This paper provides a thorough analysis of the storage structure of hive files and then proposes a new method for processing hive files independently of the Windows registry API and for achieving direct access. The method has the advantages of high priority and of preserving the computing environment. In particular, it is suitable for occasions when the hive files of the target operating system cannot be copied or directly loaded. This paper also presents a set of algorithms for key operations associated with hive files such as access, deletion, creation, and expansion. These operations are designed to be independent of the Windows API. Third-party developers can develop other specialized applications on the basis of this set of algorithms. A complete hivedit program to carry out the operations described above has been implemented. This program can be executed before loading the operating system with the assistance of the ECM-XDP3 emulator, and the correctness of all the algorithms has been verified.

• 出版日期2019-5
• 单位广东工业大学