KPLive is a Live CD based on Minimal Linux Live on which I added the ability to mount NTFS partitions, create files/folders on these partitions and manage their attributes. The initial goal (I hope to make it evolve over time) of this iso is to restore backups of the Windows registry created by KpRm. To simplify hive recovery, I have included a script (kprm_restore_hives) that automates all commands and generates a report (C:\kprm_restore_[date].txt). The Live CD also contains busyboxes and thus a large number of standard commands are available.
The Live CD offers these features (the main ones):
- mount read/write NTFS partitions (ntfs-3g + fuse)
- see/modify/create Windows file/folder attributes (attr + ntfs_attr)
- restore registry backups created by KpRm (kprm_restore_hives)
- search/replace infected Windows drivers with the noahdfear drivers.sh script (noahdfear_drivers.sh)
- go online
- statically install new programs (e.g. a text-mode browser, ...) (static_get)
- start on bios/efi
- change keyboard configuration (kbd)
How to restore Windows hives?
- Make a bootable key or CD
- Booting on media
- At this point, press ENTER or wait 5 seconds.
- At this stage, press SPACE
- At this point, press SPACE or wait 5 seconds.
- Once the startup process is complete, you will be with an American keyboard (qwerty), you can change it:
loadkeys fr(French keyboard)
loadkeys de(German keyboard)
loadkeys fr_CH(French keyboard Switzerland)
- To restore the hives:
- If backups are found, you will get a screen like this:
- Just choose the right number and press ENTER
- At the end, a report is created under C:\kprm_restore_[date].txt