January 17, 2011 · 5:56 pm

↓ Jump to Comments

Stay classy, Microsoft

I thought when I was looking at the Windows Registry I’d seen it all … until today when I found that the Windows 7 installation CD contains what seems like a registry that directly encodes an XML schema document.

WHY!!!

If you have a Win7 install CD, it is /sources/schema.dat. After passing it through hivexregedit –export you get:

Windows Registry Editor Version 5.00

[\]

[\wcm://Microsoft-Windows-DNS-Client?version=6.1.7600.16385&language=neutral&processorArchitecture=amd64&publicKeyToken=31bf3856ad364e35&versionScope=nonSxS&scope=allUsers]

[\wcm://Microsoft-Windows-DNS-Client?version=6.1.7600.16385&language=neutral&processorArchitecture=amd64&publicKeyToken=31bf3856ad364e35&versionScope=nonSxS&scope=allUsers\metadata]
"@_legacyHandler"=hex(10000005):04,00,00,00
"@_targetNamespace"=hex(1000000c):4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2d,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,2d,00,44,00,4e,00,53,00,2d,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00
"@language"=hex(1000000c):6e,00,65,00,75,00,74,00,72,00,61,00,6c,00,00,00
"@processorArchitecture"=hex(1000000c):61,00,6d,00,64,00,36,00,34,00,00,00
"@publicKeyToken"=hex(1000000c):33,00,31,00,62,00,66,00,33,00,38,00,35,00,36,00,61,00,64,00,33,00,36,00,34,00,65,00,33,00,35,00,00,00
"@version"=hex(1000000c):36,00,2e,00,31,00,2e,00,37,00,36,00,30,00,30,00,2e,00,31,00,36,00,33,00,38,00,35,00,00,00
"@versionScope"=hex(1000000c):6e,00,6f,00,6e,00,53,00,78,00,53,00,00,00
"@xmlns:asmv3"=hex(1000000c):75,00,72,00,6e,00,3a,00,73,00,63,00,68,00,65,00,6d,00,61,00,73,00,2d,00,6d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2d,00,63,00,6f,00,6d,00,3a,00,61,00,73,00,6d,00,2e,00,76,00,33,00,00,00
"@xmlns:wcm"=hex(1000000c):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,63,00,68,00,65,00,6d,00,61,00,73,00,2e,00,6d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,63,00,6f,00,6d,00,2f,00,57,00,4d,00,49,00,43,00,6f,00,6e,00,66,00,69,00,67,00,2f,00,32,00,30,00,30,00,32,00,2f,00,53,00,74,00,61,00,74,00,65,00,00,00
"@xmlns:xmlns"=hex(1000000c):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,2e,00,77,00,33,00,2e,00,6f,00,72,00,67,00,2f,00,32,00,30,00,30,00,30,00,2f,00,78,00,6d,00,6c,00,6e,00,73,00,2f,00,00,00
"@xmlns:xsd"=hex(1000000c):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,2e,00,77,00,33,00,2e,00,6f,00,72,00,67,00,2f,00,32,00,30,00,30,00,31,00,2f,00,58,00,4d,00,4c,00,53,00,63,00,68,00,65,00,6d,00,61,00,00,00

[\wcm://Microsoft-Windows-DNS-Client?version=6.1.7600.16385&language=neutral&processorArchitecture=amd64&publicKeyToken=31bf3856ad364e35&versionScope=nonSxS&scope=allUsers\metadata\complexTypes]

[\wcm://Microsoft-Windows-DNS-Client?version=6.1.7600.16385&language=neutral&processorArchitecture=amd64&publicKeyToken=31bf3856ad364e35&versionScope=nonSxS&scope=allUsers\metadata\complexTypes\DomainNameCollectionType]
"@_MemberList"=hex(1000800c):44,00,6f,00,6d,00,61,00,69,00,6e,00,4e,00,61,00,6d,00,65,00,00,00,00,00
"@_valid"=hex(10000001):00

[\wcm://Microsoft-Windows-DNS-Client?version=6.1.7600.16385&language=neutral&processorArchitecture=amd64&publicKeyToken=31bf3856ad364e35&versionScope=nonSxS&scope=allUsers\metadata\complexTypes\DomainNameCollectionType\DomainName]
"@_hint"=hex(10000006):01,00,00,00
"@_type"=hex(10000005):0c,60,00,00
"@xsd:maxOccurs"=hex(10000006):ff,ff,ff,ff
"@xsd:minOccurs"=hex(10000006):00,00,00,00
"@xsd:type"=hex(1000000c):44,00,6f,00,6d,00,61,00,69,00,6e,00,4e,00,61,00,6d,00,65,00,54,00,79,00,70,00,65,00,00,00

[\wcm://Microsoft-Windows-DNS-Client?version=6.1.7600.16385&language=neutral&processorArchitecture=amd64&publicKeyToken=31bf3856ad364e35&versionScope=nonSxS&scope=allUsers\metadata\complexTypes\InterfaceCollectionType]
"@_MemberList"=hex(1000800c):49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,00,00,00,00
"@_valid"=hex(10000001):00

[\wcm://Microsoft-Windows-DNS-Client?version=6.1.7600.16385&language=neutral&processorArchitecture=amd64&publicKeyToken=31bf3856ad364e35&versionScope=nonSxS&scope=allUsers\metadata\complexTypes\InterfaceCollectionType\Interface]
"@_type"=hex(10000005):10,40,00,00
"@key"=hex(1000000c):49,00,64,00,65,00,6e,00,74,00,69,00,66,00,69,00,65,00,72,00,00,00
"@xsd:maxOccurs"=hex(10000006):ff,ff,ff,ff
"@xsd:minOccurs"=hex(10000006):00,00,00,00
"@xsd:type"=hex(1000000c):49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,54,00,79,00,70,00,65,00,00,00

(and on for 1,355 lines)

Leave a comment

Filed under Uncategorized

Tagged as hivexregedit, libguestfs, microsoft, registry, windows, windows registry, xml, xml schema

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: