace_request: (tdb)->start_transaction > ldb: start ldb transaction error: (null) > ldb: ldb_trace_request: ADD > dn: @ATTRIBUTES > changetype: add > key: CASE_INSENSITIVE > value: CASE_INSENSITIVE > > > ?control: <NONE> > > ldb: ldb_trace_request: (tdb)->add > ldb: ldb_trace_request: (tdb)->prepare_commit > ldb: commit ldb transaction (nesting: 0) > ldb: ldb_trace_request: (tdb)->end_transaction > ldb: ldb_trace_request: SEARCH > ?dn: @MODULES > ?scope: base > ?expr: (@LIST=*) > ?attr: @LIST > ?control: <NONE> > > ldb: ldb_trace_request: (tdb)->search > ldb: no modules required by the db > ldb: No modules specified for this database > ldb: ldb_trace_request: REGISTER_CONTROL > 1.2.840.113556.1.4.1413 > ?control: <NONE> > > ldb: ldb_trace_request: SEARCH > ?dn: <rootDSE> > ?scope: base > ?expr: (objectClass=*) > ?attr: rootDomainNamingContext > ?attr: configurationNamingContext > ?attr: schemaNamingContext > ?attr: defaultNamingContext > ?control: <NONE> > > ldb: ldb_trace_request: (tdb)->search > ldb_wrap open of /var/lib/samba/private/hkcr.ldb > ldb: start ldb transaction (nesting: 0) > ldb: ldb_trace_request: (tdb)->start_transaction > ldb: start ldb transaction error: (null) > ldb: ldb_trace_request: ADD > dn: @ATTRIBUTES > changetype: add > key: CASE_INSENSITIVE > value: CASE_INSENSITIVE > > > ?control: <NONE> > > ldb: ldb_trace_request: (tdb)->add > ldb: ldb_trace_request: (tdb)->prepare_commit > ldb: commit ldb transaction (nesting: 0) > ldb: ldb_trace_request: (tdb)->end_transaction > ldb: ldb_trace_request: SEARCH > ?dn: @MODULES > ?scope: base > ?expr: (@LIST=*) > ?attr: @LIST > ?control: <NONE> > > ldb: ldb_trace_request: (tdb)->search > ldb: no modules required by the db > ldb: No modules specified for this database > ldb: ldb_trace_request: REGISTER_CONTROL > 1.2.840.113556.1.4.1413 > ?control: <NONE> > > ldb: ldb_trace_request: SEARCH > ?dn: <rootDSE> > ?scope: base > ?expr: (objectClass=*) > ?attr: rootDomainNamingContext > ?attr: configurationNamingContext > ?attr: schemaNamingContext > ?attr: defaultNamingContext > ?control: <NONE> > > ldb: ldb_trace_request: (tdb)->search > ldb_wrap open of /var/lib/samba/private/hkcu.ldb > ldb: start ldb transaction (nesting: 0) > ldb: ldb_trace_request: (tdb)->start_transaction > ldb: start ldb transaction error: (null) > ldb: ldb_trace_request: ADD > dn: @ATTRIBUTES > changetype: add > key: CASE_INSENSITIVE > value: CASE_INSENSITIVE > > > ?control: <NONE> > > ldb: ldb_trace_request: (tdb)->add > ldb: ldb_trace_request: (tdb)->prepare_commit > ldb: commit ldb transaction (nesting: 0) > ldb: ldb_trace_request: (tdb)->end_transaction > ldb: ldb_trace_request: SEARCH > ?dn: @MODULES > ?scope: base > ?expr: (@LIST=*) > ?attr: @LIST > ?control: <NONE> > > ldb: ldb_trace_request: (tdb)->search > ldb: no modules required by the db > ldb: No modules specified for this database > ldb: ldb_trace_request: REGISTER_CONTROL > 1.2.840.113556.1.4.1413 > ?control: <NONE> > > ldb: ldb_trace_request: SEARCH > ?dn: <rootDSE> > ?scope: base > ?expr: (objectClass=*) > ?attr: rootDomainNamingContext > ?attr: configurationNamingContext > ?attr: schemaNamingContext > ?attr: defaultNamingContext > ?control: <NONE> > > ldb: ldb_trace_request: (tdb)->search > ldb_wrap open of /var/lib/samba/private/hku.ldb > ldb: start ldb transaction (nesting: 0) > ldb: ldb_trace_request: (tdb)->start_transaction > ldb: start ldb transaction error: (null) > ldb: ldb_trace_request: ADD > dn: @ATTRIBUTES > changetype: add > key: CASE_INSENSITIVE > value: CASE_INSENSITIVE > > > ?control: <NONE> > > ldb: ldb_trace_request: (tdb)->add > ldb: ldb_trace_request: (tdb)->prepare_commit > ldb: commit ldb transaction (nesting: 0) > ldb: ldb_trace_request: (tdb)->end_transaction > Key 'key=SOFTWARE,hive=NONE' not found > key added: key=SOFTWARE,hive=NONE > Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found > key added: key=Microsoft,key=SOFTWARE,hive=NONE > Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found > key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE > Key 'key=CurrentVersion,key=Windows > NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found > key added: key=CurrentVersion,key=Windows > NT,key=Microsoft,key=SOFTWARE,hive=NONE > Key 'key=Winlogon,key=CurrentVersion,key=Windows > NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found > key added: key=Winlogon,key=CurrentVersion,key=Windows > NT,key=Microsoft,key=SOFTWARE,hive=NONE > About to write LegalNoticeCaption with type (null), length 0: > About to write LegalNoticeText with type (null), length 0: > About to write allocatecdroms with type (null), length 1: 1 > About to write AutoAdminLogon with type (null), length 1: 1 > > regdiff also seems to ignore any .reg files passed to it. > conversely regtree and regshell both seem to work fine operating on a > local hive though. (actually regtree borks reading the software hive but > is ok on others) > > The man pages elude to it being able to do this so is it me being thick > or is it not meant to work? > http://manpages.ubuntu.com/manpages/natty/en/man1/regpatch.1.html > > I am using 4.0.0~alpha15~git20110124.dfsg1-2ubuntu1 > > Regards > > Rich-- Michael Wood <esiotrot at gmail.com> -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-regpatch-Don-t-ignore-the-F-option.patch Type: text/x-patch Size: 890 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba/attachments/20110514/4c63a7b6/attachment.bin>
Michael Wood
2011-May-14 21:00 UTC
[Samba] regpatch writing to local registry hive with -F not working (registery-utils 4.0.0~alpha15~git20110124.dfsg1-2ubuntu1)
On 14 May 2011 22:09, Michael Wood <esiotrot at gmail.com> wrote:> On 14 May 2011 19:53, RiCH <rich at richud.com> wrote: >> Hi, >> >> I was hoping I could modify a locally mounted registry hive using >> regpatch and a .reg file but the -F argument seems to have no function. > > Try this patch (untested, but based on what regtree does).Sorry, ignore that patch. I was way too hasty. There a bit more needed and I missed that it was assigning to start_key instead of h. -- Michael Wood <esiotrot at gmail.com>
RiCH
2011-May-15 11:42 UTC
[Samba] regpatch writing to local registry hive with -F not working (registery-utils 4.0.0~alpha15~git20110124.dfsg1-2ubuntu1)
Hi Michael,
Many thanks for your reply - have tried your second patch on the git I
just pulled, and got about as far as you,
.reg file contains a bit for system and software hive, first entry in it
relates to software hive
against software hive
rfm6 at
KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$
./regpatch -d=10 -F /tmp/config/software /tmp/config/RunOnceEx.reg
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
Attempting to load registry file
3444 HBIN blocks read
Opening parent of HKEY_LOCAL_MACHINE\SOFTWARE failed with WERR_BADFILE
Error adding new key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\RunOnceEx\940': WERR_BADFILE
Error adding key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\RunOnceEx\940
rfm6 at
KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$
against system hive
rfm6 at
KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$
./regpatch -d=10 -F /tmp/config/system /tmp/config/RunOnceEx.reg
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
