Windows XP environment variables ?

[cnc2]

Thanks for the reply Tom !

Sorry I've been off line for a few days.

No, I'm not selling hardware ..etc I'm a student, working on the final project of my curriculum.

What I exactly need, is to have say, two copies of the hives stored in, say %path1%\copy\ & %path2%\copy\ ...etc. when the system boots it sets %pathX% accordingly to the NIC's mac address...if mac==mac1 set path to %path1%\copy\ & load the hives/registry from there...etc.

The rest of the system (the whole system, not XP) is a bit more complex than this.

Any idea on how to do it ? (without old school reversing the ntldr, which might be hard)

Thanks !
cnc2.

[daedalus]

Thats really quite a nasty problem, and its not just reverse engineering ntldr, you would need a heavily customised bootloader to run before ntldr with code to read the mac address out of the network card without an OS available, which isnt easy even if you fix the network card bus / manufacturer. Add to that you need ntlm support to do the meddling, and its not really practical.

You could look at winPE, which is a stripped down copy of windows that is used for microsoft install cds. It can be scripted, has basic network support, and can mount the registry of the host pc. You *might* be able to piece together a script that boots winPE, checks the mac, makes the registry changes, then reboots.

The trick would be having your boot.ini set up to load the PE partition first, do the script, then modify boot.ini back to normal and reboot.

you would then have to have some software running in the host OS to change boot.ini back to point to your PE partition for next time.

Downside is you have an extra soft boot each turn on, benefit is its a lot less work. If its for uni i guess these kinds of things can be explained away as it being a prototype.

Here is a link to a blog post, which links to the download locations for v2, it is free to use, but dont expect miracles by way of documentation
http://blogs.msdn.com/winpe/archive/...eta-2-now.aspx

PS: there may be ways of doing this without the reboot, but nothing easy springs to mind

Best of luck,
Tom

EDIT:

If you can describe you actual application for this there might be far better ways of approaching the problem.
If you dont need direct hardware access from the XP copy booting, and you can take a small performance hit, you could solve this whole mess in userland code by using a virtualisation technology, such as Vmware or ms virtual pc. You can mount the virtual pcs drive, tamper with the registry, then boot it. That way you dont have to mess with low level hacks, and can spend your time on better things.

[cnc2]

Thanks for the reply Tom !

Everything has to happen transparently to the final user, so it has to be clean & virtualisation isn't an option in this situation. Also, thanks for WinPE, it might be useful in this project for creating a deployable tweaked XP.

Under the shower, an idea poped up... Assuming I can modify the path to the hives inside NTLDR, why would I need NTLDR to read the MAC address if I can somehow, have several copies of moded ntldr & choose the one to use at boot time, maybe using GRUB or another loader, to choose which ntldr to load.

What do you think ?

Thanks !
cnc2.

[SuperJdynamite]

The typical way of presenting the end user with a "tweaked" image is to use sysprep.

With sysprep you install the OS, install software, make tweaks, and so on, then you "reseal" it with sysprep. During "sealing" you can remove the license key that was there or keep it (likewise for Windows "activation"). During initial boot of a sysprepped image the end user runs through an abbreviated setup to re-enter a license key (if necessary). When the mini-setup is complete the end user has a machine with software and settings pre-installed.

There's probably a way to do a custom one-time configuration operation during the sysprep mini-setup that the end user runs through, but I've never done it so I can't offer any advice there. I've seen vendors add their own custom setup routines which is why I'm guessing it's doable.

Your other solution -- messing with registry hives -- is a tricky proposition. You may run afoul of code in the core OS that monitors the hives for tampering (MS added this because various products are different only by a few registry settings). There are also other issues you'll likely encounter when trying to manipulate hives directly.

[cnc2]

The typical way of presenting the end user with a "tweaked" image is to use sysprep.

With sysprep you install the OS, install software, make tweaks, and so on, then you "reseal" it with sysprep. During "sealing" you can remove the license key that was there or keep it (likewise for Windows "activation"). During initial boot of a sysprepped image the end user runs through an abbreviated setup to re-enter a license key (if necessary). When the mini-setup is complete the end user has a machine with software and settings pre-installed.

There's probably a way to do a custom one-time configuration operation during the sysprep mini-setup that the end user runs through, but I've never done it so I can't offer any advice there. I've seen vendors add their own custom setup routines which is why I'm guessing it's doable.

