File chntpw_1.0-1.1.diff of Package chntpw
--- chntpw-1.0.orig/Makefile
+++ chntpw-1.0/Makefile
@@ -2,28 +2,14 @@
# Makefile for the Offline NT Password Editor
#
#
-# Change here to point to the needed OpenSSL libraries & .h files
-# See INSTALL for more info.
-#
-
-#SSLPATH=/usr/local/ssl
-OSSLPATH=/usr
-OSSLINC=$(OSSLPATH)/include
CC=gcc
# Force 32 bit
-CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32
+CFLAGS= -DUSELIBGCRYPT -I. $(shell libgcrypt-config --cflags) -Wall -m32
OSSLLIB=$(OSSLPATH)/lib
-# 64 bit if default for compiler setup
-#CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall
-#OSSLLIB=$(OSSLPATH)/lib64
-
-
-# This is to link with whatever we have, SSL crypto lib we put in static
-#LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a
-LIBS=-L$(OSSLLIB)
+LIBS=$(shell libgcrypt-config --libs)
all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static
--- chntpw-1.0.orig/debian/README.source
+++ chntpw-1.0/debian/README.source
@@ -0,0 +1,6 @@
+
+ This package uses quilt to manage all modifications to the upstream source.
+ Changes are stored in the source package as diffs in debian/patches and
+ applied during the build.
+
+ See /usr/share/doc/quilt/README.source for a detailed explanation.
--- chntpw-1.0.orig/debian/changelog
+++ chntpw-1.0/debian/changelog
@@ -0,0 +1,221 @@
+chntpw (1.0-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * B-d on libgcrypt20-dev instead of (dummy transition package)
+ libgcrypt11-dev. Closes: #864097
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 27 Oct 2018 09:09:58 +0200
+
+chntpw (1.0-1) unstable; urgency=low
+
+ * Update to latest upstream release, published in 2014-02-01
+ * debian/rules: Provide also the other binaries built in the sources:
+ reged (Simple Registry Edit Utility for Windows registry hives),
+ sampasswd (SAM database, add or remove user in a group),
+ samusrgrp (SAM database, add or remove user in a group)
+ * debian/samusrgrp.8 debian/reged.8 debian/sampasswd.8: Write manpages
+ for all of the other programs built and included now in the package
+ * debian/chntpw.8: Update the manpage contents based on the program's
+ current -h output.
+ * debian/patches/01_port_to_gcrypt.patch:
+ Update patch since in this release upstream author uses a new define
+ (DOCRYPTO) that enables cryptographic code. This code, that enabled
+ users to change the password, is not enabled by default anymore since
+ it does not work with Windows XP (and later) systems.
+ * debian/patches/11_improve_documentation:
+ Add a new patch to improve the English (by a non-native speaker
+ oh! the irony!) of the HISTORY.txt and MANUAL.txt files, fixing
+ grammar and spelling mistakes, as well as some typos.
+ * debian/changelog: Fix typo and add reference to Ubuntu closed bug
+ * debian/control:
+ - Require debhelp version 5, as per debian/compat
+ * debian/rules:
+ - Update definitions to adapt to this version and upstream's numbering
+ (140201)
+ * Lintian fixes:
+ - Remove statically compiled files from sources (Fixes: source-is-missing)
+ - debian/copyright: point to the versioned license files, not the
+ symlinks since the source does not allow the use of later GPL
+ versions (Fixes: copyright-refers-to-versionless-license-file)
+ - debian/chntpw.8: Fix manpage error (Fixes:
+ manpage-has-errors-from-man)
+ - debian/rules:
+ + Added missing targets build-indep and build-arch (fixes:
+ debian-rules-missing-recommended-target)
+ + Include buildflags.mk provided by dpkg-dev (fixes:
+ hardening-no-relro)
+ - debian/control:
+ + Added ${misc:Depends} (fixes: debhelper-but-no-misc-depends)
+ + Use UTF-8 version of maintainer's second surname (i.e. 'ñ' instead
+ of 'n~') this prevents tools from thinking the uploads are a NMU
+ when they are not (fixes: changelog-should-mention-nmu)
+ + Update Standards Version to 3.9.5, no changes needed (fixes:
+ ancient-standards-version)
+ - debian/docs: Remove HISTORY.txt, it is included as a changelog already
+ (fixes: duplicate-changelog-files)
+
+ -- Javier Fernández-Sanguino Peña <jfs@debian.org> Wed, 06 Aug 2014 22:23:44 +0200
+
+chntpw (0.99.6.110511-1) unstable; urgency=medium
+
+ * Update to latest upstream release, published in 2011-05-09 (Closes: #615965) (LP: #637623)
+ * Change Build-Dep to use 'libgcrypt11-dev | libgcrypt-dev' instead of
+ 'libgcrypt11-dev | libssl-dev' (Closes: #639350)
+ * debian/patches:
+ - Refreshed patches
+ - Remove patches that do not apply anymore, some of these
+ were incorporated upstream.
+ - Fix 09_improve_robustness, the length of the input call was
+ not being properly calculated, resulting in chntpwd not clearing
+ the password properly. This was fixed in Fedora's patches see:
+ http://pkgs.fedoraproject.org/cgit/chntpw.git/commit/?id=13bf89e14642a0da681384de5b6360178c3f8d57
+ (Closes: #705292)
+
+ -- Javier Fernández-Sanguino Peña <jfs@debian.org> Wed, 29 Jan 2014 19:47:17 +0100
+
+chntpw (0.99.6-2) unstable; urgency=low
+
+ * Add patches provided by Fedora to fix regex -x crahses, see
+ https://bugzilla.redhat.com/show_bug.cgi?id=504580
+ http://cvs.fedoraproject.org/viewvc/devel/chntpw/
+ The patches included are:
+ chntpw-080526-correct-test-for-failing-open-syscall.patch
+ chntpw-080526-detect-failure-to-write-key.patch
+ chntpw-080526-get_abs_path.patch
+ chntpw-080526-keyname-overflow.patch
+ chntpw-080526-no-value.patch
+ chntpw-080526-port-to-gcrypt-debian.patch
+ chntpw-080526-reged-no-deref-null.patch
+ chntpw-080526-robustness.patch
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sat, 13 Mar 2010 12:14:05 +0100
+
+chntpw (0.99.6-1) unstable; urgency=low
+
+ * New upstream release (Closes: #503908)
+ - Fixes bug in 64-bit architectures (Closes: #539227) (LP: #293809)
+ * Create debian/README.source to describe the usage of quilt
+ * Update FAQ contents with latest upstream version (updated 080526)
+ * Move the "improve documentation" patch to quilt, it is currently
+ disabled until we get an answer from upstream
+ * Definition of optimisation for the compiler is now done in debian/rules
+ and not in the Makefile
+ * Update homepage location and upstream's email in debian/copyright
+ * Update homepage location in the manpage
+ [ Changes by Philippe Coval <rzr@gna.org> ]package
+ * Merged Tanguy Ortolo's manpage patch that updates
+ the debian/chntpwd.8 manpage with additional information such as the
+ SAM database location (Closes: #569943)
+ * Refresh debian/patches (Closes: #538574)
+ * Add debian/watch
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sat, 13 Mar 2010 11:18:14 +0100
+
+chntpw (0.99.5-0+nmu1) unstable; urgency=low
+
+ * Non-maintainer upload with the maintainers permission.
+ * New upstream release
+ - This release is GPLed, move to main
+ - It links to OpenSSL without the exception, port to libgcrypt
+ - It contains a binary statically linked to OpenSSL, remove it
+ in the get-orig-source target to create a clean orig.tar.gz
+ - The combination of these things closes: #419821
+ * Drop faq.html, bootdisk.html and syskey.txt, we don't necessarily
+ have permission from upstream to distribute them.
+ * Move the homepage to the new source field
+ * Bump Standards-Version (no changes needed) to version 3.8.4
+ * Switch to debhelper compatibility level 5
+ * Add ${misc:Depends} to the dependencies
+ * Fix a couple of manual page lintian warnings
+ * Don't make clean when there is no Makefile
+ * Clean up the debian/rules file a bit
+ * Distribute HISTORY.txt as the upstream changelog
+
+ -- Paul Wise <pabs@debian.org> Mon, 19 May 2008 16:11:01 +0800
+
+chntpw (0.99.4-1) unstable; urgency=low
+
+ * New upstream release (Closes: #419821)
+ - new version is GPLd (chntpwd) and LGPLd (ntreg library), move to main
+ * Add a Homepage to debian/control
+ * Change the maintainer's email address at debian/control
+ * Repackage the sources removing the chntpwd.static program
+ * Update the HTML files (faq, bootdisk, etc)
+ * Added author's email address to the copyright
+ * Cleanup the debian/rules file
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sat, 25 Aug 2007 17:19:23 +0200
+
+chntpw (0.99.3-1) unstable; urgency=low
+
+ * New upstream release (Closes: #390025)
+ * Added a space in front of the Homepage in debian/control as requested by
+ the Developer's Reference
+ * Update (from the developer's website) the FAQ and assorted documentation.
+ * Use debhelper compatibility version 4
+ * Update Standards-Version (no changes needed)
+ * Remove non-ASCII chars from manpage to prevent encoding issues.
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 27 Nov 2006 01:19:02 +0100
+
+chntpw (0.99.2-4) unstable; urgency=low
+
+ * Fixed FTFBFS errors when compiling with gcc-4 (in amd64) with
+ patch from Andreas Jochens (Closes: #297271)
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 7 Apr 2005 00:24:26 +0200
+
+chntpw (0.99.2-3) unstable; urgency=low
+
+ * Compile using -O2 (Closes: #255140)
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 27 Aug 2004 18:12:16 +0200
+
+chntpw (0.99.2-2) unstable; urgency=low
+
+ * Actually add the build-depends on sharutils (Closes: #254706)
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 27 Jun 2004 12:51:34 +0200
+
+chntpw (0.99.2-1) unstable; urgency=low
+
+ * New upstream release.
+ * Updated html pages and added an 'update' target in debian/rules
+ * Added the Build-Depends dependancies to sharutils spotted by
+ Frederik Schueler (Closes: #254706)
+ * Removed WinReg.txt since it is not credited and no longer available
+ in the sources.
+ * Fixed typo in debian/rules which did not remove faq.gif and made
+ the package unbuildable (on a second round)
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 16 Jun 2004 20:17:51 +0200
+
+chntpw (0.99.1-030126-2) unstable; urgency=low
+
+ * Added faq.html and bootdisk.html taken from the website.
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 12 Oct 2003 00:13:01 +0200
+
+chntpw (0.99.1-030126-1) unstable; urgency=low
+
+ * New upstream release (Closes: #193898)
+ * Mofided chntpw.c and Makefile (OPENSSL_DES_LIBDES_COMPATIBILITY)
+ in order to be able to compile it with (sid provides 0.97b).
+ Note: This might not work for OpenSSL 1.0, refer to
+ /usr/include/openssl/des_old.h
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 25 May 2003 21:13:52 +0200
+
+chntpw (0.98.2-010107-2) unstable; urgency=low
+
+ * Fixed lintian warning
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 22 Apr 2003 01:17:29 +0200
+
+chntpw (0.98.2-010107-1) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 30 May 2002 00:27:47 +0200
+
+
--- chntpw-1.0.orig/debian/chntpw.8
+++ chntpw-1.0/debian/chntpw.8
@@ -0,0 +1,157 @@
+.\" Hey, EMACS: -*- nroff -*-
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH CHNTPW 8 "13th March 2010"
+.\" Please adjust this date whenever revising the manpage.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh disable hyphenation
+.\" .hy enable hyphenation
+.\" .ad l left justify
+.\" .ad b justify to both left and right margins
+.\" .nf disable filling
+.\" .fi enable filling
+.\" .br insert line break
+.\" .sp <n> insert n+1 empty lines
+.\" for manpage-specific macros, see man(7)
+.SH NAME
+chntpw \- utility to overwrite passwords of Windows systems
+.SH SYNOPSIS
+.B chntpw
+.RI [ options ]
+.RI < samfile >
+.RI [ systemfile ]
+.RI [ securityfile ]
+.RI [ otherreghive ]
+.RI [...]
+.br
+.SH DESCRIPTION
+This manual page documents briefly the
+.B chntpw
+command.
+This manual page was written for the Debian distribution
+because the original program does not have a manual page.
