Author Topic: Hive Dumping?  (Read 3976 times)

Offline controler

  • Newbie
  • *
  • Posts: 1
    • View Profile
Hive Dumping?
« on: April 03, 2005, 04:15:13 pm »
Hello

When you say you dump the registry, are you saying you are dumping the hive?
Would this be a good way to detect rootkits also?

I have used TotalUninstall before and found it left too many registry entries left.
I found this out by running RegistryCrawler.

How does your software compare to TotalUninstall?

Thank you

controler

Offline Admin

  • Administrator
  • Hero Member
  • *****
  • Posts: 522
    • View Profile
    • ZSoft Software
Re: Hive Dumping?
« Reply #1 on: April 03, 2005, 07:01:32 pm »
Hi.

I'm not sure that you mean when saying "Hive". Sorry - maybe try to explain it instead :-[.

What the function does is that it dumps:
o Every thing in HKEY_CLASSES_ROOT.
o Everything in HKEY_CURRENT_USER.
o Everything but "\System" and "\SOFTWARE\Classes" in HKEY_LOCAL_MACHINE.
o Everything in HKEY_CURRENT_CONFIG.
 
When I say dump, what it does is that it makes a file with info about the registry: Key names (the ones that looks like folders in regedit), values (the "files" in regedit) and the value of the value, it the value is not binary.

I don't know if it is better or worse than TotalUninstall, sorry.

Also, as I understand rootkits, they, if "good enough", can hide themselves 100%...