Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Regedit is not a valid win32 application


  • Please log in to reply
1 reply to this topic

#1 johnnybiggles

johnnybiggles

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 02 May 2012 - 12:16 PM

I was experimenting with executing a remote registry key file (.reg) used to change the 'Registered Owner' name of the PC (In the past, locally, I've simply double-clicked on a .reg file to add/change a registry key). I've been playing around with PSTools which I use to do things remotely across the network and have had success running batch files. I thought it should be the same syntax when running a .reg file but of course, it did not work. So in trying to tweak the syntax, I ended up not only failing to change the key, but messing up the startup of Regedit itself somehow. Here's what happened specifically:

Using PSExec:
c:\PSTools\> pstools \\remotecomputer -c -u domain\username -p password c:\files\regowner.reg

...where the .reg file looks like this when opened up in notepad for editing:

Windows Registry Editor 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion] 
"RegisteredOwner"="The Boss"


I ran this^^ exact syntax a few minutes prior with a batch file (a .bat file used to do something else on the computer) from the same location and it worked fine. Then I ran it with the .reg file and it connected to the other computer, but gave the following error:

PsExec could not start regowner.reg on remotecomputer:
The system cannot find the file specified.

SO, I looked something up and tried it this way instead:
c:\PSTools\> psexec \\remotecomputer -c -u domain\username -p password regedit \\localcomputer\files\regowner.reg

...where the "files" directory (and all subdirectories) is also a share, if that matters.

The program hung for a long time... but when I checked the remotecomputer, the registry key had not been applied and when I use Start > Run > regedit, it gives me the error:
Regedit is not a valid win32 application
I checked, and I actually have a regedit.exe in 2 locations (C:\WINDOWS and also C:\WINDOWS\system32) and both are different sizes and different dates. The C:\WINDOWS file actually opens the registry editor where the other gives me the previous error message.

Other possibly relevant info:
- I backed up (exported) the entire registry to a .reg file
- There is no regedit.com file anywhere (I've read that that could be the problem)
- Once I was able to open the registry editor, I tried to restore the backup copy I made just before I had done all of this, but it got almost to the end and said not all files could be imported or restored (don't remember the exact message)
- Got the same error ("not valid win32 app...") when I double-clicked the .reg backup file I made of the entire registry before trying this procedure
- I rebooted the computer and tried again, same error
- The localcomputer command prompt showed the follwing error when I rebooted the remotecomputer:
Error communicating with PsExec service on remotecomputer:
The specified network name is no longer available.
Could not delete regedit.exe from remotecomputer:
The network path was not found.
...which I guess means it had regedit running, since the program (not just the .reg file) was specified to run in the command syntax. PSTools seems to copy the executable file, then run it, then remove it when it is done (all done silently in the background on the remote machine), which explains the "Could not delete.." portion of this error.

Any idea what I've done here or how to fix it? Is it possible to execute a .reg file remotely using PSTools? Is there another/better way of changing the RegisteredOwner key remotely? If so, where did I go wrong with the syntax or anything else? Please help... thanks.

Edited by johnnybiggles, 02 May 2012 - 12:17 PM.


BC AdBot (Login to Remove)

 


#2 Guest_Xircal_*

Guest_Xircal_*

  • Guests
  • OFFLINE
  •  

Posted 03 May 2012 - 12:58 PM

Regedit.exe is indeed to be found in two locations, but C:\Windows\System32 is not one of them.

You should be able to find them both here:

  • C:\WINDOWS
  • C:\WINDOWS\ServicePackFiles\i386

According to Mark Russinovich, PSTools has been used by viruses, so maybe that's what the other one is in the System32 folder.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users