+.PP
+.B chntpw
+is a utility to view some information and reset user passwords
+in a Windows NT/2000 SAM userdatabase file used by Microsoft Windows
+Operating System (in NT3.x and later versions). This file is usually located at
+\\WINDOWS\\system32\\config\\SAM on the Windows file system. It is not necessary to
+know the previous passwords to reset them. In addition it contains a simple
+registry editor and ahex-editor with which the information contained in a
+registry file can be browsed and modified.
+
+This program should be able to handle both 32 and 64 bit Microsoft Windows and
+all versions from NT3.x up to Win8.1.
+
+
+.SH OPTIONS
+.TP
+.B \-h
+Show a summary of options.
+.TP
+.B \-u username
+Username or username ID (RID) to change. The default is 'Administrator'.
+.TP
+.B \-l
+List all users in the SAM database and exit.
+.TP
+.B \-i
+Interactive Menu system: list all users (as per \-l option) and then ask for the
+user to change.
+.TP
+.B \-e
+Registry editor with limited capabilities (but it does include write support). For a
+slightly more powerful editor see
+.B reged
+
+.TP
+.B \-d
+Use buffer debugger instead (hex editor)
+
+.B \-L
+Log all changed filenames to /tmp/changed. When this option is set the
+program automatically saves the changes in the hive files without prompting the
+user.
+
+Be careful when using the \fB-L\fR option as a root user in a multiuser system.
+The filename is fixed and this can be used by malicious users (dropping a
+symlink with the same name) to overwrite system files.
+
+.TP
+.B \-N
+Do not allocate more information, only allow the editing of existing values
+with same size.
+.TP
+.B \-E
+Do not expand the hive file (safe mode).
+.TP
+.B \-v
+Print verbose information and debug messages.
+
+
+
+
+
+.SH EXAMPLES
+.TP
+.B ntfs-3g /dev/sda1 /media/win ; cd /media/win/WINDOWS/system32/config/
+Mount the Windows file system and enters the directory
+.B \\\\WINDOWS\\\\system32\\\\config
+where Windows stores the SAM database.
+.TP
+.B chntpw SAM system
+Opens registry hives
+.B SAM
+and
+.B system
+and change administrator account. This will work even if the name
+has been changed or it has been localized (since different language
+versions of NT use different administrator names).
+.TP
+.B chntpw -l SAM
+Lists the users defined in the
+.B SAM
+registry file.
+.TP
+.B chntpw -u jabbathehutt SAM
+Prompts for password for
+.B jabbathehutt
+and changes it in the
+.B SAM
+registry file, if found (otherwise do nothing).
+
+.SH KNOWN BUGS
+
+This program uses undocumented structures in the SAM database. Use with
+caution (i.e. make sure you make a backup of the file before any changes
+are done).
+
+Password changing is only possible if the program has been specifically
+compiled with some cryptographic functions. This feature, however, only
+works properly in Windows NT and Windows 2000 systems. It might not
+work properly in Windows XP, Vista, Win7, Win8 and later systems.
+
+In the Debian distribution this feature is not enabled.
+
+.SH SEE ALSO
+.B reged, samusrgrp, sampasswd
+
+If you are looking for an automated procedure for password
+recovery, you might want to check the bootdisks (can be used in CD
+and USB drives) provided by the upstream author at
+.BR http://pogostick.net/~pnh/ntpasswd/
+
+.br
+You will find more information available on how this program works, including
+in-depth details on how the registry works, in the text files
+.IR /usr/share/doc/chntpw/README.txt
+and
+.IR /usr/share/doc/chntpw/MANUAL.txt
+
+.SH AUTHOR
+This program was written by Petter N Hagen.
+
+This manual page was written by Javier Fernandez-Sanguino <jfs@debian.org>,
+for the Debian GNU/Linux system (but may be used by others).
--- chntpw-1.0.orig/debian/compat
+++ chntpw-1.0/debian/compat
@@ -0,0 +1 @@
+5
--- chntpw-1.0.orig/debian/control
+++ chntpw-1.0/debian/control
@@ -0,0 +1,22 @@
+Source: chntpw
+Section: admin
+Priority: optional
+Maintainer: Javier Fernandez-Sanguino Peña <jfs@debian.org>
+Build-Depends: debhelper (>= 5), libgcrypt20-dev | libgcrypt-dev, sharutils, quilt, dpkg-dev ( >= 1.16.1~)
+Standards-Version: 3.9.5
+Homepage: http://pogostick.net/~pnh/ntpasswd/
+
+Package: chntpw
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: NT SAM password recovery utility
+ This little program provides a way to view information and
+ change user passwords in a Windows NT/2000 user database file.
+ Old passwords need not be known since they are overwritten.
+ In addition it also contains a simple registry editor
+ (same size data writes) and an hex-editor which enables you to
+ fiddle around with bits and bytes in the file as you wish.
+ .
+ If you want GNU/Linux bootdisks for offline password recovery
+ you can add this utility to custom image disks or use those provided
+ at the tools homepage.
--- chntpw-1.0.orig/debian/copyright
+++ chntpw-1.0/debian/copyright
@@ -0,0 +1,60 @@
+This package was debianized by
+Javier Fernandez-Sanguino Pen~a <jfs@debian.org> on
+Thu, 30 May 2002 00:27:47 +0200.
+
+It was downloaded from http://pogostick.net/~pnh/ntpasswd/
+(previously at http://home.eunet.no/~pnordahl/ntpasswd/)
+
+Author:
+
+Petter Nordahl-Hagen <pnh@pogostick.net>
+
+Copyright:
+
+ Copyright 1997-2008 Petter Nordahl-Hagen
+
+License:
+
+The Offline NT Password & Registry Editor
+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License.
+
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+The NT Registry Hive access library (ntreg.{c,h} and sam.h) holds the
+following license:
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation;
+ version 2.1 of the License.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+On Debian systems, the complete text of the GNU General
+Public License can be found in `/usr/share/common-licenses/GPL-2'. and the
+complete text of the GNU Lesser General Public License can be found in
+`/usr/share/common-licenses/LGPL-2.1'.
+
+--------------------------------------------------------------------------------
+
+This software uses some routines & links with routines
+by the following people/organizations:
+
+ * As of 2001, it now uses OpenSSL for MD4 & DES.
+ * Thanks to Denis Ducamp for patches to make it work with OpenSSL.
+ *
+ * Part of some routines, information and ideas taken from
+ * pwdump by Jeremy Allison.
+ *
+ * Some stuff (like proto.h) from NTCrack by Jonathan Wilkins.
+
+--------------------------------------------------------------------------------
--- chntpw-1.0.orig/debian/dirs
+++ chntpw-1.0/debian/dirs
@@ -0,0 +1 @@
+usr/sbin
--- chntpw-1.0.orig/debian/docs
+++ chntpw-1.0/debian/docs
@@ -0,0 +1,2 @@
+README.txt
+regedit.txt
--- chntpw-1.0.orig/debian/patches/01_port_to_gcrypt.patch
+++ chntpw-1.0/debian/patches/01_port_to_gcrypt.patch
@@ -0,0 +1,162 @@
+01_port_to_gcrypt.patch
+Paul Wise <pabs@debian.org>
+Placed in the public domain
+Port to libgcrypt to avoid GPL/OpenSSL incompatibility
+Forwarded to Petter Nordahl-Hagen <pnordahl@eunet.no>
+Updated by Philippe Coval <rzr@gna.org> for debian
+
+--- a/chntpw.c
++++ b/chntpw.c
+@@ -16,6 +16,7 @@
+ * 2010-jun: Syskey not visible in menu, but is selectable (2)
+ * 2010-apr: Interactive menu adapts to show most relevant
+ * selections based on what is loaded
++ * 2008-may: port to libgcrypt to avoid GPL/OpenSSL incompatibility [Debian]
+ * 2008-mar: Minor other tweaks
+ * 2008-mar: Interactive reg ed moved out of this file, into edlib.c
+ * 2008-mar: 64 bit compatible patch by Mike Doty, via Alon Bar-Lev
+@@ -79,8 +80,14 @@
+ */
+
+ #ifdef DOCRYPTO
++#if defined(USEOPENSSL)
+ #include <openssl/des.h>
+ #include <openssl/md4.h>
++#elif defined(USELIBGCRYPT)
++ #include <gcrypt.h>
++#else
++ #error No DES encryption and MD4 hashing library found
++#endif
+ #endif
+
+ #define uchar u_char
+@@ -155,7 +162,9 @@
+ for (i=0;i<8;i++) {
+ key[i] = (key[i]<<1);
+ }
++#if defined(USEOPENSSL)
+ DES_set_odd_parity((des_cblock *)key);
++#endif
+ }
+
+ /*
+@@ -200,6 +209,7 @@
+
+ void E1(uchar *k, uchar *d, uchar *out)
+ {
++#if defined(USEOPENSSL)
+ des_key_schedule ks;
+ des_cblock deskey;
+
+@@ -210,6 +220,15 @@
+ des_set_key((des_cblock *)deskey,ks);
+ #endif /* __FreeBsd__ */
+ des_ecb_encrypt((des_cblock *)d,(des_cblock *)out, ks, DES_ENCRYPT);
++#elif defined(USELIBGCRYPT)
++ gcry_cipher_hd_t ks;
++ uchar deskey[8];
++ str_to_key(k,deskey);
++ gcry_cipher_open(&ks, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
++ gcry_cipher_setkey(ks, deskey, 8);
++ gcry_cipher_encrypt(ks, out, 8, d, 8);
++ gcry_cipher_close(ks);
++#endif
+ }
+
+ #endif /* DOCRYPTO */
+@@ -343,9 +362,16 @@
+ int i;
+ char md4[32],lanman[32];
+ char newunipw[34], despw[20], newlanpw[16], newlandes[20];
++#ifdef USEOPENSSL
+ des_key_schedule ks1, ks2;
+ des_cblock deskey1, deskey2;
+ MD4_CTX context;
++#elif defined(USELIBGCRYPT)
++ gcry_cipher_hd_t ks1, ks2;
++ uchar deskey1[8], deskey2[8];
++ unsigned char *p;
++ gcry_md_hd_t context;
++#endif
+ unsigned char digest[16];
+ uchar x1[] = {0x4B,0x47,0x53,0x21,0x40,0x23,0x24,0x25};
+ #endif
+@@ -460,6 +486,7 @@
+ }
+
+ #ifdef DOCRYPTO
++#if defined(USEOPENSSL)
+ /* Get the two decrpt keys. */
+ sid_to_key1(rid,(unsigned char *)deskey1);
+ des_set_key((des_cblock *)deskey1,ks1);
+@@ -477,6 +504,25 @@
+ (des_cblock *)lanman, ks1, DES_DECRYPT);
+ des_ecb_encrypt((des_cblock *)(vp+lmpw_offs + 8),
+ (des_cblock *)&lanman[8], ks2, DES_DECRYPT);
++#elif defined(USELIBGCRYPT)
++ /* Start the keys */
++ gcry_cipher_open(&ks1, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
++ gcry_cipher_open(&ks2, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);
++
++ /* Get the two decrpt keys. */
++ sid_to_key1(rid,deskey1);
++ gcry_cipher_setkey(ks1, deskey1, 8);
++ sid_to_key2(rid,deskey2);
++ gcry_cipher_setkey(ks2, deskey2, 8);
++
++ /* Decrypt the NT md4 password hash as two 8 byte blocks. */
++ gcry_cipher_decrypt(ks1, md4, 8, vp+ntpw_offs, 8);
++ gcry_cipher_decrypt(ks2, &md4[8], 8, vp+ntpw_offs+8, 8);
++
++ /* Decrypt the lanman password hash as two 8 byte blocks. */
++ gcry_cipher_decrypt(ks1, lanman, 8, vp+lmpw_offs, 8);
++ gcry_cipher_decrypt(ks2, &lanman[8], 8, vp+lmpw_offs+8, 8);
++#endif
+
+ if (gverbose) {
+ hexprnt("MD4 hash : ",(unsigned char *)md4,16);
+@@ -544,9 +590,17 @@
+
+ /* printf("Ucase Lanman: %s\n",newlanpw); */
+
++#if defined(USEOPENSSL)
+ MD4Init (&context);
+ MD4Update (&context, newunipw, pl<<1);
+ MD4Final (digest, &context);
++#elif defined(USELIBGCRYPT)
++ gcry_md_open(&context, GCRY_MD_MD4, 0);
++ gcry_md_write(context, newunipw, pl<<1);
++ p = gcry_md_read(context, GCRY_MD_MD4);
++ if(p) memcpy(digest, p, gcry_md_get_algo_dlen(GCRY_MD_MD4));
++ gcry_md_close(context);
++#endif
+
+ if (gverbose) hexprnt("\nNEW MD4 hash : ",digest,16);
+
+@@ -555,6 +609,7 @@
+
+ if (gverbose) hexprnt("NEW LANMAN hash : ",(unsigned char *)lanman,16);
+
++#if defined(USEOPENSSL)
+ /* Encrypt the NT md4 password hash as two 8 byte blocks. */
+ des_ecb_encrypt((des_cblock *)digest,
+ (des_cblock *)despw, ks1, DES_ENCRYPT);
+@@ -565,6 +620,18 @@
+ (des_cblock *)newlandes, ks1, DES_ENCRYPT);
+ des_ecb_encrypt((des_cblock *)(lanman+8),
+ (des_cblock *)&newlandes[8], ks2, DES_ENCRYPT);
++#elif defined(USELIBGCRYPT)
++ /* Encrypt the NT md4 password hash as two 8 byte blocks. */
++ gcry_cipher_encrypt(ks1, despw, 8, digest, 8);
++ gcry_cipher_encrypt(ks2, &despw[8], 8, digest+8, 8);
++
++ gcry_cipher_encrypt(ks1, newlandes, 8, lanman, 8);
++ gcry_cipher_encrypt(ks2, &newlandes[8], 8, lanman+8, 8);
++
++ /* Close keys, not needed after this */
++ gcry_cipher_close(ks1);
++ gcry_cipher_close(ks2);
++#endif
+
+ if (gverbose) {
+ hexprnt("NEW DES crypt : ",(unsigned char *)despw,16);
--- chntpw-1.0.orig/debian/patches/02_upstream_documents
+++ chntpw-1.0/debian/patches/02_upstream_documents
@@ -0,0 +1,1153 @@
+Add upstream documentation
+--- /dev/null
++++ b/bootdisk.html
+@@ -0,0 +1,548 @@
++<HTML>
++<HEAD>
++<TITLE>Offline NT pw & reg-editor, bootdisk</TITLE>
++</HEAD>
++<BODY link="#00687F" vlink="#00687F" alink="#00687F" bgcolor="#C0C0C0">
++<H2>Offline NT Password & Registry Editor, Bootdisk / CD</H2>
++<hr>
++<p>
++I've put together a single floppy or CD which contains
++things needed to edit the passwords on most systems.
