hi,

I am trying to code a util which should be able to access the windows 2000 registry hive( the SAM and SYSTEM file)......
The problem is i dun have to do it in windows.....I ve to code something capable of doing this from an ms dos boot floppy....

I haven't done anything like this before and I am trying a lot but have tno idea on how to open these hive files....

I have seen some hll examples involving the registry but they need windows api ... so they are of no use from dos......

I need help thanx
Posted on 2004-11-09 05:04:43 by amit
This link will surely interest you:
hxxp://home.eunet.no/~pnordahl/ntpasswd/

Regards, bilbo
Posted on 2004-11-09 10:15:37 by bilbo
I know this link......

Well I want something like that....But I dun have to change the password...Instead I want to extract the encrypted hash out of the SAM and SYSTEM Hives......

Thanx for link....
Posted on 2004-11-10 04:09:26 by amit
Well...
the link we talked about implements a registry editor and make light on the undocumented structures of the windows registry.

If you know german human language and delphi programming language, you could try this: //www.mirkes.de/dlshort/52/smpl_dumphive.zip

There is also a little survey from Microsoft (//www.microsoft.com/technet/prodtechnol/winntas/tips/winntmag/inreg.mspx) and some sources from Samba and Wine, but nothing is specifically related to SAM hashes.

I'm afraid this is all.
Best regards, bilbo
Posted on 2004-11-10 08:04:05 by bilbo
//www.mirkes.de/dlshort/52/smpl_dumphive.zip

Good link lots of info...

Thanx a lot I dun know whether these will help me or not but they are all great...

bilbo Thanx for all ur time and support I'll be trying my best with the info u provided

Thanx
Posted on 2004-11-11 05:23:05 by amit
Hi there, I know the prob of needing the sam & system files...
you can surely assume just for recovery 8)
As 16-bit asm was quite a time and I always remember good old qbasic, I wrote a tool called w2kac. The compiled version and the source are attached.
As W2k might work on ntfs, you should copy two things to your boot floppy: w2kac.exe and ntfsdos.exe
So when you booted with that little floppy, first run ntfsdos in order to mount your ntfs-drive (if necessary), then start w2kac.exe;
The tool just reads sam & system from a specific directory and packs them to floppy disks. As these files might be bigger than 1.4 the tool asks you to insert another floppy.
The two files of interest are saved in parts, the ending of sam.* and system.* is the part index.

Dominik :arrow:
Posted on 2004-11-11 16:30:26 by Dom
OK, Dom, it's nice to see some QBASIC line again, but he wants to interpret the bytes inside SAM and SYSTEM, not just to copy the whole files.
There are also other nice methods to copy SAM and SYSTEM files without rebooting, if you can log as administrator. for example creating the Repair Disk (Backup Wizard)

amit, this link is even better (on a teoritical point of view) and their tool too!
h..p://www.insidepro.com/doc/002e.shtml

Best regards, bilbo
Posted on 2004-11-12 04:01:58 by bilbo