Attempting to load registry file
789 HBIN blocks read
Opening parent of HKEY_LOCAL_MACHINE\SOFTWARE failed with WERR_BADFILE
Error adding new key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\RunOnceEx\940': WERR_BADFILE
Error adding key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\RunOnceEx\940
rfm6 at
KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$
changing order of things in .reg file so system hive alteration is first
bit
rfm6 at
KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$
./regpatch -d=10 -F /tmp/config/system /tmp/config/RunOnceEx2.reg
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
Attempting to load registry file
789 HBIN blocks read
Opening parent of HKEY_LOCAL_MACHINE\SYSTEM failed with WERR_BADFILE
Error adding new key 'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
\Intelppm': WERR_BADFILE
Error adding key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
\Intelppm
rfm6 at
KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$
removed all system hive references, only entry relates to system hive
rfm6 at
KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$
./regpatch -d=10 -F /tmp/config/system /tmp/config/RunOnceEx3.reg
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
Attempting to load registry file
789 HBIN blocks read
Opening parent of HKEY_LOCAL_MACHINE\SYSTEM failed with WERR_BADFILE
Error adding new key 'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
\Intelppm': WERR_BADFILE
Error adding key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
\Intelppm
not specifying a hive so it writes to local samba hklm.tdb (seems to
work fine)
rfm6 at
KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$
sudo ./regpatch -d=10 /tmp/config/RunOnceEx.reg
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
ldb: ldb_trace_request: SEARCH
dn: @MODULES
scope: base
expr: (@LIST=*)
attr: @LIST
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb: no modules required by the db
ldb: No modules specified for this database
ldb: ldb_trace_request: REGISTER_CONTROL
1.2.840.113556.1.4.1413
control: <NONE>
ldb: ldb_trace_request: SEARCH
dn: <rootDSE>
scope: base
expr: (objectClass=*)
attr: rootDomainNamingContext
attr: configurationNamingContext
attr: schemaNamingContext
attr: defaultNamingContext
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb_wrap open of /usr/local/samba/private/hklm.ldb
ldb: start ldb transaction (nesting: 0)
ldb: ldb_trace_request: (tdb)->start_transaction
ldb: start ldb transaction error: (null)
ldb: ldb_trace_request: ADD
dn: @ATTRIBUTES
changetype: add
key: CASE_INSENSITIVE
value: CASE_INSENSITIVE
control: <NONE>
ldb: ldb_trace_request: (tdb)->add
ldb: ldb_trace_request: (tdb)->prepare_commit
ldb: commit ldb transaction (nesting: 0)
ldb: ldb_trace_request: (tdb)->end_transaction
ldb: ldb_trace_request: SEARCH
dn: @MODULES
scope: base
expr: (@LIST=*)
attr: @LIST
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb: no modules required by the db
ldb: No modules specified for this database
ldb: ldb_trace_request: REGISTER_CONTROL
1.2.840.113556.1.4.1413
control: <NONE>
ldb: ldb_trace_request: SEARCH
dn: <rootDSE>
scope: base
expr: (objectClass=*)
attr: rootDomainNamingContext
attr: configurationNamingContext
attr: schemaNamingContext
attr: defaultNamingContext
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb_wrap open of /usr/local/samba/private/hkcr.ldb
ldb: start ldb transaction (nesting: 0)
ldb: ldb_trace_request: (tdb)->start_transaction
ldb: start ldb transaction error: (null)
ldb: ldb_trace_request: ADD
dn: @ATTRIBUTES
changetype: add