++<br>
++<p>
++The bootdisk should support most of the more usual disk controllers.
++You most likely have to select "d" to auto-load the drivers, it should
++then detect PCI based hardware. For ISA hardware, you have to load manually.
++Both PS/2 and USB keyboard supported.
++<p>
++Tested on: NT 3.51, NT 4 (all versions and SPs), Windows 2000 (all
++versions & SPs), Windows XP (all versions, also SP2),
++Windows Server 2003 (all SPs), Vindows Vista 32 and 64 bit.
++<p>
++<STRONG>DANGER WILL ROBINSON!<br>
++If used on users that have EFS encrypted files, and the system is XP
++or Vista, all encrypted files for that user will be UNREADABLE!
++and cannot be recovered unless you remember the old
++password again</strong><small> If you don't know if you have encrypted files
++or not, you most likely don't have them. (except maybe on corporate systems)
++</small>
++<p>
++<b>Please see the <A HREF="faq.html">Frequently Asked Questions</A>
++and the version history below before emailing questions to me. Thanks!</b>
++<p>
++Also take a look at <A HREF="http://www.cgsecurity.org/" TARGET="_top">Grenier's DOS port</A>
++<p>
++<A HREF="http://www.jms1.net/nt-unlock.html" TARGET="_top">
++How to fix it</a> if you lost your admin password for your
++ActiveDirectory. Thanks to John Simpson.
++<p>
++Other ways to recover lost password etc at
++<a href="http://www.petri.co.il/forgot_administrator_password.htm" target="_top">MCSE World</a>
++<p>
++<hr>
++<H2>How to use?</H2>
++<small>Yes, long text. Please read it all and the <A
++HREF="faq.html">FAQ</A> before mailing me questions</small>
++<p>
++If you have the CD, all drivers are included. If you use the floppy,
++and you need the SCSI-drivers set, either prepare a floppy with
++the scsi-drivers .zip file unzipped (in \scsi), or put a selection
++of the drivers you need in the \scsi folder on the main floppy,
++there should be enough space for maybe a couple of drivers. In the latter
++case you don't need to carry around and swap floppies.
++<p>
++<H3>Overview</H3>
++<OL>
++ <LI>Disk select, tell which disk contains the Windows system.
++ Optionally you will have to load drivers.
++ <LI>PATH select, where on the disk is the system?
++ <LI>File select, which parts of registry to load, based on what you
++ want to do.
++ <LI>Password reset or other registry edit.
++ <LI>Write back to disk (you will be asked)
++</OL>
++<B>DON'T PANIC!! - Most questions can usually be answered with the
++default answer which is given in [brackets]. Just press enter/return
++to accept the default answer.</b>
++<p>
++
++<H3>1. DISK SELECT</H3>
++Which disk contains your Windows system?
++<p>
++<pre>
++=========================================================
++. Step ONE: Select disk where the Windows installation is
++=========================================================
++Disks:
++Disk /dev/sda: 2147 MB, 2147483648 bytes
++NT partitions found:
++ 1 : /dev/sda1 2043MB Boot
++
++Please select partition by number or
++a = show all partitions, d = automatically load new disk drivers
++m = manually load new disk drivers
++l = relist NTFS/FAT partitions, q = quit
++Select: [1]
++</pre>
++<UL>
++<li>For most machines only one disk and parition is listed, if so,
++ just go with selection 1 (default)
++<li>Otherwise select partition
++<li>Note: When booting from USB drive, the USB drive itself may often
++show up as number 1 instead of the machines buildt in drives.
++<li>If no disks or not all disks are shown, you may need to load disk
++drivers, for SCSI-controllers (or some IDE-raid controllers). Select
++<b>d</b> to go to the driver select menu for auto-probe (based what's
++found on the PCI bus)
++<li>If auto-probe won't work, you may have to load something manually,
++select <b>m</b> to do that (like the old system)
++</Ul>
++
++<H3>2. HOW TO MANUALLY LOAD DRIVERS</H3>
++Try auto-probe (d) first, only do this if you have to manually
++try to load some or all drivers.
++<pre>
++Select: [1] m
++==== DISK DRIVER / SCSI DRIVER select ====
++You may now insert or swap to the SCSI-drivers floppy
++Press enter when done:
++Found 1 floppy drives
++Found only one floppy, using it..
++Selected floppy #0
++Mounting it..
++Floppy selection done..
++SCSI-drivers found on floppy:
++
++1 BusLogic.o.gz
++2 aic7xxx.o.gz
++3 sym53c8xx.o.gz
++[ ... ]
++
++SCSI driver selection:
++ a - autoprobe for the driver (try all)
++ s - swap driver floppy
++ q - do not load more drivers
++ or enter the number of the desired driver
++
++SCSI driver select: [q]
++</pre>
++<UL>
++<li>Select <b>a</b> for auto-probe, it will try to load all drivers,
++and stop when one loads properly. Some drivers may need more driver
++modules, so you may have to redo the auto-probe several times.
++<li>Or if you know what you want, just enter it's number or name.
++</ul>
++
++<pre>
++SCSI driver select: [q] a
++[ BusLogic.o.gz ]
++Using /tmp/scsi/BusLogic.o
++PCI: Found IRQ 11 for device 00:10.0
++
++[.... lots of driver / card info ...]
++
++scsi0: *** BusLogic BT-958 Initialized Successfully ***
++scsi0 : BusLogic BT-958
++ Vendor: FooInc Model: MegaDiskFoo Rev: 1.0
++ Type: Direct-Access ANSI SCSI revision: 02
++
++[ ... ]
++
++Attached scsi disk sda at scsi0, channel 0, id 0, lun 0
++SCSI device sda: 8388608 512-byte hdwr sectors (4295 MB)
++Partition check:
++ /dev/scsi/host0/bus0/target0/lun0: p1
++Driver BusLogic.o.gz loaded and initialized.
++
++</pre>
++<ul>
++<li>You may then quit the selection with <b>q</b> or try for more drivers.
++<li>When you quit, you will get back to the disk select (see above)
++and hopefully see more disks.
++</ul>
++<p>
++
++<H3>3. PATH AND FILE SELECT</H3>
++Where's the Windows system located?
++<p>
++On the selected partition/disk, the main files for windows can
++theoretically be anywhere. And we must find the registry files
++to be able to edit them. There are however some usual places:
++<ul>
++<li>winnt35/system32/config - Windows NT 3.51
++<li>winnt/system32/config - Windows NT 4 and Windows 2000
++<li>windows/system32/config - Windows XP/2003 and often Windows 2000
++upgraded from Windows 98 or earlier.
++</ul>
++These usual paths will be checked, and if found, they will
++be suggested as the default.
++<p>
++<pre>
++Selected 1
++Mounting on /dev/ide/host0/bus0/target0/lun0/part1
++NTFS volume version 3.1.
++Filesystem is: NTFS
++
++=========================================================
++. Step TWO: Select PATH and registry files
++=========================================================
++What is the path to the registry directory? (relative to windows disk)
++[windows/system32/config] :
++-r-------- 1 0 0 262144 Jan 12 18:01 SAM
++-r-------- 1 0 0 262144 Jan 12 18:01 SECURITY
++-r-------- 1 0 0 262144 Jan 12 18:01 default
++-r-------- 1 0 0 8912896 Jan 12 18:01 software
++-r-------- 1 0 0 2359296 Jan 12 18:01 system
++dr-x------ 1 0 0 4096 Sep 8 11:37 systemprofile
++-r-------- 1 0 0 262144 Sep 8 11:53 userdiff
++
++Select which part of registry to load, use predefined choices
++or list the files with space as delimiter
++1 - Password reset [sam system security]
++2 - RecoveryConsole parameters [software]
++q - quit - return to previous
++[1] :
++</pre>
++<ul>
++<li>If the directory is correct, something like the above will be
++listed (it may vary a bit..)
++<li>You may then choose some canned answers based on what you want to
++do.
++<li>Password reset is the default, and most used.
++<li>Option 2, RecoveryConsole is for setting 2 parameters that the
++Windows 2000 and newer RecoveryConsole (boot from CD, select Recovery
++and console mode) uses. One of the parameters allows RecoveryConsole
++to be run without it prompting for the admin password. If you do not
++know what RecoveryConsole is, don't bother. Or go search the net..
++<li>Or if you want to do manual edit of registry, select your hives to
++load. Enter all names on one line with space between.
++</ul>
++<p>
++We select 1 to edit passwords..
++<p>
++<H3>4. PASSWORD RESET</H3>
++Everything is set and ready, let's roll!
++<p>
++
++<pre>
++=========================================================
++. Step THREE: Password or registry edit
++=========================================================
++chntpw version 0.99.2 040105, (c) Petter N Hagen
++
++[.. some file info here ..]
++
++* SAM policy limits:
++Failed logins before lockout is: 0
++Minimum password length : 0
++Password history count : 0
++
++<>========<> chntpw Main Interactive Menu <>========<>
++
++Loaded hives: <sam> <system> <security>
++
++ 1 - Edit user data and passwords
++ 2 - Syskey status & change
++ 3 - RecoveryConsole settings
++ - - -
++ 9 - Registry editor, now with full write support!
++ q - Quit (you will be asked if there is something to save)
++
++
++What to do? [1] -> 1
++
++===== chntpw Edit User Info & Passwords ====
++
++RID: 01f4, Username: <Administrator>
++RID: 01f5, Username: <Guest>, *disabled or locked*
++RID: 03e8, Username: <HelpAssistant>, *disabled or locked*
++RID: 03eb, Username: <pnh>, *disabled or locked*
++RID: 03ea, Username: <SUPPORT_388945a0>, *disabled or locked*
++
++Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
++or simply enter the username to change: [Administrator]
++</pre>
++<p>
++Here you can enter the username you want to reset the password for.
++NOTE: It is case-sensitive, write it exact as listed (without the <
++and > of course)
++<p>
++Or if the name uses some characters that cannot be displayed, enter
++it's ID number (RID), like this: 0x1f4 would select administrator.
++<p>
++We select the default, which is administrator.
