[Samba] regpatch writing to local registry hive with -F not working (registery-utils 4.0.0~alpha15~git20110124.dfsg1-2ubuntu1)
RiCH
rich at richud.com
Sun May 15 05:42:18 MDT 2011
Hi Michael,
Many thanks for your reply - have tried your second patch on the git I
just pulled, and got about as far as you,
.reg file contains a bit for system and software hive, first entry in it
relates to software hive
against software hive
rfm6 at KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$ ./regpatch -d=10 -F /tmp/config/software /tmp/config/RunOnceEx.reg
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
Attempting to load registry file
3444 HBIN blocks read
Opening parent of HKEY_LOCAL_MACHINE\SOFTWARE failed with WERR_BADFILE
Error adding new key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\RunOnceEx\940': WERR_BADFILE
Error adding key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\RunOnceEx\940
rfm6 at KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$
against system hive
rfm6 at KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$ ./regpatch -d=10 -F /tmp/config/system /tmp/config/RunOnceEx.reg
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
Attempting to load registry file
789 HBIN blocks read
Opening parent of HKEY_LOCAL_MACHINE\SOFTWARE failed with WERR_BADFILE
Error adding new key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\RunOnceEx\940': WERR_BADFILE
Error adding key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\RunOnceEx\940
rfm6 at KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$
changing order of things in .reg file so system hive alteration is first
bit
rfm6 at KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$ ./regpatch -d=10 -F /tmp/config/system /tmp/config/RunOnceEx2.reg
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
Attempting to load registry file
789 HBIN blocks read
Opening parent of HKEY_LOCAL_MACHINE\SYSTEM failed with WERR_BADFILE
Error adding new key 'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
\Intelppm': WERR_BADFILE
Error adding key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
\Intelppm
rfm6 at KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$
removed all system hive references, only entry relates to system hive
rfm6 at KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$ ./regpatch -d=10 -F /tmp/config/system /tmp/config/RunOnceEx3.reg
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
Attempting to load registry file
789 HBIN blocks read
Opening parent of HKEY_LOCAL_MACHINE\SYSTEM failed with WERR_BADFILE
Error adding new key 'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
\Intelppm': WERR_BADFILE
Error adding key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
\Intelppm
not specifying a hive so it writes to local samba hklm.tdb (seems to
work fine)
rfm6 at KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$ sudo ./regpatch -d=10 /tmp/config/RunOnceEx.reg
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
ldb: ldb_trace_request: SEARCH
dn: @MODULES
scope: base
expr: (@LIST=*)
attr: @LIST
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb: no modules required by the db
ldb: No modules specified for this database
ldb: ldb_trace_request: REGISTER_CONTROL
1.2.840.113556.1.4.1413
control: <NONE>
ldb: ldb_trace_request: SEARCH
dn: <rootDSE>
scope: base
expr: (objectClass=*)
attr: rootDomainNamingContext
attr: configurationNamingContext
attr: schemaNamingContext
attr: defaultNamingContext
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb_wrap open of /usr/local/samba/private/hklm.ldb
ldb: start ldb transaction (nesting: 0)
ldb: ldb_trace_request: (tdb)->start_transaction
ldb: start ldb transaction error: (null)
ldb: ldb_trace_request: ADD
dn: @ATTRIBUTES
changetype: add
key: CASE_INSENSITIVE
value: CASE_INSENSITIVE
control: <NONE>
ldb: ldb_trace_request: (tdb)->add
ldb: ldb_trace_request: (tdb)->prepare_commit
ldb: commit ldb transaction (nesting: 0)
ldb: ldb_trace_request: (tdb)->end_transaction
ldb: ldb_trace_request: SEARCH
