Not an exact reference to the hive
I also check an image of a Vista install that was discovered to be using a cracked version (via some registry hacks) and it has that hive as well.
Bithead,
Which hive are you referring to?
Bithead,
Which hive are you referring to?
The afore mentioned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
Perhaps the proper nomenclature would be the value of the subkey "InstallDate" of the subkey "CurrentVersion" of the blah blah blah of the hive "HKEY_LOCAL_MACHINE\Software". Although I have to admit I am not sure where a key turns to a subkey in this instance.
At the link I posted in the second "quote" posted by s0121 in the seventh line is the "InstallDate" and dword value from a Vista SP1 machine.
Bithead,
Which hive are you referring to?
The afore mentioned HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
Ah, okay…no wonder I was confused…that's not a hive, but a value.
Perhaps the proper nomenclature would be the value of the subkey "InstallDate" of the subkey "CurrentVersion" of the blah blah blah of the hive "HKEY_LOCAL_MACHINE\Software". Although I have to admit I am not sure where a key turns to a subkey in this instance.
InstallDate isn't a subkey, it's a value within the CurrentVersion subkey.
Without the visual it is sometimes hard to remember where keys and subkeys change over.
So the dword value that is the date is the value of the value InstallDate?
Yes. It's a 32-bit Unix time value, very easy to convert in Perl.
This is just a personal preference, but I find the distinction between keys and values important, as keys have LastWrite times…values do not.
I agree whole heartedly. However I am a visual learner, without looking at the Registry in some sort of viewer it is hard to remember what is a key, subkey or value beyond the obvious hive levels.