++<p>
++<pre>
++
++RID : 0500 [01f4]
++Username: Administrator
++fullname:
++comment : Built-in account for administering the computer/domain
++homedir :
++
++Account bits: 0x0210 =
++[ ] Disabled | [ ] Homedir req. | [ ] Passwd not req. |
++[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
++[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
++[X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) |
++[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
++
++Failed login count: 0, while max tries is: 0
++Total login count: 3
++
++* = blank the password (This may work better than setting a new password!)
++Enter nothing to leave it unchanged
++Please enter new password: *
++</pre>
++<p>
++Some information is displayed. Also, if the account is locked, you
++will be asked if you wish to unlock it (not shown here)
++<p>
++<b>We go for the blank password option (*) WHICH IS HIGLY RECOMMENDED
++over setting a new one.</b>
++<p>
++<pre>
++Please enter new password: *
++Blanking password!
++
++Do you really wish to change it? (y/n) [n] y
++Changed!
++
++
++Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)
++or simply enter the username to change: [Administrator] !
++</pre>
++<p>
++! brings us back to the main menu here.
++<p>
++<pre>
++
++<>========<> chntpw Main Interactive Menu <>========<>
++
++Loaded hives: <sam> <system> <security>
++
++ 1 - Edit user data and passwords
++ 2 - Syskey status & change
++ 3 - RecoveryConsole settings
++ - - -
++ 9 - Registry editor, now with full write support!
++ q - Quit (you will be asked if there is something to save)
++
++
++What to do? [1] -> q
++</pre>
++<p>
++<H3>5. WRITING OUT THE CHANGES</H3>
++Everything has been done, time to commit the changes.
++<p>
++<pre>
++
++Hives that have changed:
++ # Name
++ 0 <sam> - OK
++
++=========================================================
++. Step FOUR: Writing back changes
++=========================================================
++About to write file(s) back! Do it? [n] : y
++</pre>
++<p>
++<b>THIS IS YOUR LAST CHANCE! If you answer y here there will be a
++write to disk!</b>
++<p>
++<pre>
++Writing sam
++
++***** EDIT COMPLETE *****
++
++You can try again if it somehow failed, or you selected wrong
++New run? [n] : n
++
++</pre>
++<p>
++That was all.
++<p>
++Please answer n here and then reboot, CTRL-ALT-DEL. Remember to remove
++the floppy or CD.
++<p>
++<p>
++
++<H2>What can go wrong?</H2>
++Lots of things can go wrong, but most faults won't damage your system.
++<P>
++The most critical moment is when writing back the registry files to
++NTFS.
++<p>
++The most common problem is that the computer was not cleanly shut
++down, and my disk won't write correctly back. (it says: read only
++filesystem). If so, boot into Windows Safe Mode (F8 before windows
++logo appears) and shut down from the login window.
++<p>
++Also, see the <A HREF="faq.html">FAQ</A> for help with other common problems.
++<p>
++For linux-knowledged people, you may do things manually if the scripts fail,
++you have shells on tty1-tty4 (ALT F1 - ALT F4).
++<hr>
++<p>
++<H2>Bootdisk history</H2>
++<p>
++<strong>2007-04-09</strong>
++<ul>
++<li>Now with Vista support!
++<li>Newer drivers, better probe/loader. Should be able to auto-load
++all relevant drivers for PCI based disk hardware.
++<li>Better manual selection of drivers (if you need to load ISA
++drivers for example)
++<li>CD only release at this time. If anyone need me to continue floppy
++releases, please mail me.
++<li>USB drive can be made out of the files on the CD, see readme.txt
++on the CD.
++</ul>
++<p>
++<strong>2005-03-03</strong>
++<ul>
++<li>New CD release (sorry, when yet again rewiring the driver stuff, I did
++ not have time to make floppy stuff work)
++<li>Contains disk driver updates (SATA maybe more working now)?
++<li>New driver auto-probe and load. Better now?
++<li>NTFS updates, writes should be more safe, I hope, working more often.
++<li>No changes to the password routines themselves.
++</ul>
++<p>
++<strong>2005-03-03</strong>
++<ul>
++<li>Driver update only, with a few fixes to the autoprobe, too.
++<li>Some popular drivers like aacraid, megaraid and some SATA-drivers
++ were problematic or missing, now hopefully here.
++<li>Note that most SATA-drivers also need the libata.ko.gz file,
++autprobe loads it if needed.
++<li>The driver archive are too big to include all drivers on a floppy
++ so remove some you're sure you don't need. Remember to always
++ keep pcitable.gz and moddep.gz if you want autoprobe to work.
++<li>The CD of course includes all drivers.
++<li>The manual try-all-drivers load is buggy, and won't try to load all
++drivers, it will stop after each that has not been tried before. But
++specifying a single driver directly still works.
++<li>No changes to password edit routines
++</ul>
++<p>
++(earlier history removed)<br>
++<STRONG>9705xx</STRONG>
++<UL>
++<LI>First public release.
++</UL>
++<HR>
++<H2>Download</H2>
++<p>
++<small>Note: Some links may be offsite.</small>
++<p>
++<UL>
++<LI><A HREF="cd070409.zip">cd070409.zip</A> (~3MB) - Bootable CD image.
++<small>(md5sum: ffb92d9ffafaa6ed06e9b98fc14f707d )</small>
++<p>
++Bootable USB drive may be made from the files on the CD. See readme.txt on the CD.
++<p>
++<small>Last floppy release (it is old). WARNING: WILL CORRUPT WINDOWS VISTA!
++<LI><A HREF="bd050303.zip">bd050303.zip</A> (~1.1MB) - Bootdisk image,
++date 050303 <small>(md5sum: 4c85bc15286e69f9fd347e07711636eb)</small>
++<LI><A HREF="sc050303.zip">sc050303.zip</A> (~1.4MB) - SCSI-drivers
++(050303) (only use newest drivers with newest bootdisk, this one works
++with bd050303) <small>(md5sum: 745a1889b6580bc8f1bfb565e73666d3)</small>
++</UL>
++</small>
++<p>
++Previous versions may sometimes be found <A HREF="http://ntpass.blaa.net/">here</a> (also my site)
++<p>
++<p>
++<B>NOTE THAT THE BOOTDISK CONTAINS CRYPTHOGRAPHIC CODE, and that it may be
++ILLEGAL to RE-EXPORT it from your country.</B>
++<p>
++
++<H3>How to make the CD</H3>
++<p>
++Unzipped, there should be an ISO image file (cd??????.iso). This can
++be burned to CD using whatever burner program you like, most support
++writing ISO-images. Often double-clikcing on it in explorer will pop
++up the program offering to write the image to CD. Once written the CD
++should only contain some files like "initrd.gz", "vmlinuz" and some
++others. If it contains the image file "cd??????.iso" you didn't burn
++the image but instead added the file to a CD. I cannot help with this,
++please consult you CD-software manual or friends.
++<p>
++The CD will boot with most BIOSes, see your manual on how to set it
++to boot from CD. Some will auto-boot when a CD is in the drive,
++some others will show a boot-menu when you press ESC or F10/F12 when
++it probes the disks, some may need to have the boot order adjusted
++in setup.
++<p>
++
++<H3>How to make the floppy</H3>
++<p>
++The unzipped image (bdxxxxxx.bin) is a block-to-block representation
++of the actual floppy, and the file cannot simply be copied to
++the floppy. Special tools must be used to write it block by block.
++<p>
++<ul>
++<li>Unzip the bd zip file to a folder of your choice.
++<li>There should be 3 files: bdxxxxxx.bin (the floppy image) and
++ rawrite2.exe (the image writing program), and <b>install.bat</b>
++ which uses rawrite2 to write the .bin file to floppy.
++<li>Insert a floppy in drive A: <b>NOTE: It will lose all previous data!</b>
++<li>Run (doubleclick) <b>install.bat</b> and follow the on-screen
++instructions.
++<li>Thanks to Christopher Geoghegan for the install.bat file (some of
++it ripped from memtest86 however)
++</ul>
++<p>Or from unix:<p>
++<CODE>dd if=bd??????.bin of=/dev/fd0 bs=18k</CODE>
++<p>
++<H3>How to make and use the drivers floppy</H3>
++<p>
++<b>NOTE: Not all files will fit on a floppy, so leave out what you
++think you do not need!</b>
++<ul>
++<li>Format (or delete all contents) on a floppy
++<li>Unzip the drivers you think you may need to it
++<li>Files with names ending in <code>.ko.gz</code> should end up in a
++directory called <code>scsi</code>
++<li>Be sure to also include the files <code>moddep.gz</code> and
++<code>pcitable.gz</code>, they are the dependency list, and pci
++mappings.
++<li>To use, at the disk select menu, select 'd' to auto-load, and you
++will be asked to swap to the drivers floppy when needed.
++</ul>
++<p>
++<HR>
++<p>
++<H1>Bootdisk credits and license</H1>
++<p>
++Most of the stuff on the bootdisk is either GPL, BSD or similar
++license, you can basically do whatever you want with all of it,
++the sourcecode and licenses can be found at their sites, I did not change/patch
++anything.
++<p>
++The "chntpw" program (password changer, registry editor) is licensed
++under GNU GPL v2. <A HREF="GPL.txt">COPYING.txt</A>
++<p>
++Stuff I used, big thanks:
++<UL>
++<li><a href="http://kernel.org" target="_top">Linux kernel</a>
++<li><a href="http://linux-ntfs.sourceforge.net/index.html"
++target="_top">NTFS for linux project</a>
++<li><a href="http://www.busybox.net" target="_top">BusyBox</a> - Lots of commands
++in one binary :)
++<li><a href="http://www.uclibc.org" target="_top">uClibc</a> - A
++reduced size / embedded libc.
++<li>Some bootdisk ideas and layout from <a
++href="http://www.zelow.no/floppyfw/" target="_top">floppyfw</a>
++thanks to ThomasEZ for that (and his great firewall..)
++</UL>
++<p>
++<HR>
++<p>
++<img src="/cgi-bin/wc?u=pnordahl_2;w=9">
++<p>
++<a href="editor.html"><img border="0" src="images/back.gif" width="98" height="20"></a><hr>
++<ADDRESS>070410, pnordahl@eunet.no</ADDRESS>
++</BODY>
++</HTML>
+--- /dev/null
++++ b/faq.gif.uu
+@@ -0,0 +1,125 @@
++begin 644 faq.gif
++M1TE&.#EAS`%!`-4``)B8F*#=ZGIZ>PG-ZD;!VJBHJ`O9]*O@[`6\W"FZUEC%
++MVQFWU0O5\0G+YV#(WC6]UPNTU5V6H`?"X0K0[8S6Y05@<!NBOP6,I'?.X145
++M%5145)79Z(&OMRRRST.ZU`2UU5>SPB5YB`:_WH#3Y#4U-<#`P`?%XVFSP`>A
++MO`S<]P(O-SV,FC>VSP5^D1FNRP>OS$JVR6)G:6O,X"2RS4&AL23`V12TU'S0
++MX@1#3AV'G`6YV0FVT`_`W`2WUPC(Y@```"'Y!```````+`````#,`4$```;_
++MP))P2!3&2)FD<LEL.I_0J'1*K5JOV*QVR^UZO^"P>!PFQ8KH-+&@R5PL\+A\
++M3J_;[_B\?L_O^_^`@8*#A(6&AXB)BH@7&1H%:I%"`!H5%BXSF1V;G)V>GZ"A
++MHJ.DI::GJ*FJJZRMKJ^PL;*SM+6MF3,N%A4:`))I`"0AF!TLQA[(R<K+S,W.
