how to add or remove a registered key or value offline

EricZimmerman / Registry

Full featured, offline Registry parser in C#

MIT License

220 stars 52 forks source link

how to add or remove a registered key or value offline #13

Closed i2i8 closed 3 years ago

i2i8 commented 3 years ago

Can you give an example of how to add or remove a registered key or value offline? Such as: SystemOnDemand = new RegistryHiveOnDemand(MoGlobal.Mount + @"\Windows\System32\config\SYSTEM"); How do I add a key or value to it? How do I remove a key or value from it?

EricZimmerman commented 3 years ago

you dont.

its not for that. this is a forensic minded parser, it has no capabilities to add or remove keys, nor will it.

it is purely for reading hives, including deleted keys and values.

i2i8 commented 3 years ago

Thank you very much for your reply. Can you recommend a plugin for offline reading and writing to the registry? Thanks again.

EricZimmerman commented 3 years ago

i would think the windows api would have one. i dont know for sure tho. never had to do it

i2i8 commented 3 years ago

Okay, thank you very sweet much. Thank you again.