ZSoft Software Support Forum

General => General Support => Topic started by: controler on April 03, 2005, 04:15:13 pm

Title: Hive Dumping?
Post by: controler on April 03, 2005, 04:15:13 pm

When you say you dump the registry, are you saying you are dumping the hive?
Would this be a good way to detect rootkits also?

I have used TotalUninstall before and found it left too many registry entries left.
I found this out by running RegistryCrawler.

How does your software compare to TotalUninstall?

Thank you

Title: Re: Hive Dumping?
Post by: Admin on April 03, 2005, 07:01:32 pm

I'm not sure that you mean when saying "Hive". Sorry - maybe try to explain it instead :-[.

What the function does is that it dumps:
o Every thing in HKEY_CLASSES_ROOT.
o Everything in HKEY_CURRENT_USER.
o Everything but "\System" and "\SOFTWARE\Classes" in HKEY_LOCAL_MACHINE.
o Everything in HKEY_CURRENT_CONFIG.
When I say dump, what it does is that it makes a file with info about the registry: Key names (the ones that looks like folders in regedit), values (the "files" in regedit) and the value of the value, it the value is not binary.

I don't know if it is better or worse than TotalUninstall, sorry.

Also, as I understand rootkits, they, if "good enough", can hide themselves 100%...