++MS]#1TM/4U=;7V-G:V]S=WM_@X>+:QBP=N2$DOK]#`B0Y,\4>!`0*]O?X^?K[
++M_/W^_P`#"AQ(L*#!@P@3*ES(L*'#AQ`5TO-@;D8.$@+8E0B60UX]!S)D8!A)
++MLJ3)DRA3JES)LJ7+ES!CRIQ)LZ;-FSASZMS)LV?-_Y`.%!"@V.'BND@<BWT4
++M.6($A:=0HTJ=2K6JU:M8LVK=RK6KUZ]@PXH=2[:LV;-HTX9MBD%&4`+FC")]
++MIU0!4PH;-@38R[>OW[^``PL>3+BPX<.($RM>S+BQX\>0(TN>3+ERX[P41K05
++M&E>=&@TAZLJX@9?O@=.H4ZM>S;JUZ]>P8\N>3;NV[=NX<^O>S;NW[]_`@^?F
++MNX'"#1F<.X30D"9&A1DL/-C%4#J`\.O8LVO?SKV[]^_@P]?>6WPSQ1D5SA`1
++MD,%"!^D.,#C5:UV\_?OX\^O?S[]_;_*981"4!QU8D,%1!;P#G72CX47?7OY%
++M*.&$%%9H885]87:<`N==!/])"<ZY\!X!()&6EV4HIJCBBBRVZ.*+,,8HXV7%
++M'>?`4!VXD-Y&[<4#WVA..9C7D$06:>212":IY)),-NGDDU!&*>645%9IY958
++M9JGEEEQN^=0(-G)XCH$`A+B@`B4VI=::;+;IYIMPQBGGG'36.59389ZGXQ$7
++M8!(=FB+=T-2@A!9JZ*&()JKHHHPVZNBCD$8JZ:245FKII9AFJNFFG'9*Z`UM
++M#<A"+A<@@0(Q\P#JTZJLMNKJJ[#&*NNLM-:ZDUM"$9@+"DF<.D,"#]0#:$C$
++M%FOLL<@FJ^RRS#;K[+/01BOMM-16:^VUV&:K[;;<=NNML4$)]4`"N_:*";#T
++MV./_P+KLMNONN_#&*^^\]-9K[[WXYJOOOOSVZ^^_``<L\,`$%VRPN_;0,VZY
++M&:!@@PL)H"ML1!17;/'%&&>L\<8<=^RQ0PI'[((-O#9L@PV_/A`L/2RW[/++
++M,,<L\\PTUVSSS3CGK//.//?L\\]`!RWTT$07;;3,*I-[<LDH0&##`A&KO/+1
++M5%=M]=589ZWUUEQW[77-4D>\@`T0,.WTTU%+K?;:;+?M]MMPQRWWW'37;??=
++M>.>M]]Y\]^WWWX`'+OC@<8M]<MF]0N#T`E!'[/CCD$<N^>245V[YY9AGKOGF
++MG'?N^>>@AR[ZZ*27;OKIJ%O..-F(-_S"V8PW#CH,)]1N__OM)T20^NZ\<P["
++M"2#0`'GM$71PN@>X)\]"[\PG0/L)PEN>/.X@-"\Z"\1;K[WJJY/]@MF*GQS[
++M^.27;_X)!0"@_OKL_V#^^_#'+__\]-=OO_P<%.`<^>F_<[_\("A`^MA'0`"L
++MX'\(3"#]T`<`%<2/!0(L(`%C,`,%6M!^,$B?^R[(P0[>[W"*8]KKPG>R$IKP
++MA"@\(0@`((`8:."%,'SA#U)(PQK:\(8XS*$.=WA##@`@`Q4X80$$\(,+\-"&
++M"TB?"V,(PQ@(@#T6.*(4IXC#%6I`!3;,GP"8V,0GDB"(5`RC#B%(1#&:\8Q2
++M5!P$OM>K#WQ`C7",HQSGJ,85QO_@!RK(HQ[U2,<^^O&/@`RD(`=)2,7Y$(AQ
++M'&(1"]E',N)QCWK$@1,1R<A*6I*.5E2!'].7`4CNT8E7O*0H`^G(49KRE(5T
++M(]/<R,I39A*5L(RE+/OHPQB$()%$O``J.Z#(/D:`/168I3#C&,!0]E&1NIPC
++M#2BAR6&.DI?N<*8T*\E*5;:QFMC,IC:UF<EMNC%_`@RG.--'@VIF<)SC!$`Y
++M6PE.=(H3`"%P8P=*P`9OY@^>K)Q!.]U9@`B\@)7TY&<X_?E-%@I`??'\`#(_
++MP`)ZQF";,Z"G!OZI36C^P)X_K``K(2A0?'Y@GO7$)@3N*8`04!1]`DV?!:K)
++MT8Y>T9O_"LWE-KOY@0!Z5)OT%,`%6'G.CJZ3E0'L:$*A^<20VC2A-4VI2@&J
++MU'Y2U(U!Y>=-84K5;*ZRJEBM)DVWZ<,G>O6K3]1`"]P(08."]:O.825)S_I5
++M(,I3D1AUZP>2.$2V?A4'K*RK79\8`[Q^H*M/E.M"/\#"#(PUF^C[@5\K"E>N
++M9E2>.;7K2S_:V(T*,`,_T*@;&;C7L.[THY'=ZV2W.=ALTG2KV1QL63O;0LTF
++MU:QGE2M1GWC1FC(3JNECK08^J]>]]A6HN;6K7+.:5:;UX+@]^`!RE\O<YCK7
++MCBI`KG*3BUP?:N`'V,WN#S(`2AP<-W_7U:YV-4#;X\Z`D^+-_ZX9@'E<BSHW
++MN8>LP'$SR)[T8I>\N3SN$$E@WQ_@]P??I41VY=L#9!X7!"WT+G61J\$+O+<'
++M[GUO?+_+AOYB-[H05N2";8I'%"RW?_WE[A85#-X0@Q+#TV6N@8^;XAYD\L#,
++M?/"*2]S?_S(X&!;.;'N'B%GLPOB*^L6Q?46L`07OM\;E#3)_+4S@!SMYN2TV
++MK@YZH(,J'W?*4V8NEJE<Y2Y?>84MI`$(QDSF%028!#BX@)K7?($5;#&Z.O`A
++MFMG,9C<3D<H6I3.;?PG$'1.QRU:N;D9_K`(]J]D"M+U`E159`4/;^0=3EG.:
++M+^#A`N>RRC9@X0]>P%P(MF'+7*9RAO^WN`(RF]JF0*RRI`V]YBI;=,HCU9^.
++MKZQ?(C;:T6\^\Z3U[&8@6SG+6#8PEK/L8F96.9/`OO*49QR,7=/YT5QF-*LI
++M/>4\J_G8,=:!M'$-9$MG%M=_7K2MI^WA0`-:U,1&+JB]/.62O0#0\(ZWO.<-
++MYH,6$-)QSJB\D9WO5,N[`YIVM2+GW>\*"#S<\HXOMJ](<&2*NXC_#GC!X>WP
++M*O^2!"V`=V(-3O#92E!]P%2UO@E^<$B7=;N*CG?%X\UOA>_;V`V_],L9K@-^
++MR[OB+H\WP!&^\HX/'-#\[CG082YT5TM<VS(GN=*7#N\7).$%"-!!U*L\=018
++MG>I1MWK6IR[_]2Z#>8E,_('5XWMU0-.`ORJ0NIP-?G6N.S+JKZ9ZE\>>4;@/
++MG.MS5S@"H%OULB,`F5$'_-9++G(@9OWA%]`ZP&.@@K8GD8@HT'K7JPY-L#/1
++MB<",^MJQ?GBL0U,#-%`D#MX-[\"S)_&`GGK+1RYWJ_.[\U,'?.NECNR]&QOV
++MB%=[,-B.=QV\W?1NF+S<`6W1K=N>YBOW>]`O7?627YW'J.=\WV%O?*E/?_B3
++M=WH&H*[U[GO_^^#OOAT?Z4FZ&_[[+E!SY!%0RU*?>LSH(Z+5BQ]^LB.`_N"W
++M_]?%_/X`YM+J@N=]]&=_6A>`"*!IZX<`&90!.!!^BJ=(GI1'DI1Y_^Q7)N[W
++M?C!@`_.G5_S5`@[X=RUT@:=F78U7@>?W?9GT@08H?LSD>BT8?H+7?OWW.XI4
++M@"$X@S```1LH?RQX10#X?^"7@B!81."'?T,4`R)H:BR@@Q_8A.&G?=SGA%*H
++M=4)8?W7GA(#U<>J3!%:7`#5HA>?W>_EWA?7V<>ES7>NW@EWXA03X@T1(A>Y0
++M`5KG0S_@@1\HAM_'9W*(`"=@4%HH`!:``%X85BH0A3#H57^H6.:WARCX@H?X
++MAHWH@\=7@N`7@WZHA5QH=6:EA3&P`X+XA53X@FKH@I(XBH,H=IJ(B!_7B5/8
++MBE`H`K`8B[(XB[18B["82;8(B_&5B[+85?]<%$.8U0*P>(JYN(LB0(RV:(Q?
++M]XLOQ%\5$(O(5(O(:(S0F$NRN``LI`*PF$1WQ(O#J$C%F%&PZ`*6QT1\I8V#
++MV%H[X(U'R(PR]`,HH(OB6(NXF(O12(_,=(OY:(OWZ(ON&(RQ2`/NB'E?=(S@
++M*(OU>(^TF)#62(O(*`("R8P$^8S>6)&S^(H6F9'Z>$6\2(T=&0R=%($J@`/"
++M^(U$%(Y`9)(_@)(4.7XBF4<4"8L**8O3.(_56$2SR`&0)P(9E%D5^9"T2(TH
++M@`,B^5\&N468UP&\R&,O.9+Q*(\IB8\<:8\-N9#[6(^UV(\@^9(D.8L70)01
++M>&)'N9((N8\S69;_4WF6*BF+7RF28JF1%@F%$C"7=%F7$B`"=8F7=KF7$I!)
++M>:F7=QE??+F7@CF8=GF*>7F7<UF8B+F7>%F8?FF8=HE,?/D`BA28&369N627
++M+$`)%2`!&O0"@PF8Q'B7>HF7(E"8DBD!,Z!I$F"9MH9?-,`#C@F:FTF7@*F8
++MBJF:NMF7S"29E,F7N.B;5V28P<F;O5F;N5F7RU2<C4F7?BD"E)F;>!F=P7F8
++ME[F:<]F<*C"7RYF8N+F:<JF=Y%F7D3F8R(F>NU>>STF8F?F:V<F7D/F;Y7F=
++M=0F;/["8ZUF7]CF7+$0"-9`@W:F=^&F8Z5F9EUF@I>)5"\"7_6F@^[F7_^?I
++MH+<IH?0YH9I91/KY1>6IG7Y9H.9)GP\ZEY$YHB#JH?39H=H)A28PERW:HA)@
++M`B]*ES(*HRY*HS%*G"I@HS):E_$UHS:*H[44`L#B-AW``RT*FR3@`FXCF":@
++MI$S:-DX*9AHP`V^3``M0H\C$HS&*GRTZI&+3HL'YHB:`8#&0/W4(HSU:HSD*
++MGT04HS7:HQ+@I#4`-_25GR#Z`A,H`#1`IC(Z1!JP`D7:-C,`HT/:`6W3AU>T
++MIFPJIJ0VJ&JCJ`-*I5;:-ELZIV42&F]SI#E:IV\CJ4^Z7TQ:J#H:HX`JJ(G*
++M3']ZFXWJI2WJJ6XCJ3<ZJRXJISDJIS,:HRP:I_^\VJN^ZJN9]*LR^J/"6J-]
++M^$0`(%`Q@`(R6@-F)5#`U*S/RD^V)J,PX(?0&@):FDN^ZJK'>E`EM:I%U*L\
++M8%!WU`/%6J.NZJO$&E52=5VA2D1QR@M/%`%96J.;*%`D8*S8ZDZJ*JQZE:S^
++MVDG6VJ_N=$?,:@+?*K`'F[`FL$\#BP,FX*Q>E2`R&JPF$+!21;`9RZV]NJX0
++MBTX_)+'I6K*\NJL^8`(IJ[(RZ@,KVZLOVZL8&[,U^J,I2[-Q.@.LE6@K&P&8
++MUUE`U+,_RU9W!&DRR@,MQ%I`M*U%A+.NJK->M;0=.ZXLR[(Z2402N[):RZL^
++ML*Z]VJZP=5;750'Q^@/_O(H"Z\6G-4H#0VM79BNC4*M;.]JR-.NSK-6!1YNT
++MHH5'-1JWG=6TPQJV8,5?%R"C=DM;%_NOA[M7>#NUA?NQBE2S@OM5A/NK.$NW
++M+9NY*ZM].^"RGONYH!NZHNNY-'!AH^NR*X!=%7"ZH&L@.89=%^"Y/(`#.39)
++MJ^NRL_NZ*H`"G^L"*O"ZF>6YX16[H3L#2^:YKJNZ+CN\HNL!90*/K/NYQHM=
++MIYNZP>L#I?NZMSN]/Q"Z//"[V(4#/."R%0"\W>NY.=!C.:8"K)N[V05*XG6[
++M+NN[KXL#.O"YR9MCQ.L#UFMAAB6[M)M=+IN][.L#[IMC\LN\Q7N\J/NZ_QN]
++M_Q`<NCN0!)T;P19\P1B<P1BLAQK<P1[LP1E$`@7\P21<PB9\PC[`P2B\PBS<
++MPBZ,P1.<`3O0`#1<PS9\PSB<PSJ\PSS<PS[\PPT07T`\Q$1<Q$-,ARU@Q$J\
++MQ$S<Q$8LQ$X<Q5(\Q51<Q34<PSLP`#2LQ5K<PUW<Q0T`QC@\`&*\PV7LPU\<
++MQCG,Q3?<Q5#<QC4,QF1\QFILPW0<QVM\QV9LQPT0H-V(QV1<QX(\R'",QSP\
++MQW<<R(3,QV/\Q5RLQX=<QG(<`9A5`6-\R5LLR&+,QHN<QD2<R)N\QF'LR5NL
++MR(N\QXR,RI"<R5^,Q8C\RK`<R[(\R[1<R[9\R[$<7_^XO,N\W,NXG%@XX,O"
++M/,S$7,S"3#(H\`+&O,S,W,S._,R(',,H`,W47,UD3,F99<W:7,L:-,W;_,W@
++M',[B/,[D/,R\XAP3D,[JO,[LW,[N_,[P',_R/,_T/`'(O`/UG,_ZO,_T_`!$
++ME`'\'-`"/=`$7=`&?=`(G=`*K=#I\4,OL-`0'=$2/='YS`,H@`+X3-$:O=$<
++MW=$>_=$"[72^@,X@7=(F?=(HG=(JO=(LO=([0D\D<`$,P``3,-,S7=,U?=,Z
++M;=,\S=,YO=,^_=,WG<XTK=/JW-,V3=0^C=1)W=-"+=1+W=1,K=12C=-%_=-8
++M/=1,C=16O=5%O=,Y3=4T#=7_21W68>W57TW6:*W4.-W54=W64-W56:W6:3W5
++M1.W68)W76QW7:#W61LW59IW5?MW73>W6AKW78OW55\W50(W7.5TJ'U("[+$#
++MA%W9EGW9F)W9FKW9G-W9GOW9H!W:HCW:I%W:IGW:G#W!&4$$SH':KOW:L!W;
++MLCW;M%W;MGW;N/W2:X!QFFT`/.W;#`#</2W<A`W<QFW9Q)W9R3W;R]W;FWW<
++MO[W5PNW;S8W;2%W=P^W<P5W<UCW3RXW=W2W=FMT")!#91!`,%V``ZKW>[-W>
++M[OW>\!W?\CW?]%W?]GW?^)W?^KW?_-W?_OW?`![@`C[@!%[@\UTJ1X$&/X0"
++M!M[@_P[^X!`>X1(^X11>X19^X?K-*PF>!NS!X!C^X2`>XB(^XB1>XB8^X+RR
++MVK_0X2FPWBVNWB^>`C(.XS,.XP8PXS&>XS*^XRU>XSQ^XS2^XR[NXSU^XT)>
++MXT9NY#_.XS\.Y$(>Y$FNY#H>Y5*NY$[.Y#@.Y%*>Y5C.Y%M^Y"^^Y3;^Y$U.