key: CASE_INSENSITIVE
value: CASE_INSENSITIVE
control: <NONE>
ldb: ldb_trace_request: (tdb)->add
ldb: ldb_trace_request: (tdb)->prepare_commit
ldb: commit ldb transaction (nesting: 0)
ldb: ldb_trace_request: (tdb)->end_transaction
ldb: ldb_trace_request: SEARCH
dn: @MODULES
scope: base
expr: (@LIST=*)
attr: @LIST
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb: no modules required by the db
ldb: No modules specified for this database
ldb: ldb_trace_request: REGISTER_CONTROL
1.2.840.113556.1.4.1413
control: <NONE>
ldb: ldb_trace_request: SEARCH
dn: <rootDSE>
scope: base
expr: (objectClass=*)
attr: rootDomainNamingContext
attr: configurationNamingContext
attr: schemaNamingContext
attr: defaultNamingContext
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb_wrap open of /usr/local/samba/private/hkcu.ldb
ldb: start ldb transaction (nesting: 0)
ldb: ldb_trace_request: (tdb)->start_transaction
ldb: start ldb transaction error: (null)
ldb: ldb_trace_request: ADD
dn: @ATTRIBUTES
changetype: add
key: CASE_INSENSITIVE
value: CASE_INSENSITIVE
control: <NONE>
ldb: ldb_trace_request: (tdb)->add
ldb: ldb_trace_request: (tdb)->prepare_commit
ldb: commit ldb transaction (nesting: 0)
ldb: ldb_trace_request: (tdb)->end_transaction
ldb: ldb_trace_request: SEARCH
dn: @MODULES
scope: base
expr: (@LIST=*)
attr: @LIST
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb: no modules required by the db
ldb: No modules specified for this database
ldb: ldb_trace_request: REGISTER_CONTROL
1.2.840.113556.1.4.1413
control: <NONE>
ldb: ldb_trace_request: SEARCH
dn: <rootDSE>
scope: base
expr: (objectClass=*)
attr: rootDomainNamingContext
attr: configurationNamingContext
attr: schemaNamingContext
attr: defaultNamingContext
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb_wrap open of /usr/local/samba/private/hku.ldb
ldb: start ldb transaction (nesting: 0)
ldb: ldb_trace_request: (tdb)->start_transaction
ldb: start ldb transaction error: (null)
ldb: ldb_trace_request: ADD
dn: @ATTRIBUTES
changetype: add
key: CASE_INSENSITIVE
value: CASE_INSENSITIVE
control: <NONE>
ldb: ldb_trace_request: (tdb)->add
ldb: ldb_trace_request: (tdb)->prepare_commit
ldb: commit ldb transaction (nesting: 0)
ldb: ldb_trace_request: (tdb)->end_transaction
Key 'key=SYSTEM,hive=NONE' not found
Opening key SYSTEM failed: WERR_BADFILE
Key 'key=SOFTWARE,hive=NONE' not found
key added: key=SOFTWARE,hive=NONE
Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Windows,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows,key=Microsoft,key=SOFTWARE,hive=NONE
Key
'key=CurrentVersion,key=Windows,key=Microsoft,key=SOFTWARE,hive=NONE'
not found
key added:
key=CurrentVersion,key=Windows,key=Microsoft,key=SOFTWARE,hive=NONE
Key
'key=RunOnceEx,key=CurrentVersion,key=Windows,key=Microsoft,key=SOFTWARE,hive=NONE'
not found
key added:
key=RunOnceEx,key=CurrentVersion,key=Windows,key=Microsoft,key=SOFTWARE,hive=NONE
Key
'key=940,key=RunOnceEx,key=CurrentVersion,key=Windows,key=Microsoft,key=SOFTWARE,hive=NONE'
not found
key added:
key=940,key=RunOnceEx,key=CurrentVersion,key=Windows,key=Microsoft,key=SOFTWARE,hive=NONE
About to write 1 with type (null), length 29: cmd /c \\install\
\postPXE.bat
Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Winlogon,key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Winlogon,key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE
About to write LegalNoticeCaption with type (null), length 0:
About to write LegalNoticeText with type (null), length 0:
About to write allocatecdroms with type (null), length 1: 1
About to write AutoAdminLogon with type (null), length 1: 1
