Using the registry alone, how does one detect: The Windows Version (XP, Vista, 7). The Edition (Home Premium, Professional, Ultimate). And The Service Pack level (Beta, RTM, SP1, SP2).
This is because I am repairing on offline system. The Registry of offline systems can be mounted and accessed.
Use the values under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion. I presume you know where to find that hive?! The respective hive can be found under %SystemRoot%\System32\config with the name SOFTWARE.
Side-note: you can attempt to verify your results by looking at some well-known files (e.g. kernel32.dll, ntdll.dll) and into their version information resource (what you're looking for is the file version: with, e.g. GetFileVersionInfo()).
Edition values, if that's needed, can be found at HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions. See here.
Everything you want is in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion.
However, I believe these values can be faked, so be cautious.
Using the registry alone, how does one detect: The Windows Version (XP, Vista, 7). The Edition (Home Premium, Professional, Ultimate). And The Service Pack level (Beta, RTM, SP1, SP2).
This is because I am repairing on offline system. The Registry of offline systems can be mounted and accessed.
Use the values under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion. I presume you know where to find that hive?! The respective hive can be found under %SystemRoot%\System32\config with the name SOFTWARE.
Side-note: you can attempt to verify your results by looking at some well-known files (e.g. kernel32.dll, ntdll.dll) and into their version information resource (what you're looking for is the file version: with, e.g. GetFileVersionInfo()).
Edition values, if that's needed, can be found at HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions. See here.
Everything you want is in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion.
However, I believe these values can be faked, so be cautious.
0 commentaires:
Enregistrer un commentaire