++MXU"NXST>X^RMYF6>YDC^YDV^Y%KNXF.>Y&&^YCA>Y%;NYGF.YGMNYG8^YU4^
++MY'+.YED>Y'WNYEJ^Y&&>YS9NY7/>Z"FN$4+@#A?0Y9B>Z9J^Z9S>Z9[^Z:`>
++MZJ(^ZJ1>ZJ9^ZJB>ZJJ^ZJS>ZJB^H)0^!,&0Q*Y>Z[9^ZW6XGNNZONN\WNN^
++M_NN8W@#DO>&43@DR7,2F;,B9?,J#O,I6S.Q>?,A1S,F8+,IF[.QQ+,<_G.S2
++M/LK53LK3WNV?3,78CL;AONRI#,>KC.T3W`NQWAQD$._R/N_T7N_V'@7FF^_Z
++3ON_\WN\Y=N\`C^\.S%WL$`0`.P``
++`
++end
+--- /dev/null
++++ b/faq.html
+@@ -0,0 +1,343 @@
++<HTML>
++<HEAD>
++<TITLE>Offline NT pw & reg-editor, FAQ</TITLE>
++</HEAD>
++<BODY link="#00687F" vlink="#00687F" alink="#00687F" bgcolor="#C0C0C0">
++<H2 align="center"><img border="0" src="images/faq.gif" width="460" height="65"></H2>
++<hr>
++
++Last update: 080526
++
++<p>
++<h3>
++The changes does not take effect.<br>
++I get some errors like "read-only filesystem" and such.
++</h3>
++<ul>
++<li>The current version does not like to write to the NTFS filesystem if
++windows was not shut down cleanly.
++<li>Shut down windows from the login page, or from the start menu.
++<li>If there is no way to shutdown from the login-page, try this:
++<ol>
++ <li>Boot windows into Safe Mode (press a lot on F8 before the
++ windows logo screen appears)
++ <li>The login screen in safe mode should usually have a shutdown
++ option, so shut it down!
++ <li>You may have to do this TWICE! quite often..
++</ol>
++</ul>
++<p>
++<h3>
++Why can't I access my encrypted (EFS) files after resetting the password?
++</h3>
++<ul>
++<li>Because in XP and possibly later service packs in win2k the
++password itself is used to encrypt the keys needed for EFS.
++<li>Sorry, there is no way to recover the files once the
++password has been reset.
++</ul>
++<p>
++<h3>
++The .bin-file inside the .zip won't fit on a floppy.
++</h3>
++<ul>
++<li>You didn't read the bottom of the <A HREF="bootdisk.html">bootdisk
++download page</A>
++<li>Click on the <b>install.bat</b> after extracting the .zip file,
++and follow the on screen prompts.
++</ul>
++
++<p>
++
++<h3>
++The keyboard does not work! I can't answer the questions!!
++</h3>
++<ul>
++<li>If you have a USB keyboard either your USB controller or your
++keyboard is not supported with the rather generic drivers I use.
++Nothing I can do at the moment, sorry! Try a PS/2 keyboard if possible.
++<li>If the keyboard is PS/2 and won't work, I do not have a
++solution. Sorry.
++</ul>
++<p>
++
++<h3>
++When loading the floppy it stops with "boot failed."
++</h3>
++<ul>
++<li>Bad floppy. Or bad bootloader (some versions are known to give up
++easy)
++<li>Use another floppy or a new version of the ldlinux.sys file (go
++allthewebbing for it for instance. grab one from a linux distros
++bootdisks. I did.)
++<li>Or get the CD image from the <A HREF="bootdisk.html">download</A> page.
++</ul>
++
++<p>
++<h3>
++ I have the CD in my CD drive, but it starts on the haddrive.
++</h3>
++<ul>
++<li>Check your BIOS manual on how to boot from CD, or if the CD-ROM is
++on a SCSI-card, check the cards manual.
++<li>For those of you without manuals: Try hitting ESC or F10 or F12
++for bootmenu right after the RAM-count.
++<li>Or enter BIOS setup and change the boot order. Either you can
++figure that one out from the menus, or you really need the manual.
++<li>I don't remember when BIOS-folks started implementing the CD boot
++(El Torito) standard, but it was around 1995? Older computers won't CD boot.
++<li>But BIOS-programmers never actually READ the bloody standard, so
++you may have a buggy one that only boots some CDs.
++<li>If it boots (first banner page), the same problems as for the
++floppy may show, please read on..
++</ul>
++
++<p>
++<h3>
++The floppy stuff crashes with "VFS: Unable to mount root.." and panic etc.
++</h3>
++<ul>
++<li>The are several ways of getting the size of the memory out of the
++BIOS at boot.
++<li>It probably selected the wrong one, and 16MB is a bit too little.
++<li>Strangely, this most often happens on big brand machines, like
++Compaq and DELL.
++<li>At boot, hold down LEFT SHIFT key until "Boot: " prompt appears.
++<li>Then enter:
++ <ul>
++ <li><code>boot mem=128M</code>
++ </ul>
++<li>but substitute with how much memory you have (or a bit less to be safe)
++<li>If this doesn't help, there is probably not support for your
++motherboard, CPU or BIOS.
++</ul>
++
++<p>
++<h3>
++It cannot find any NT disks or paritions.
++</h3>
++<ul>
++<li>Some controllers require more than one driver. Usually the
++auto-load should take care of dependencies, but it does not hurt to
++try auto-load (d) again.
++<li>It's either caused by unsupported controller or filesystem driver problems.
++<li>See next questions..
++<li>Please don't ask about inclusion of new drivers. I'm often short
++on time, get lot's of mail, and it's difficult to put in things I
++cannot test.
++<li>If you really insist on asking for new drivers, you must at least
++provide me with correct info on controller card or chip brandname,
++type, model etc, and a link to website(s) with drivers for linux.
++If there also are docs for using it on linux, I need that, too.
++However, as I get a lot of mail, I cannot guarantee an answer or that
++your needed driver will be included.
++<li>There are however several other things to try:
++ <ul>
++ <li>Try to build <A HREF="http://www.cgsecurity.org/" TARGET="_top">Grenier's DOS floppies</A>
++ <li>Move harddisk to another machine as secondary, then try
++ <A HREF="http://www.cgsecurity.org/" TARGET="_top">Grenier's chntpw.exe</A>
++ <li>Install new NT/2k/XP in another dir than \winnt etc, then login
++ with new install to access the old ones sam file. Either rename it
++ (will leave admin with blank pass) or use chntpw.exe on it.
++ </ul>
++ <li>You could boot a live linux CD
++ (like <A href="http://www.ubuntu.com/" TARGET="_top">Ubuntu</A> or others), it
++ will allow access to the windows disk. Then run the "chntpw.static"
++ program included in the source zip file on the source <a href="editor.html">download page</a>
++<li>Or why not look at
++<a href="http://www.petri.co.il/forgot_administrator_password.htm"
++target="_top">The password recovery page at MCSE World</a>
++</ul>
++
++<p>
++<h3>
++How to load a 3rd party driver
++</h3>
++<ul>
++<li>There is a menu selection for it. Put file(s) drivers*.zip
++ on a floppy or on a USB stick (may be a different one from the one
++ you boot from). The zips should contain *.ko files. The files will be automatically unzipped and ready
++ for auto-load or manual menu selection.
++<li>I do not know how easy or difficult it will be to actually get the
++ drivers to load into my kernel. There may be versions incompatibilities.
++</ul>
++<p>
++
++<h3>
++It hangs when mounting the windows disk
++</h3>
++<ul>
++<li>Hangs when it says something like "NTFS volume version 3.xx"
++<li>If there is disk activity, just wait. Took more than 10 minutes in
++ one of my tests once.
++<li>If there is no disc activity, what a few minutes, then reset and
++ try again.
++<li>If it still hangs, try to boot windows into safe mode first, then
++ shut down etc. See other faq entries about that.
++</ul>
++<p>
++
++<h3>
++It seems to change the password, but NT won't agree.
++</h3>
++<ul>
++<li>The NTFS code wasn't that great after all (probably didn't write
++things properly)
++<li>My code wasn't that great after all. (it didn't change or changed
++in the wrong place. The V struct is still marked "here be dragons..")
++<li>Try blanking the password instead (menu selection 1), this
++may straighten things out. In fact, reports indicate: BLANKING RECOMMENDED!
++<li>If it still won't work, see the previous solution.
++<li>Blanking will probably be the only option in newer releases.
++</ul>
++<p>
++
++<p>
++<h3>
++I'm told that the account is locked, even if I know it is not.
++</h3>
++<ul>
++<li>Ok, then the code to identify lockout is not good enough. Sorry
++for that.
++<li>Happens sometimes when there are failed logins on a user, even if
++it is not in fact locked out.
++<li>Just ignore it, you may still clear the password if you wish.
++</ul>
++<p>
++
++<p>
++<h3>
++I'm not told that the account is locked out, even Windows says it
++is. How can I reset it?
++</h3>
++<ul>
++<li>Oops, probably more to the lockout stuff than I know about.
++<li>You can try resetting it (selection 4 from the user menu), but it
++may not help.
++<li>May have something to do with Security / Group policies, which
++editing of is not supported yet.
++<li>Unless you'd like to play with the registry editor yourself and
++figure it out. I cannot give lessons in registry edit.
++</ul>
++
++<p>
++<h3>
++The user promotion (putting user into admin group) did not work: I
++cannot log in!