Key 'key=SYSTEM,hive=NONE' not found
key added: key=SYSTEM,hive=NONE
Key 'key=ControlSet001,key=SYSTEM,hive=NONE' not found
key added: key=ControlSet001,key=SYSTEM,hive=NONE
Key 'key=Services,key=ControlSet001,key=SYSTEM,hive=NONE' not found
key added: key=Services,key=ControlSet001,key=SYSTEM,hive=NONE
Key 'key=Intelppm,key=Services,key=ControlSet001,key=SYSTEM,hive=NONE'
not found
key added:
key=Intelppm,key=Services,key=ControlSet001,key=SYSTEM,hive=NONE
About to write Start with type dword, length 8: 00000004
rfm6 at
KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$
strace with patched regpatch, operating on windows system hive
-------
stat("/tmp/config/system", {st_mode=S_IFREG|0644, st_size=3670016,
...})
= 0
open("/tmp/config/system", O_RDWR) = 4
read(4, "regfi\10\0\0i\10\0\00081u\266\3426\313\1", 20) = 20
close(4) = 0
fstat(1, {st_mode=S_IFREG|0644, st_size=56267, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f9820545000
lseek(1, 0, SEEK_CUR) = 56425
write(1, "Attempting to load registry file"..., 33Attempting to load
registry file
) = 33
munmap(0x7f9820545000, 4096) = 0
open("/tmp/config/system", O_RDWR) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=3670016, ...}) = 0
mmap(NULL, 3674112, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x7f981828d000
read(4, "regfi\10\0\0i\10\0\00081u\266\3426\313\1\1\0\0\0\5\0\0\0\0\0\0
\0"..., 3670016) = 3670016
open("/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", O_RDONLY) = 5
read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\4\0\0\0\0\0
\0"..., 832) = 832
fstat(5, {st_mode=S_IFREG|0644, st_size=10272, ...}) = 0
mmap(NULL, 2105392, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5,
0) = 0x7f981808a000
mprotect(0x7f981808c000, 2093056, PROT_NONE) = 0
mmap(0x7f981828b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
MAP_DENYWRITE, 5, 0x1000) = 0x7f981828b000
close(5) = 0
mprotect(0x7f981828b000, 4096, PROT_READ) = 0
brk(0x22b7000) = 0x22b7000
brk(0x22b6000) = 0x22b6000
---snip
brk(0x268f000) = 0x268f000
brk(0x26b2000) = 0x26b2000
fstat(1, {st_mode=S_IFREG|0644, st_size=59473, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f9820545000
lseek(1, 0, SEEK_CUR) = 59631
write(1, "789 HBIN blocks read\n", 21789 HBIN blocks read
) = 21
munmap(0x7f9820545000, 4096) = 0
open("/tmp/config/RunOnceEx3.reg", O_RDONLY) = 5
read(5, "Wind", 4) = 4
lseek(5, 0, SEEK_SET) = 0
read(5, "Windows Registry Editor Version "..., 256) = 125
lseek(5, -87, SEEK_CUR) = 38
read(5, "\r\n[HKEY_LOCAL_MACHINE\\SYSTEM\\Con"..., 256) = 87
lseek(5, -85, SEEK_CUR) = 40
read(5, "[HKEY_LOCAL_MACHINE\\SYSTEM\\Contr"..., 256) = 85
lseek(5, -24, SEEK_CUR) = 101
fstat(1, {st_mode=S_IFREG|0644, st_size=60229, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f9820545000
lseek(1, 0, SEEK_CUR) = 60387
write(1, "Opening parent of HKEY_LOCAL_MAC"..., 69Opening parent of
HKEY_LOCAL_MACHINE\SYSTEM failed with WERR_BADFILE
) = 69
munmap(0x7f9820545000, 4096) = 0
fstat(1, {st_mode=S_IFREG|0644, st_size=60594, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f9820545000
lseek(1, 0, SEEK_CUR) = 60752
write(1, "Error adding new key 'HKEY_LOCAL"..., 95Error adding new
key
'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Intelppm':
WERR_BADFILE
) = 95
munmap(0x7f9820545000, 4096) = 0
fstat(1, {st_mode=S_IFREG|0644, st_size=60985, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f9820545000
lseek(1, 0, SEEK_CUR) = 61143
write(1, "Error adding key HKEY_LOCAL_MACH"..., 75Error adding key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Intelppm
) = 75
munmap(0x7f9820545000, 4096) = 0
exit_group(0) = ?
hope this is of some help?