7

Using the registry alone, how does one detect: The Windows Version (XP, Vista, 7). The Edition (Home Premium, Professional, Ultimate). And The Service Pack level (Beta, RTM, SP1, SP2).

This is because I am repairing on offline system. The Registry of offline systems can be mounted and accessed.

unixman83
  • 9,421
  • 10
  • 68
  • 102

3 Answers3

5

Use the values under HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion. I presume you know where to find that hive?! The respective hive can be found under %SystemRoot%\System32\config with the name SOFTWARE.

Side-note: you can attempt to verify your results by looking at some well-known files (e.g. kernel32.dll, ntdll.dll) and into their version information resource (what you're looking for is the file version: with, e.g. GetFileVersionInfo()).

Edition values, if that's needed, can be found at HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions. See here.

0xC0000022L
  • 20,597
  • 9
  • 86
  • 152
  • To load a hive you use `regedit`. You can do this from any Windows machine and should not affect your installation. Just load the hive and choose some temporary name for a new branch. More here: http://www.zeda.nl/index.php/en/load-user-registry-hive-in-regedit – Nux Jul 27 '19 at 22:59
1

Everything you want is in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion.

However, I believe these values can be faked, so be cautious.

user541686
  • 205,094
  • 128
  • 528
  • 886
  • EditionID, CSDVersion, BuildLab, Product Name, etc... there's a lot of redundancy there, and I think none of them is foolproof. Probably the most descriptive is BuildLab; for me it's: `7601.win7sp1_rtm.101119-1850`. You'll still need EditionID though (`HomePremium`, etc.). – user541686 Apr 18 '11 at 23:36
  • is there a better way then? like querying the file version of some *what* system file? – unixman83 Apr 18 '11 at 23:38
  • 1
    the latter can be found at `HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions` – 0xC0000022L Apr 18 '11 at 23:40
  • 1
    @unixman83: Querying files (@STATUS's solution) will work for most things, but not for the edition (Home Premium vs Ultimate). – user541686 Apr 18 '11 at 23:40
  • @unixman83: any well-known file will work. Make sure to verify it's a signed (and valid) version of the file. Which should be possible ever since XP. On 2000 I think not all were signed. – 0xC0000022L Apr 18 '11 at 23:41
0

Using Linux, here Ubuntu, you can use chntpw.

I did this:

sudo apt install chntpw
chntpw -e /path/to/windisk/Windows/System32/config/SOFTWARE
cat \Microsoft\Windows NT\CurrentVersion\ProductName

and was told that the version was Windows 10 Home. Note that the capitalization in the path may differ across versions, so look if it doesn't work. One plae also mentioned a RegBack folder occurring int he path (sorry, I forgot where).

Additional details may be found through other keys. To list other keys in CurrentVersion, while in chntpw, do

ls \Microsoft\Windows NT\CurrentVersion
Rasmus
  • 143
  • 7