欧美bbbwbbbw肥妇,免费乱码人妻系列日韩,一级黄片

QEMU/KVM查看虛擬機(jī)系統(tǒng)注冊(cè)表的方法

  發(fā)布時(shí)間:2013-03-31 13:48:03   作者:佚名   我要評(píng)論
在QEMU/KVM的虛擬化環(huán)境中,如果想要操作Windows虛擬機(jī)的注冊(cè)表,原來的理解是不可以的,最近查資料發(fā)現(xiàn)其實(shí)有工具可以做到的

libguestfs-tools套件提供了一個(gè)基于QEMU的磁盤映像去查找這個(gè)磁盤映像中安裝的Windows操作系統(tǒng)的具體注冊(cè)表信息,甚至是進(jìn)行改動(dòng)(當(dāng)然不安全,目前可能不成熟,可能損壞映像文件)。

這個(gè)套件目前我只在centos和redhat的虛擬化環(huán)境中找到了,具體安裝方法很簡單:

復(fù)制代碼
代碼如下:

yum install libguestfs libguestfs-tools libguestfs-winsupport

安裝完成之后,使用virt-win-reg既可以對(duì)已經(jīng)安裝操作系統(tǒng)的虛擬機(jī)映像文件進(jìn)行注冊(cè)表的讀取操作,不過要注意的是目前只推薦在虛擬機(jī)停止?fàn)顟B(tài)下獲取注冊(cè)表的信息,如果在啟動(dòng)模式下獲取注冊(cè)表或者修改注冊(cè)表信息都可能導(dǎo)致虛擬機(jī)映像文件損壞。

具體使用方法如下:

復(fù)制代碼
代碼如下:

virt-win-reg win9-clone 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall'

其中win9-clone是虛擬機(jī)的名字,可以通過libvirt的virsh list –all命令查詢得出,不過一定確保虛擬機(jī)已經(jīng)是停止的狀態(tài),否則可能造成磁盤損壞。

上面的命令最終執(zhí)行的結(jié)果如下:

復(fù)制代碼
代碼如下:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook]
@=hex(1):00,00</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Branding]
"QuietUninstallString"=hex(1):52,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,20,00,49,00,65,00,64,00,6b,00,43,00,53,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,42,00,72,00,61,00,6e,00,64,00,43,00,6c,00,65,00,61,00,6e,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,53,00,74,00,75,00,62,00,73,00,00,00
"RequiresIESysFile"=hex(1):31,00,30,00,30,00,2e,00,30,00,00,00</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager]
"SystemComponent"=dword:00000001</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime]</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation]
@=hex(1):00,00</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx]
@=hex(1):00,00</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore]
@=hex(1):00,00</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICW]
@=hex(1):00,00</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40]
@=hex(1):00,00</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data]
@=hex(1):00,00</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX]
@=hex(1):00,00</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData]
@=hex(1):00,00</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2]</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack]
@=hex(1):00,00</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting]
"RequiresIESysFile"=hex(1):34,00,2e,00,37,00,31,00,00,00</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress]
@=hex(1):00,00</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth]
"QuietUninstallString"=hex(1):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,73,00,65,00,74,00,75,00,70,00,61,00,70,00,69,00,2e,00,64,00,6c,00,6c,00,2c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,48,00,69,00,6e,00,66,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,20,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,55,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,31,00,33,00,32,00,20,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,49,00,4e,00,46,00,5c,00,50,00,43,00,48,00,65,00,61,00,6c,00,74,00,68,00,2e,00,69,00,6e,00,66,00,00,00
"UninstallString"=hex(1):72,00,75,00,6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,73,00,65,00,74,00,75,00,70,00,61,00,70,00,69,00,2e,00,64,00,6c,00,6c,00,2c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,48,00,69,00,6e,00,66,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,20,00,44,00,65,00,66,00,61,00,75,00,6c,00,74,00,55,00,6e,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,20,00,31,00,33,00,32,00,20,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,49,00,4e,00,46,00,5c,00,50,00,43,00,48,00,65,00,61,00,6c,00,74,00,68,00,2e,00,69,00,6e,00,66,00,00,00</p> <p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent]
@=hex(1):00,00


該命令的其他用法可以使用man virt-win-reg獲取相關(guān)幫助信息,用法還是很多的哦

相關(guān)文章

最新評(píng)論