我在这里有一个很好的问题.
原文链接:https://www.f2er.com/windows/364898.html有一个名为reg.exe的实用程序已经与Windows一起提供了很长时间.从脚本导入.reg文件,从脚本修改值等等非常方便.所以在为脚本场景制作副本时(“为什么不在system32中使用副本?” – >软件限制策略,个人pref等)我注意到重命名它会让它无声地失败:
Windows Server 2008 x64:
Microsoft Windows [Version 6.0.6001] Copyright (c) 2006 Microsoft Corporation. All rights reserved. C:\Windows\system32>reg.exe ERROR: Invalid Syntax. Type "REG /?" for usage. C:\Windows\system32>copy reg.exe reg2.exe 1 file(s) copied. C:\Windows\system32>reg2.exe C:\Windows\system32>reg2.exe /? C:\Windows\system32>reg.exe /? REG Operation [Parameter List] Operation [ QUERY | ADD | DELETE | COPY | SAVE | LOAD | UNLOAD | RESTORE | COMPARE | EXPORT | IMPORT | FLAGS ] Return Code: (Except for REG COMPARE) 0 - Successful 1 - Failed For help on a specific operation type: REG Operation /? Examples: REG QUERY /? REG ADD /? REG DELETE /? REG COPY /? REG SAVE /? REG RESTORE /? REG LOAD /? REG UNLOAD /? REG COMPARE /? REG EXPORT /? REG IMPORT /? REG FLAGS /? C:\Windows\system32>
但是使用Windows XP x86:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\chris>cd \WINDOWS\system32
C:\WINDOWS\system32>reg.exe
Console Registry Tool for Windows - version 3.0
Copyright (C) Microsoft Corp. 1981-2001. All rights reserved
REG Operation [Parameter List]
Operation [ QUERY | ADD | DELETE | COPY |
SAVE | LOAD | UNLOAD | RESTORE |
COMPARE | EXPORT | IMPORT ]
Return Code: (Except of REG COMPARE)
0 - Succussful
1 - Failed
For help on a specific operation type:
REG Operation /?
Examples:
REG QUERY /?
REG ADD /?
REG DELETE /?
REG COPY /?
REG SAVE /?
REG RESTORE /?
REG LOAD /?
REG UNLOAD /?
REG COMPARE /?
REG EXPORT /?
REG IMPORT /?
C:\WINDOWS\system32>copy reg.exe reg2.exe
1 file(s) copied.
C:\WINDOWS\system32>reg2.exe
Console Registry Tool for Windows - version 3.0
Copyright (C) Microsoft Corp. 1981-2001. All rights reserved
REG Operation [Parameter List]
Operation [ QUERY | ADD | DELETE | COPY |
SAVE | LOAD | UNLOAD | RESTORE |
COMPARE | EXPORT | IMPORT ]
Return Code: (Except of REG COMPARE)
0 - Succussful
1 - Failed
For help on a specific operation type:
REG Operation /?
Examples:
REG QUERY /?
REG ADD /?
REG DELETE /?
REG COPY /?
REG SAVE /?
REG RESTORE /?
REG LOAD /?
REG UNLOAD /?
REG COMPARE /?
REG EXPORT /?
REG IMPORT /?
C:\WINDOWS\system32>
WinDbg似乎告诉我CRT正在杀死它:
Child-SP RetAddr Call Site 00000000`0016f798 00000000`779d2f8b ntdll!ZwTerminateProcess+0xa 00000000`0016f7a0 000007fe`fe97d832 ntdll!RtlExitUserProcess+0x8b 00000000`0016f7d0 00000000`ffe7f710 msvcrt!cinit+0x13b 00000000`0016f810 00000000`778a495d reg!DynArrayGetItemType2+0x1fc 00000000`0016f850 00000000`779d8791 kernel32!BaseThreadInitThunk+0xd 00000000`0016f880 00000000`00000000 ntdll!RtlUserThreadStart+0x1d
但由于我对WinDbg不太熟悉(而且这个是64位,所以,Ollydbg失败了)我在这里不知所措.感谢您的任何信息.
编辑
感谢CyberShadow的帮助和一些谷歌搜索,我找到了解决方案:它在安装的当前语言的子文件夹中查找.mui(它的翻译).
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Windows\system32>cd en-US
C:\Windows\System32\en-US>copy reg.exe.mui reg2.exe.mui
1 file(s) copied.
C:\Windows\System32\en-US>cd ..
C:\Windows\System32>reg2
ERROR: Invalid Syntax.
Type "REG /?" for usage.
C:\Windows\System32>del en-US\reg2.exe.mui
C:\Windows\System32>reg2
C:\Windows\System32>
