Possible to extract registry backup from restore point?

[Azzip]

Hi everybody, I was wondering if it is possible to extract the registry backup from a System Restore Point? In Windows XP the restore points were plain folders within the System Volume Information, but in Windows 7 they appear to be compressed into files like "{c09132a3-4131-11df-b9d7-002017c00008}{8807474b-c356-7e49-b2ae-03046e4cc752}". Is there a way to open these? I read the tutorial about extracting files from the system image vhd files in the WindowsImageBackup folder, but I think this is a different situation unless the system restore points are also vhd files?

(Background: I have a truecrypt system encryption which renders windows' own recovery function useless in the case of boot failure. So I ended up replacing the registry files manually by mounting my drive with a linux live cd w/ truecrypt. The only problem was to get hand on a working backup, so for the next time I'd like to know if I can extract the registry files from my old restore points).

 

[Ztruker]

The easiest way to handle this is to install ERUNT and have it auto start when the system boots. It will make a complete backup of your registry and store it in date named folders under \Windows\ERDNT\AutoBackup.

The reg files are easily restored by running the appropriate erdnt.exe file from the date named folder you want.

Worked well with XP and Vista and now works with Win 7.

 

[Azzip]

The easiest way to handle this is to install ERUNT and have it auto start when the system boots. It will make a complete backup of your registry and store it in date named folders under \Windows\ERDNT\AutoBackup.

The reg files are easily restored by running the appropriate erdnt.exe file from the date named folder you want.

Worked well with XP and Vista and now works with Win 7.

Thank you for your nice workaround! Still I'm curious if I can get into those System Restore point files. Any idea?

 

[Ztruker]

No, sorry. I'd like to see some ideas as well.

 

[MilesAhead]

The author of this program might be willing to give a clue:

ShadowExplorer.com - About

He digs out the file backups or shadow copies from restore point sets. I use the program and it's worked well for me. Perhaps a donation might get the author to provide a few clues. I don't think it's open source. But you might be surprised. Sometimes these programmer types will email you back if you ask a question tangential to one of their applications.

 

[SIW2]

You can copy the hives from shadow copies with Shadow Explorer.

 

[whs]

You can copy the hives from shadow copies with Shadow Explorer.

Works well in Vista, but does probably not work in XP. This is what the program desciption says: " ShadowExplorer allows you to browse the shadow copies created by the Windows® VistaTM Volume Shadow Copy Service. "