dn: @MODULES
scope: base
expr: (@LIST=*)
attr: @LIST
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb: no modules required by the db
ldb: No modules specified for this database
ldb: ldb_trace_request: REGISTER_CONTROL
1.2.840.113556.1.4.1413
control: <NONE>
ldb: ldb_trace_request: SEARCH
dn: <rootDSE>
scope: base
expr: (objectClass=*)
attr: rootDomainNamingContext
attr: configurationNamingContext
attr: schemaNamingContext
attr: defaultNamingContext
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb_wrap open of /usr/local/samba/private/hkcr.ldb
ldb: start ldb transaction (nesting: 0)
ldb: ldb_trace_request: (tdb)->start_transaction
ldb: start ldb transaction error: (null)
ldb: ldb_trace_request: ADD
dn: @ATTRIBUTES
changetype: add
key: CASE_INSENSITIVE
value: CASE_INSENSITIVE
control: <NONE>
ldb: ldb_trace_request: (tdb)->add
ldb: ldb_trace_request: (tdb)->prepare_commit
ldb: commit ldb transaction (nesting: 0)
ldb: ldb_trace_request: (tdb)->end_transaction
ldb: ldb_trace_request: SEARCH
dn: @MODULES
scope: base
expr: (@LIST=*)
attr: @LIST
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb: no modules required by the db
ldb: No modules specified for this database
ldb: ldb_trace_request: REGISTER_CONTROL
1.2.840.113556.1.4.1413
control: <NONE>
ldb: ldb_trace_request: SEARCH
dn: <rootDSE>
scope: base
expr: (objectClass=*)
attr: rootDomainNamingContext
attr: configurationNamingContext
attr: schemaNamingContext
attr: defaultNamingContext
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb_wrap open of /usr/local/samba/private/hkcu.ldb
ldb: start ldb transaction (nesting: 0)
ldb: ldb_trace_request: (tdb)->start_transaction
ldb: start ldb transaction error: (null)
ldb: ldb_trace_request: ADD
dn: @ATTRIBUTES
changetype: add
key: CASE_INSENSITIVE
value: CASE_INSENSITIVE
control: <NONE>
ldb: ldb_trace_request: (tdb)->add
ldb: ldb_trace_request: (tdb)->prepare_commit
ldb: commit ldb transaction (nesting: 0)
ldb: ldb_trace_request: (tdb)->end_transaction
ldb: ldb_trace_request: SEARCH
dn: @MODULES
scope: base
expr: (@LIST=*)
attr: @LIST
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb: no modules required by the db
ldb: No modules specified for this database
ldb: ldb_trace_request: REGISTER_CONTROL
1.2.840.113556.1.4.1413
control: <NONE>
ldb: ldb_trace_request: SEARCH
dn: <rootDSE>
scope: base
expr: (objectClass=*)
attr: rootDomainNamingContext
attr: configurationNamingContext
attr: schemaNamingContext
attr: defaultNamingContext
control: <NONE>
ldb: ldb_trace_request: (tdb)->search
ldb_wrap open of /usr/local/samba/private/hku.ldb
ldb: start ldb transaction (nesting: 0)
ldb: ldb_trace_request: (tdb)->start_transaction
ldb: start ldb transaction error: (null)
ldb: ldb_trace_request: ADD
dn: @ATTRIBUTES
changetype: add
key: CASE_INSENSITIVE
value: CASE_INSENSITIVE
control: <NONE>
ldb: ldb_trace_request: (tdb)->add
ldb: ldb_trace_request: (tdb)->prepare_commit
ldb: commit ldb transaction (nesting: 0)
ldb: ldb_trace_request: (tdb)->end_transaction
Key 'key=SYSTEM,hive=NONE' not found
Opening key SYSTEM failed: WERR_BADFILE
Key 'key=SOFTWARE,hive=NONE' not found
key added: key=SOFTWARE,hive=NONE
Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Windows,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows,key=Microsoft,key=SOFTWARE,hive=NONE
Key
'key=CurrentVersion,key=Windows,key=Microsoft,key=SOFTWARE,hive=NONE'
not found
key added:
key=CurrentVersion,key=Windows,key=Microsoft,key=SOFTWARE,hive=NONE
Key
'key=RunOnceEx,key=CurrentVersion,key=Windows,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added:
key=RunOnceEx,key=CurrentVersion,key=Windows,key=Microsoft,key=SOFTWARE,hive=NONE
Key
'key=940,key=RunOnceEx,key=CurrentVersion,key=Windows,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added:
key=940,key=RunOnceEx,key=CurrentVersion,key=Windows,key=Microsoft,key=SOFTWARE,hive=NONE
About to write 1 with type (null), length 29: cmd /c \\install\
\postPXE.bat
Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Winlogon,key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Winlogon,key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE
