Chroot is often assimiled to be a kind sandbox. But in Unix, it also allow use of programs on certain non-bootable installation. When I search chroot for windows: I see things like sandbox. I don't want security, I want a way to rescue the system. By example, if I disabled syskey with ntpasswd, running C:\windows\system32\syskey.exe with a such utility would modify the registry entries of the of the offline installation, not the current one. It could be called runon similar as runas for alternative users.
What chroot would means here for windows? Well, there is winre which allow having the same drive letters of your windows installation. There is an example: compact.exe is not present on winre installs. if you cd to \%Windir%\system32 (the directory of the offline install) and run compact, it won't work(except if you use it with /?). If you run
X:\sources\>path C:\Windows\System32\
You now use the files present in your offline windows. Base dlls such as ntdll.dll or eventually gdi.dll are those from C:\Windows\System32 instead of X:\%windir%\system32 and running compact will work.
But Programs runned by this way will use the current registry. The main keys (HKLM; HKCC; HKCR; HKCU; HKU; HKEY_PERFORMANCE_DATA) with their contents, are those of the current winre/pe installation, not those you have when you booted in your windows. So, if a program want to modify some registry entries, it will modify the Hives of X:\windows\system32\config not those of located in the C:\ systemdrive.
It is possible to mount the Hives of your offline windows under HKLM and edit them, but the programs which have their informations in HKLM\Software would still look at HKLM\Software and not at the name you mounted it.
The utility I am looking for would (partially?) hide the registry of winpe/re in favour of the one present in the offline install. The expected effect is that if you launch the registry editor with the utility, you will see the keys as if you would have booted into windows. (Maybe with some exceptions?)
The application would still use the Microsoft services of the current windows. I'd like launching services installed on the offline windows that are not installed on the current one. It would be nice to do this even for kernel ones. By this way, you would have the same behaviour when you launch sysv daemons in unix. Except here some mechanism for avoiding dual instances could be necessary, because the problems would be more critical on windows
The user access rights are an important part in the Microsoft systems. Specifying a user name and password in the parameters of the command line could be necessary. Some problems occurs with a bad User database configuration and prevent windows to boot. If want to enable syskey again, It would need to have the authentication informations which couldn't be used. But in some case like syskey problems, it make windows in endless reboots. I think one possibility would be to find a way to mount the user Hives by providing their path instead of login informations. Or if it is impossible, try to keep the user keys/informations of the current booted windows.
I don't know if a utility like this exist. I'd like help for programming it with mingw from linux (I can't have Visual Studio) . It would be good if it don't need to be installed. I would like it don't use .NET or the full windows API, because I would like to see it working under winre. I write for C/C++ under linux, but I never done it for windows. The only experience I have is provided by the fact I managed to build 7-Zip with winebuilder. I just know that the main function is called "main" for console programs and "WinMain" for windows ones. I am not familiar with WINAPI nor nt API. I just know there are not real equivalent to the chroot() of the Unix API.
I hope this is possible, thanks in advance.
