General > General Support

Hive Dumping?

(1/1)

controler:
Hello

When you say you dump the registry, are you saying you are dumping the hive?
Would this be a good way to detect rootkits also?

I have used TotalUninstall before and found it left too many registry entries left.
I found this out by running RegistryCrawler.

How does your software compare to TotalUninstall?

Thank you

controler

Admin:
Hi.

I'm not sure that you mean when saying "Hive". Sorry - maybe try to explain it instead :-[.

What the function does is that it dumps:
o Every thing in HKEY_CLASSES_ROOT.
o Everything in HKEY_CURRENT_USER.
o Everything but "\System" and "\SOFTWARE\Classes" in HKEY_LOCAL_MACHINE.
o Everything in HKEY_CURRENT_CONFIG.
 
When I say dump, what it does is that it makes a file with info about the registry: Key names (the ones that looks like folders in regedit), values (the "files" in regedit) and the value of the value, it the value is not binary.

I don't know if it is better or worse than TotalUninstall, sorry.

Also, as I understand rootkits, they, if "good enough", can hide themselves 100%...

Navigation

[0] Message Index

Reply

Go to full version