About to write LegalNoticeCaption with type (null), length 0:
About to write LegalNoticeText with type (null), length 0:
About to write allocatecdroms with type (null), length 1: 1
About to write AutoAdminLogon with type (null), length 1: 1
Key 'key=SYSTEM,hive=NONE' not found
key added: key=SYSTEM,hive=NONE
Key 'key=ControlSet001,key=SYSTEM,hive=NONE' not found
key added: key=ControlSet001,key=SYSTEM,hive=NONE
Key 'key=Services,key=ControlSet001,key=SYSTEM,hive=NONE' not found
key added: key=Services,key=ControlSet001,key=SYSTEM,hive=NONE
Key 'key=Intelppm,key=Services,key=ControlSet001,key=SYSTEM,hive=NONE'
not found
key added:
key=Intelppm,key=Services,key=ControlSet001,key=SYSTEM,hive=NONE
About to write Start with type dword, length 8: 00000004
rfm6 at KubuntuSSDx64:/media/7200.12/clonemod/source/samba4/bin/default/source4/lib/registry$
strace with patched regpatch, operating on windows system hive
-------
stat("/tmp/config/system", {st_mode=S_IFREG|0644, st_size=3670016, ...})
= 0
open("/tmp/config/system", O_RDWR) = 4
read(4, "regfi\10\0\0i\10\0\00081u\266\3426\313\1", 20) = 20
close(4) = 0
fstat(1, {st_mode=S_IFREG|0644, st_size=56267, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f9820545000
lseek(1, 0, SEEK_CUR) = 56425
write(1, "Attempting to load registry file"..., 33Attempting to load
registry file
) = 33
munmap(0x7f9820545000, 4096) = 0
open("/tmp/config/system", O_RDWR) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=3670016, ...}) = 0
mmap(NULL, 3674112, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x7f981828d000
read(4, "regfi\10\0\0i\10\0\00081u\266\3426\313\1\1\0\0\0\5\0\0\0\0\0\0
\0"..., 3670016) = 3670016
open("/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", O_RDONLY) = 5
read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\4\0\0\0\0\0
\0"..., 832) = 832
fstat(5, {st_mode=S_IFREG|0644, st_size=10272, ...}) = 0
mmap(NULL, 2105392, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5,
0) = 0x7f981808a000
mprotect(0x7f981808c000, 2093056, PROT_NONE) = 0
mmap(0x7f981828b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|
MAP_DENYWRITE, 5, 0x1000) = 0x7f981828b000
close(5) = 0
mprotect(0x7f981828b000, 4096, PROT_READ) = 0
brk(0x22b7000) = 0x22b7000
brk(0x22b6000) = 0x22b6000
---snip
brk(0x268f000) = 0x268f000
brk(0x26b2000) = 0x26b2000
fstat(1, {st_mode=S_IFREG|0644, st_size=59473, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f9820545000
lseek(1, 0, SEEK_CUR) = 59631
write(1, "789 HBIN blocks read\n", 21789 HBIN blocks read
) = 21
munmap(0x7f9820545000, 4096) = 0
open("/tmp/config/RunOnceEx3.reg", O_RDONLY) = 5
read(5, "Wind", 4) = 4
lseek(5, 0, SEEK_SET) = 0
read(5, "Windows Registry Editor Version "..., 256) = 125
lseek(5, -87, SEEK_CUR) = 38
read(5, "\r\n[HKEY_LOCAL_MACHINE\\SYSTEM\\Con"..., 256) = 87
lseek(5, -85, SEEK_CUR) = 40
read(5, "[HKEY_LOCAL_MACHINE\\SYSTEM\\Contr"..., 256) = 85
lseek(5, -24, SEEK_CUR) = 101
fstat(1, {st_mode=S_IFREG|0644, st_size=60229, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f9820545000
lseek(1, 0, SEEK_CUR) = 60387
write(1, "Opening parent of HKEY_LOCAL_MAC"..., 69Opening parent of
HKEY_LOCAL_MACHINE\SYSTEM failed with WERR_BADFILE
) = 69
munmap(0x7f9820545000, 4096) = 0
fstat(1, {st_mode=S_IFREG|0644, st_size=60594, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f9820545000
lseek(1, 0, SEEK_CUR) = 60752
write(1, "Error adding new key 'HKEY_LOCAL"..., 95Error adding new key
'HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Intelppm':
WERR_BADFILE
) = 95
munmap(0x7f9820545000, 4096) = 0
fstat(1, {st_mode=S_IFREG|0644, st_size=60985, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7f9820545000
lseek(1, 0, SEEK_CUR) = 61143
write(1, "Error adding key HKEY_LOCAL_MACH"..., 75Error adding key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Intelppm
) = 75
munmap(0x7f9820545000, 4096) = 0
exit_group(0) = ?
hope this is of some help?
More information about the samba
mailing list