# Solved: ThinApp Registry Export

Say you want to convert VMWare’s ThinApp (formerly known as Thinstall) Registry,
From the sanbox-virtual format (those text files in your capture/project-name folder) To something a human can be easily read, say, a windows registry file.

Why? well.. maybe you’ve just captured a setup process in-order to check what has been changed on your operation-system.

A really common reason to use ThinApp without actually building anything at the end, at least among the VM-savvy engineers is for the sake of tracking the changes to the operation-system, in hope of simplifying installations, in cases all you may need is a pair of exe-and-reg files and no need for an overkill of sandboxing an entire application + virtualapp-engine.
~
ThinApp does a very good job of capturing even the deepest registry changes (including those of permission limitation or ones which does not “really exist”, such as soft symbolic-linked keys for example under HKEY_USERS (which are common enough).

Another way of comparing registry changes including dumping the entire registry (before and after..) and comparing the the .REG files using a program such as BeyondCompare.

A similar method but somehow slightly easier is the usage of Registry-Workshop, and the “before” and “after” snapshots feature, following the built-in compare-engine which is pretty much a nice wrap around the same thing (above) except using the program’s internal-compare engine which also allows to jump-into the inspected values, sync changes, etc…

So..

I’ve captured a nice little freeware called foxit PDF
and got the familiar folder structure (before building anything!)

If you’ll have a look (just a look, don’t worry..)
inside the build.bat batch-file,
You’ll see part of the command we’ll going to use, which is actually part of creating the virtual-sandbox,
in-particularity- the REGISTRY part:

After the hint, it is time for the solution walk-through:

1. Under your ThinApp folder (same level where you’ll find the create a new folder, named reg_convert.
2. Under reg_convert create two folder named in and out
3. Under in folder, copy the Package.ini from your captured-package,
or use this generic, minimal Package.ini

you only need the part related to setup-capture, mostly the versioning of the capturing engine of ThinApp, and the code-page [language] of 1033 [English] might be useful in-case you have registry keys with foreign-characters, which in this case you might want to have a look at the values of one of your original captured Package.ini files, or Google it.. 1037 is Hebrew :]

[Compression]
CompressionType=None

[Isolation]
DirectoryIsolationMode=Merged

[BuildOptions]
;-------- Parameters used only during Setup Capture  ----------
CapturedUsingVersion=5.1.0-2079447
CaptureProcessorArchitecture=0
CapturePlatformVersion=0501
CaptureOSArchitecture=32
CaptureOSMajorVersion=5
CaptureOSMinorVersion=1
CaptureOSSuite=256
CaptureOSProductType=1
CaptureOSCSDVersion=Service Pack 3
CaptureOSProcessorCoreCount=2
CaptureOSRemoteSession=0
CaptureOSVMwareVM=1
OutDir=bin

AnsiCodePage=1255
LocaleIdentifier=1033

AltArchitectureShortcut=0
QualityReportingEnabled=0


4. Still under the in folder, you should now copy (just) the registry files (.TXT) from your captured project.

You do not have to copy them all, and you are well encouraged to make them as small and lite as possible by removing values that are not needed. The smaller and fewer they’ll be, the faster the entire process will be completed.

For example I’ll going to remove the following “keys/values/data” since they are not needed or even related to the package itself, even more than that, those can collide with the operation-system’s more recent-values (in-case I’ll be building the project later..)

5. At this point, we will generate a virtual-sandbox holding just the registry values (no files), using the vregtool.exe command.

1. open up CMD and navigate to where you have your vregtool.exe
(same place you’ll have reg_convert).
cd c:\.......\ThinApp\
2. run vregtool.exe reg_convert\out\reg.tvr ImportDir reg_convert\in\,

You may ignore warnings, or remove any extra-empty lines at the bottom of the txt files,
It will take few seconds, and you’ll find the tvr file under the out folder.
1. Almost done, we will, now, extract the actual registry key (in the standard windows format) from the virtual-sandbox, exporting it to the same out folder.

run:vregtool.exe reg_convert\out\reg.tvr ExportReg reg_convert\out\registry.reg

You’ll find your result file under the out folder as well as the old tvr file.

2. Done.

naturally a cleanup will be required in-order to use the same method of converting txttvrreg,
remove the txt files under in folder, keep Package.ini file there to be used the next time.
you can safely remove the entire content of the out folder (the reg.tvr, and once you’ll be done with it- the registry.reg file).

Naturally a batch file can quite easily be generated,
You can make one to drag&drop the entire captured-folder, allowing automated copy, generating the copying back the result to your captured-project, in same place as the txt files, to keep things organised by project. :)

Hope it helps ! :]

Happy engineering day :]]

# VMware-Related Sub-Domains

Using virustotal.com, www.robtex.com and sniffing on local-machine w/ it installed on.