Modifying Windows registry from within Linux

I have a windows dd image that I have locally mounted.

I need to apply a series of registry tweaks from a known .reg file, within this Linux environment. I can't seem to find any tool that satisfies this.

I have found regpatch and hivexsh but they don't seem to do what I need, or I'm using them terribly wrong. Are there any working examples of performing such a task?

I think what you are looking for is chntpw (it's the same as mentioned in Ben's question, btw). It comes as package (Ubuntu sudo apt-get install chntpw) with modern distros and allows listing or editing the registry, given the hive file of a Windows installation. Hive files are ntuser.dat in the profile directories of user as well as the files under %SystemRoot%\system32\config such as software.

From the man chntpw page:

-e     Registry editor with limited capabilities.

Caution: keep in mind that the format isn't officially documented by Microsoft and therefore any third-party editing tools could potentially damage the hives they load and manipulate. Take a backup!

As for applying a .reg file I don't think you'll get around parsing it yourself. It is basically just an INI/INF file with a special first line and sections named after the keys and values that have been escaped according to the type of the value. @ is a special value name for the default key. The rest is self-evident from looking at the file.

Python comes with built-in capabilities to parse INI files, so it provides a good starting point.

I’d start having a sniff around http://www.pogostick.net/~pnh/ntpasswd/ as I’m aware it may have some basic tools to get you there.