++</h3>
++<ul>
++<li>Some users (like Guest often) are prevented from login by
++"Security policies". Does it say something like that when trying?
++<li>Sorry, but my program cannot change policy settings. (yet?)
++<li>It does not even know how to check them.
++<li>Sorry, nothing to do..
++</ul>
++
++<p>
++<h3>
++The user promotion (putting user into admin group) worked, but I
++cannot put user back into other groups in windows!
++</h3>
++<ul>
++<li>This is known to happen sometimes.
++<li>Try the local user part of "computer management" in
++"administrative tools", it is more detailed than the stupid control
++panel applet.
++<li>But that may not work, either.
++<li>Sorry, have no other known workarond. I told you it was experimental!
++</ul>
++
++<p>
++<p>
++<h3>
++I tried it on Win2k/2003/2008 PDC (Active Directory), and it didn't change the password.
++</h3>
++<ul>
++<li>ActiveDirectory (AD) is a completely different database.
++<li>There is no support for directly changing passwords in AD.
++<li>To clear things up: The Active Directory SERVER itself is not
++directly supported, but workstations (w2kprof) and servers (w2k server) that is
++just MEMBERS of the domain can have their LOCAL passwords changed by
++the utility.
++<li>But..
++<li>John Simpson has made <a href="http://www.jms1.net/nt-unlock.html"
++target="_top">
++instructions</a> on how to reset that pesky lost administrator password in AD.
++<li>Many thanks goes to John for this!
++<li>And I may as well in a future relase make a frontend for the
++screensaver trick he uses, so it will be even easier.
++</ul>
++<p>
++<p>
++<h3>
++What is the 'Can't access tty...' error message when I quit the
++floppy/cd procedure?
++</h3>
++<ul>
++<li>It's from the shell, and has nothing whatsoever to do with the
++password edit.
++<li>My scripts don't allocate the terminal correctly.
++<li>Only thing it means is that ctrl-c to break etc won't work on
++console 1. Should work on console 2-4 (ALT-F2 and so on)
++<li>Please don't ask about this in mail AGAIN!
++</ul>
++<p>
++<h3>
++My language uses characters in the usernames that are not readable
++with the floppy, and i cannot enter/search for them, thus not edit.
++</h3>
++<ul>
++<li>There is no support for the full unicode character set. Perhaps
++never will.
++<li>Select user with the RID (user ID) instead.
++<li>At the username prompt, enter the RID in hex, just as it is listed
++in the user listing. 0xfa0 for instance.
++</ul>
++<p>
++
++<p>
++<h3>
++What about support? and I just paid $$ for it on eBay!
++</h3>
++<ul>
++<li>Yes, some people sell it on eBay.
++<li>Most of them didn't bother to ask me, but I haven't cared too much
++about it, at least not yet.
++<li>If the price is reasonably low (for media, shipping etc), they offer some kind of help and
++support if customers need it, that's good, and no problem for me.
++<li>Please do not blaim me if eBay sellers can't deliver or it doesn't
++work, or you feel ripped off. Leave feedback on eBay instead.
++<li><b>I DO NOT ENDORSE ANY SPECIFIC SELLER ON eBAY!</b>
++<li>I give my tool away for free here, because I do not have the time
++for real support.
++<li>Usually I go through my mail 1 or 2 times a week, and I usually
++end up replying about 40-50% of it.
++<li>What I answer depends on my mood that day, what the problems
++are, and how they are presented.
++<li>Mails with questions for which an answer can be found here in the
++FAQ or on the other webpages will not be answered.
++<li>Questions for drivers will almost never be answered. They take too
++much time to figure out. Sorry.
++<li>And.. I understand English, Norwegian, Swedish and Danish.
++<li>My answers are either in English or Norwegian. (as appropriate :-)
++<li><b>Thank you all for a lot of positive feedback or small tips for
++improvement, I appreciate it :-) </b> even if I often don't reply to you. :-(
++</ul>
++
++<p>
++<h3>
++Can I donate money?
++</h3>
++<ul>
++<li>Not a the moment, I have closed the donations. There are several
++reasons I will not talk about.
++<li>But a big thank you to all that have donated, especially to some I
++guess I have missed a personal reply to!
++</ul>
++<p>
++<hr>
++<p>
++<a href="main.html"><img border="0" src="images/back.gif" width="98" height="20"></a><hr>
++<ADDRESS>091201, pnh@pogostick.net</ADDRESS>
++</BODY>
++</HTML>
+--- /dev/null
++++ b/syskey.txt
+@@ -0,0 +1,124 @@
++The Offline NT Password Editor
++
++(c) 1997-2002 Petter Nordahl-Hagen
++
++Update: 08 dec 2002
++
++What happens when syskey is installed, and how to get rid of it
++---------------------------------------------------------------
++
++Background:
++-----------
++
++Syskey was added to NT with Service Pack 3 as a way to prevent easy
++access to the actual password hashes in the SAM (Security Accounts Manager)
++The original methods of making and storing the hashes makes it
++rather easy to bruteforce or dictionary-attack it to find the plaintext
++passwords. (mostly caused by a somewhat flawed implementation & use
++of the cryptoalgorithms involved, but that's discussed elsewhere)
++Enabling syskey is optional, the administrator must run syskey.exe and
++answer some dialog-boxes to turn it on. On Windows 2000 it's not optional
++anymore, it's enabled by default at installation time.
++
++When syskey is active, the hashes are encrypted/obfuscated yet
++another time before being stored in the SAM registry.
++However, they're stored in the old form in memory after boot
++(pwdump2 demonstrates this),
++since the old form is needed for NTLM authentication on the network etc.
++
++The key that obfuscates the hashes, or rather it looks like something
++that decrypts the key, can be stored on floppy, generated from a
++passphrase to be entered at boot, or stored (obfuscated again) in
++the registry.
++
++There's no official supported method to switch off syskey
++once activated, except restoring the registry from a rescuefloppy
++made before activation of syskey.
++
++So.. what's this got to do with my utility?
++-------------------------------------------
++
++My utility doesn't try to crack passwords, it puts new hashes into
++the SAM, thus changing a users password. And it does this offline.
++Syskey was a showstopper for this.
++As far as I can see, there's 2 ways to solve this:
++
++1) Find the key in registry, get user to enter it, or get hold of floppy
++ then use the syskey on the new password too. However, it's not documented
++ and I haven't found any reverse engineering of it anyplace.
++
++2) Try to turn it off. This has one drawback, and one good side:
++ Bad: all passwords must be reset, since the old hashes will be invalid.
++ VeryBAD: SWITHCHING OFF IN WINDOWS 2000 AND XP NOT PERFECT,
++ WILL CAUSE TROUBLE, but you can access the computer
++ afterwards. Domain relationships & syskey may be
++ impossible to change after this, requiring a reinstall
++ (or possibly only an upgrade)
++ Good: There's no need for the key (which may be lost).
++
++3) (NEW 2000-04-01, no, not a joke) Insert old styles password-hashes
++ into the SAM, will be converted to syskey-hashes on next boot.
++ This is how syskey is enabled on NT4, the hashes won't be touched
++ until the first reboot after turning on syskey.
++
++I've found out how to do #2 and #3.
++
++What happens when syskey is turned on, and how to turn it off again:
++--------------------------------------------------------------------
++
++- 1 -
++Serveral new keys are added to HKLM\System\CurrentControlSet\Control\Lsa,
++it seems that most of the keys/values is used for the obfuscation of the key
++they change when syskey is updated.
++However the value named 'SecureBoot' holds the mode of syskey:
++ 1 - Key in registry
++ 2 - Enter passphrase
++ 3 - Key on floppy
++
++But removing this key (or setting it to 0) isn't enough to disable
++syskey. There's more..
++
++- 2 -
++HKLM\SAM\Domains\Account\F is a binary structure usually containing the computer
++SID and some other stuff related to that.
++When syskey is installed it's expanded (about twice the size), with something
++I guess is the key heavily encrypted + some flags and other values.
++One of these other flag/values also contains the same mode as SecureBoot above.
++
++So.. resetting this mode flag and SecureBoot to 0 is all that's needed
++to switch off syskey in NT4 (up to SP6 at time of writing). Changing only one of them
++results in a warning about inconsistencies between the SAM and system settings
++on completed boot, and syskey is re-invoked.
++
++- 3 -
++On Windows 2000 there's yet another place info about syskey is stored:
++
++HKLM\security\Policy\PolSecretEncryptionKey\<default>
++which also is a binary structure, but also there the mode is stored.
++Reset this to 0, and syskey is gone on win2k.
++(if there's a mismatch between the three, it silently resets them
++ to the most likely value on boot)
++
++- 4 -
++Then there's the password hashes.
++The usual (old) hashlength is 16 bytes, but all hashes are expanded to 20 bytes
++with syskey, the first 4 bytes looks like some kind of counter. (maybe
++history-counter?).
++Strangely, they're not updated at once when syskey is turned on,
++update of the hashes happens during next reboot after syskey has been turned on.
++And when the key is later updated, the hashes are also updated?
++NO!! Strangely it SEEMS like the password hashes REMAINS THE SAME!
++(however, the binaries in the 3 keys noted above changes..)
++I'll try to dig more into this. Help wanted :)
++
++When syskey has been switched off, all passwords must be reset.
++My utility will write and adjust hash-lengths of the users (usually
++administrator) that you reset the password for.
++NT itself will fix the rest of the hashes when you set new passwords
++from NT.
++
++And yes, it's possible to re-enable syskey after turning it off.
++(not on win2k, yet!)
++
++So, anybody reverse engineered the whole syskeystuff?
++(yes, I know something's on it's way..)
--- chntpw-1.0.orig/debian/patches/03_keyname-overflow
+++ chntpw-1.0/debian/patches/03_keyname-overflow
@@ -0,0 +1,21 @@
+--- a/ntreg.c
++++ b/ntreg.c
+@@ -2607,7 +2607,6 @@
+ int count = 0;
+ int countri = 0;
+ int len, byte;
+- char keyname[128];
+ char path[1024];
+ char *value;
+ struct nk_key *key;
+@@ -2626,10 +2625,6 @@
+
+ // get the key
+ key = (struct nk_key *)(hdesc->buffer + nkofs);
+- strncpy(keyname, key->keyname, key->len_name);
+- keyname[key->len_name] = '\0';
+- printf("Exporting key '%s' with %d subkeys and %d values...\n",
+- keyname, key->no_subkeys, key->no_values);
+
+ *path = 0;
+ get_abs_path(hdesc, nkofs, path, 1024);
--- chntpw-1.0.orig/debian/patches/04_get_abs_path
+++ chntpw-1.0/debian/patches/04_get_abs_path
@@ -0,0 +1,10 @@
+--- a/ntreg.c
++++ b/ntreg.c
+@@ -1511,6 +1511,7 @@
+ }
+
+ strncpy(tmp,path,ABSPATHLEN-1);
++ tmp[ABSPATHLEN-1] = '\0';
+
+ if (key->type & 0x20)
+ keyname = mem_str(key->keyname, key->len_name);
--- chntpw-1.0.orig/debian/patches/05_control_empty_values
+++ chntpw-1.0/debian/patches/05_control_empty_values
@@ -0,0 +1,40 @@
+--- a/ntreg.c
++++ b/ntreg.c
+@@ -2667,21 +2667,23 @@
+ value = (char *)get_val_data(hdesc, nkofs, vex.name, vex.type, TPF_VK_EXACT);
+ len = get_val_len(hdesc, nkofs, vex.name, TPF_VK_EXACT);
+
+- if (vex.type == REG_BINARY) {
+- fprintf(file, "\"%s\"=hex:", vex.name);
+- } else {
+- fprintf(file, "\"%s\"=hex(%x):", vex.name, vex.type);
+- }
+- byte = 0;
+- while (byte < len) { /* go byte by byte.. probably slow.. */
+- fprintf(file, "%02x,", (unsigned char)value[byte]);
+- byte++;
+- if (!(byte % 20)) fprintf(file, "\\\r\n ");
+- }
+- fprintf(file, "%02x\r\n", (unsigned char)value[byte]);
+- }
++ if (value && len >= 0) {
++ if (vex.type == REG_BINARY) {
++ fprintf(file, "\"%s\"=hex:", vex.name);
++ } else {
++ fprintf(file, "\"%s\"=hex(%x):", vex.name, vex.type);
++ }
++ byte = 0;
++ while (byte < len) { /* go byte by byte.. probably slow.. */
++ fprintf(file, "%02x,", (unsigned char)value[byte]);
++ byte++;
++ if (!(byte % 20)) fprintf(file, "\\\r\n ");
++ }
++ fprintf(file, "%02x\r\n", (unsigned char)value[byte]);
+
+- FREE(vex.name);
++ FREE(vex.name);
++ }
++ }
+ }
+ }
+
--- chntpw-1.0.orig/debian/patches/06_correct_test_open_syscall
+++ chntpw-1.0/debian/patches/06_correct_test_open_syscall
@@ -0,0 +1,16 @@
+Fix code that probably is never run since the existing code is totally bogus.
