RegAlyzer on Wine
I've added RegAlyzer to Wine's App DB.
For people who don't know what the App DB is: it's a database where you can post the results of programs tested in Wine.
For people who don't know what Wine is: it's a program for linux, which allows you to use Windows apps.
Is there a tutorial or something on how to get this to recognize a mounted drive? I all I see is the Wine registry and manually loading the hive give a permission error. Any help would be greatly appreciated.
With command line parameter /allhives, it'll try to auto-detect hives in standard installation paths on all drives.
Which hive are you trying to load? Wine "hives" (registry files) are not binary compatible to Windows hives. Older Windows hives (like 9x) might fail as well - it depends on the hive loading implementation of Wine (since Wine does not use the binary format of Windows, it might not be able to load them at all?).
Just remember, love is life, and hate is living death.
Treat your life for what it's worth, and live for every breath
(Black Sabbath: A National Acrobat)
I am trying to load xp and vista hives on an infected drive ultimately. At this time it is just the xp drive on the same pc.
-allhives has same results, though ideally I want to end up using that parameter. Manually loading a hive errors out with "Permission not Held". I can see the software and ntuser files, even copy them to other folders, so it does not seem to be a Linux permission issue.
On the wine forum they said it could be a Wine limitation, but Pimm must have gotten it working, I hope, before putting it on the AppDB.
ILld vote for the Wine limitation as well then. Do you have some Wine debug output from around the time (a few seconds before and after) you tried to mount the hive?
For the purpose of working an infected Windows installation from another system, I would recommend using a PE CD (see our Boot CD Creator for example, or use one of the widely spread CD creation tools like BartPE or WinPEBuilder or silimar).
Just remember, love is life, and hate is living death.
Treat your life for what it's worth, and live for every breath
(Black Sabbath: A National Acrobat)
I don't have debug info, how do I collect it?
I use BartPE now, but a LiveCD or LiveUSB drive boots much faster, runs faster, and the USB option is easier to keep updated.
Posting Permissions
