libguestfs-tools套件提供了一個基于QEMU的磁盤映像去查找這個磁盤映像中安裝的Windows操作系統的具體注冊表信息,甚至是進行改動(當然不安全,目前可能不成熟,可能損壞映像文件)。
這個套件目前我只在centos和redhat的虛擬化環境中找到了,具體安裝方法很簡單:
[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall]</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/AddressBook]
@=hex(1):00,00</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Branding]
"QuietUninstallString"=hex(1):52,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,20,00,49,00,65,00,64,00,6b,00,43,00,53,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,42,00,72,00,61,00,6e,00,64,00,43,00,6c,00,65,00,61,00,6e,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,53,00,74,00,75,00,62,00,73,00,00,00
"RequiresIESysFile"=hex(1):31,00,30,00,30,00,2e,00,30,00,00,00</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Connection Manager]
"SystemComponent"=dword:00000001</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/DXM_Runtime]</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/DirectAnimation]
@=hex(1):00,00</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/DirectDrawEx]
@=hex(1):00,00</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Fontcore]
@=hex(1):00,00</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/ICW]
@=hex(1):00,00</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/IE40]
@=hex(1):00,00</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/IE4Data]
@=hex(1):00,00</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/IE5BAKEX]
@=hex(1):00,00</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/IEData]
@=hex(1):00,00</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/MPlayer2]</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/MobileOptionPack]
@=hex(1):00,00</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/NetMeeting]
"RequiresIESysFile"=hex(1):34,00,2e,00,37,00,31,00,00,00</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/OutlookExpress]
@=hex(1):00,00</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/PCHealth]
"QuietUninstallString"=hex(1):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,73,00,65,00,74,00,75,00,70,00,61,00,70,00,69,00,2e,00,64,00,6c,00,6c,00,2c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,48,00,69,00,6e,00,66,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,20,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,55,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,31,00,33,00,32,00,20,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,49,00,4e,00,46,00,5c,00,50,00,43,00,48,00,65,00,61,00,6c,00,74,00,68,00,2e,00,69,00,6e,00,66,00,00,00
"UninstallString"=hex(1):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,73,00,65,00,74,00,75,00,70,00,61,00,70,00,69,00,2e,00,64,00,6c,00,6c,00,2c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,48,00,69,00,6e,00,66,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,20,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,55,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,31,00,33,00,32,00,20,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,49,00,4e,00,46,00,5c,00,50,00,43,00,48,00,65,00,61,00,6c,00,74,00,68,00,2e,00,69,00,6e,00,66,00,00,00</p><p>[HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/SchedulingAgent]
@=hex(1):00,00