Your other solution -- messing with registry hives -- is a tricky proposition. You may run afoul of code in the core OS that monitors the hives for tampering (MS added this because various products are different only by a few registry settings). There are also other issues you'll likely encounter when trying to manipulate hives directly.

Many thanks for the reply SuperJdynamite !

SYSPREP seems to be the perfect tool for legally distributing a moded copy of Windows XP,
it's the first time I hear about it so, thank you very much !

My other solution is not tweaking the registry, in fact, I don't want to mod the registry itself (the structure the of the registry, the keys & values will remain the same except for some user/machine specific keys) I just want to have copies of the hives in different folders & somehow choose the one I want to use at boot time regarding the user/machine type it'll boot on. This should not interfere with the core OS monitoring because just the registry location will be changed...think about it like, the binaries are the interface & the hives are the database, if you change the location of the database you'll have to point the interface to the new location of the DB to make it work like usual.

My main problem is in changing the path to the hives inside ntldr,then the easiest way to choose between copies will be to make copies of ntldr, like: ntldr1 loads from path1, ntldr2 loads from path2...etc & chain load ntldrX using GRUB. I'm not sure if renaming ntldr will be possible without creating big problems.

What do you think ?

Thanks !
cnc2.

[cnc2]

I opened ntldr using IDA pro disassembler free version...& I could see the path to the hives, it seems to be easy to modify.

Now the other problem is to find a boot loader to display a list of modified ntldr's & chainload the one I choose; I'm pretty new to GRUB so I don't know how to do it, any other solution is welcome !

Thanks !
cnc2.

[cnc2]

Hi guys !

I've modified ntldr, I've changed the path to the hives from system32\config to system32\confi1 & renamed the the config folder as well.

The result is a ....BSOD the ntldr is working ok but there's somthing else that can't locate the hives resulting in a crash. I know ntldr is ok because I forgot to rename the config folder & I had a message from ntldr saying can't find \confi1, after that I renamed the \config to \confi1 then booted...boot screen ok windows XP logo & loading bar then, BSOD .

Can anyone please help me at this stage ?

Thanks !
cnc2.

[SuperJdynamite]

I forgot the original goal of what you were trying to accomplish. Can you summarize briefly what the registry hive switch is supposed to accomplish?

[cnc2]

Well, once the registry swith will be working, it will permit to save space on the hard drive, instead of having mutiple installs of the same OS, it'll make one install work as multiple installs...on multiple installs of the same OS a lot of disk space is wasted in the binaries that remain the same, what really differentiate the installs is the registry...so, it's like having one interface access multiple databases but one at a time.

Once it'll be working, GRUB should show a list of systems like ntldr1, ntldr2...etc to let me choose which hives I wanna load...There already is the user's profile concept but what I want to achive is a bit like a machine profile.

That was about the registry switch but this will integrate in a bigger & more complex system....Well, you know enough !

Thanks !
cnc2.

[SuperJdynamite]

It sounds like you want some kind of VMware product (vmware.com).

[cnc2]

Which product are you talking about ? If it's for virtualisation, then, no I don't want to virtualise multiple systems to run'em at the same time. I just saw Vsphere & it's for main frame systems Not what I need.

Please clarify which vmware product you're talking about.

Thanks !
cnc2.

[SuperJdynamite]

If your goal is to save space by re-using common binaries then you can create a VM image with VMware Workstation and then create a linked clone which shares as much as possible with the base image and only grows when there is a delta between the two VMs.

The problems I can forsee with multiple registries are:

1) Not everything is configured in the registry. As soon as an app configures something in both the registry and some other config file, you're done.
2) There are probably other services (other than ntloader) that are looking for the registry in a specific place.
3) If you install an app while using one registry instance then the app would not be installed in the other. You'd have binaries in \Program Files that were missing their runtime config in one of the registry hives.
4) Any kind of AV software is going to flag the modified ntloader.
5) While hacking on the system for your own enjoyment is fine you couldn't distribute this as binary editing and making modifications such as this violates the MS EULA.
6) Disk space is cheap. Windows XP can be installed in about a dollars worth of storage space so there's no huge financial advantage to saving space.
7) Following from point 6 you could achieve roughly the same effect you're going for more traditionally by having two small OS disk partitions and a third for applications and common data.

Sorry to be such a downer -- I'm only trying to save you frustration.