+The condition, !open(...), will almost always be true.
+(sole exception is when starting a program with stdin
+initially closed)
+
+--- a/ntreg.c
++++ b/ntreg.c
+@@ -4133,7 +4133,7 @@
+ if ( !(hdesc->state & HMODE_DIRTY)) return(0);
+
+ if ( !(hdesc->state & HMODE_OPEN)) { /* File has been closed */
+- if (!(hdesc->filedesc = open(hdesc->filename,O_RDWR))) {
++ if ((hdesc->filedesc = open(hdesc->filename,O_RDWR)) < 0) {
+ fprintf(stderr,"writeHive: open(%s) failed: %s, FILE NOT WRITTEN!\n",hdesc->filename,strerror(errno));
+ return(1);
+ }
--- chntpw-1.0.orig/debian/patches/07_detect_failure_to_write_key
+++ chntpw-1.0/debian/patches/07_detect_failure_to_write_key
@@ -0,0 +1,19 @@
+Detect stream write failure.
+--- a/ntreg.c
++++ b/ntreg.c
+@@ -3493,7 +3493,14 @@
+
+ fprintf(file,"\r\n"); /* Must end file with an empty line, windows does that */
+
+- fclose(file);
++ if (ferror (file)) {
++ printf("failed to write file '%s'\n", filename);
++ fclose (file);
++ return;
++ }
++ if (fclose(file))
++ printf("failed to write file '%s': %s\n", filename,
++ strerror(errno));
+ }
+
+ /* ================================================================ */
--- chntpw-1.0.orig/debian/patches/08_no_deref_null
+++ chntpw-1.0/debian/patches/08_no_deref_null
@@ -0,0 +1,15 @@
+Diagnose a missing hive file name with -e.
+--- a/reged.c
++++ b/reged.c
+@@ -167,6 +167,11 @@
+
+ if (edit) { /* Call editor. Rest of arguments are considered hives to load */
+ hivename = argv[optind+no_hives];
++ if (!hivename) {
++ fprintf(stderr,"with -e you must specify at least one hive file name\n");
++ usage();
++ exit(1);
++ }
+ do {
+ if (!(hive[no_hives] = openHive(hivename,
+ HMODE_RW|mode))) {
--- chntpw-1.0.orig/debian/patches/09_improve_robustness
+++ chntpw-1.0/debian/patches/09_improve_robustness
@@ -0,0 +1,51 @@
+
+The first two were spotted via inspection by Fedora team,
+the third one was added to address an error found using valgrind:
+ $ : > j && valgrind ./reged -e j
+ ~/w/co/chntpw:
+ ==16084== by 0x4011E3: main (reged.c:103)
+ get_abs_path: Not a 'nk' node!
+
+* ntreg.c (fmyinput): Don't clobber ibuf[-1] upon NUL input.
+* ntreg.c (convert_string): Don't segfault upon low memory.
+* ntreg.c (openHive): Don't read uninitialized when file is too small.
+--- a/ntreg.c
++++ b/ntreg.c
+@@ -227,14 +227,18 @@
+
+ int fmyinput(char *prmpt, char *ibuf, int maxlen)
+ {
+-
++ int len;
+ printf("%s",prmpt);
+
+ fgets(ibuf,maxlen+1,stdin);
++ len = strlen(ibuf);
+
+- ibuf[strlen(ibuf)-1] = 0;
+-
+- return(strlen(ibuf));
++ if (len) {
++ ibuf[len-1] = 0;
++ --len;
++ }
++
++ return len;
+ }
+
+ /* Print len number of hexbytes */
+@@ -4250,6 +4254,14 @@
+ closeHive(hdesc);
+ return(NULL);
+ }
++
++ if (r < sizeof (*hdesc)) {
++ fprintf(stderr,
++ "file is too small; got %d bytes while expecting %d or more\n",
++ r, sizeof (*hdesc));
++ closeHive(hdesc);
++ return(NULL);
++ }
+
+ /* Now run through file, tallying all pages */
+ /* NOTE/KLUDGE: Assume first page starts at offset 0x1000 */
--- chntpw-1.0.orig/debian/patches/10_remove_static
+++ chntpw-1.0/debian/patches/10_remove_static
@@ -0,0 +1,23 @@
+10_remove_static
+Do not build static files in the Makefile, they are not used in Debian.
+Created by Javier Fernandez-Sanguino <jfs@debian.org> for Debian
+Not forwarded, this patch is Debian-specific
+
+--- a/Makefile
++++ b/Makefile
+@@ -12,7 +12,7 @@
+ LIBS=$(shell libgcrypt-config --libs)
+
+
+-all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static
++all: chntpw cpnt reged samusrgrp sampasswd
+
+ chntpw: chntpw.o ntreg.o edlib.o libsam.o
+ $(CC) $(CFLAGS) -o chntpw chntpw.o ntreg.o edlib.o libsam.o $(LIBS)
+@@ -52,5 +52,5 @@
+ $(CC) -c $(CFLAGS) $<
+
+ clean:
+- rm -f *.o chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static *~
++ -rm -f *.o chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static *~
+
--- chntpw-1.0.orig/debian/patches/11_improve_documentation
+++ chntpw-1.0/debian/patches/11_improve_documentation
@@ -0,0 +1,501 @@
+
+Description: Fix spelling and grammar mistakes in documentation
+Author: Javier Fernandez-Sanguino <jfs@debian.org>
+Forwarded: NOT yet
+Last-Update: 2014-08-07
+Copyright: This file is distributed with the same license as the chntpwd sources
+
+This patch is the result of reviewing (by a non-foreign speaker, oh! the
+irony!) the documentation provided by the upstream author in
+the sources (text files).
+
+It tries to fix some grammar and spelling mistake, while trying not
+to add any new ones.
+
+
+--- a/MANUAL.txt
++++ b/MANUAL.txt
+@@ -15,14 +15,14 @@
+ SOFTWARE - HKEY_LOCAL_MACHINE\SOFTARE: Config and info of installed
+ software and a lot of higher level windows config
+
+-Note that these programs (and the registry library they use) does not
+-join all these files in the same tree like windows does.
++Note that these programs (and the registry library they use) do not
++join all these files in the same tree like Windows does.
+ For example, a path like
+ HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control
+ is not valid, it is instead just
+ ControSet001\Control
+ (after selecting the hive if more than one is loaded)
+-But except if you use the registry edit or export/import functions you
++But, unless you use the registry edit or export/import functions, you
+ do not need think about this as for other things the tools handle
+ this.
+
+@@ -49,65 +49,65 @@
+
+
+
+- -u <user> Username or RID (0x3e9 for example) to interactively edit
++ -u <user> Username or RID (0x3e9 for example) to edit interactively
+
+-Invoke the interactive edit menu on specified user.
+-Specifying a user name will most likely fail if user has international
+-character, so better to use user ID (RID), for example
++Invoke the interactive edit menu on the specified user.
++Specifying a user name will most likely fail if the username has international
++characters, so itis better to use the user's ID (RID), for example
+ chnptw -u 0x3e9 SAM
+-to edit user with hexadecimal RID 3e9
++to edit the user with hexadecimal RID 3e9
+
+
+- -l list all users in SAM file and exit
++ -l list all users in the SAM file and exit
+
+-Just that, list users in human readable form, with some info about if
+-user is admin and if password is set.
++Just that, list all the users in human readable form, with some information
++about the user, such as if the user is an administrator user and if the password is set.
+
+ -i Interactive Menu system
+
+ Invokes the menu system. Menu items will vary a bit depending on what
+ registry hives are loaded.
+
+- -f Interactively edit first admin user
++ -f Interactively edit the first admin user
+
+-Select first admin user for edit. This is user with lowest RID that
+-also is member of administators group, or built-in user 0x1f4 if not
+-others possible.
++Select the first admin user for edit. This is the user with the lowest RID that
++also is member of the administrators group, or the built-in user 0x1f4 if no
++other users are found.
+
+ -e Registry editor. Now with full write support!
+
+-Enter the registry editor. It is a small command system. ? for help
+-there. See other documentation for more on regedits.
++Enter the registry editor. It is a small command system. Press '?' for help
++there. See other documentation for more information on regedits.
+
+- -d Enter buffer debugger instead (hex editor),
++ -d Enter the buffer debugger instead (hex editor),
+
+-Command line type hex editor, mostly for debugging purposes. ? for help.
++Command line type hex editor, mostly used for debugging purposes. ? for help.
+
+- -v Be a little more verbose (for debuging)
++ -v Be a little more verbose (for debugging)
+
+ Lots of debug output during most operations (especially hive loading)
+
+ -L For scripts, write names of changed files to /tmp/changed
+
+ If any of the other functions changes the registry, the changed files
+-are listed here. Can be used by wrapper scripts to know what to save.
++are listed here. This option can be used by wrapper scripts to know what to save.
+ My boot CD uses it.
+
+ -N No allocation mode. Only same length overwrites possible (very safe mode)
+
+-Safe mode. Will only allow changes in registry that overwrites old
+-values with same length data. Password reset only changes 2 bytes, and
+-does not change value lenght, so password reset will still work in
++Safe mode. This option will only allow changes in the registry that overwrite old
++values with the same length data. Password reset only changes 2 bytes, and
++does not change value length, so password resets will still work in
+ this safe mode. If something tries to violate this safe mode, a lot of
+-error messages (some of the rather obscure) may occur.
++error messages (some of them rather obscure) may be shown.
+
+ -E No expand mode, do not expand hive file (safe mode)
+
+ Safe mode. Does not allow expanding the size of the file, but will
+-allow adding keys/values as long as there is free space in the file
++allow adding keys/values as long as there is enough free space in the file
+ already. (most files contains some free space)
+ If expansion is needed but not allowed by this option,
+-a lot of obscure error messages may occur, and file should not be saved.
++a lot of obscure error messages may be show, and the file should not be saved.
+
+ -------------------------------------------------------------------------
+
+@@ -155,10 +155,10 @@
+
+ reged -x system HKEY_LOCAL_MACHINE\\SYSTEM ControlSet001 output.reg
+
+-should export everything below ControlSet001 key from registry hive
+-file named system into .reg file named output.reg, using
++should export everything below ControlSet001 key from the registry hive
++file named 'system' into the .reg file named 'output.reg', using
+ HKEY_LOCAL_MACHINE\SYSTEM in front of every key name in the .reg file.
+-(in most shells \\ is needed to ignore the meaning \ has to the shell)
++(in most shells \\ is needed to ignore the meaning '\' has to the shell)
+
+ reged -x system HKEY_LOCAL_MACHINE\\SYSTEM ControlSet001\\Enum output.reg
+
+@@ -166,7 +166,7 @@
+
+ reged -x system HKEY_LOCAL_MACHINE\\SYSTEM \\ output.reg
+
+-export everything in the system file
++exports everything in the system file
+
+
+
+@@ -174,12 +174,12 @@
+ Import from .reg file. Where <prefixstring> for example is HKEY_LOCAL_MACHINE\SOFTWARE
+ Only one .reg and one hive file supported at the same time
+
+-Reverse of -x, this reads from a .reg file and puts it into the hive
+-file, just like regedit.exe foobar.reg will do in windows.
+-The <prefixstring> is removed from the start of each key name, if you
++This option is the opposite of -x: it reads from a .reg file and puts it into the hive
++file, just like 'regedit.exe foobar.reg' will do in Windows.
++The <prefixstring> is removed from the beginning of each key name, if you
+ specify this wrong, the result may not be what you expected.
+ KNOWN PROBLEM: This routine is slow, very slow indeed on binary values (has
+-hex numbers in .reg file). May take over 5 minutes to import a file
++hex numbers in .reg file). It may take over 5 minutes to import a file
+ the size of a normal XP software-hive .reg export.
+ Problems / unusual things in the .reg file may cause crash or
+ unexpected data or some times even an error messsage! :)
+@@ -190,10 +190,10 @@
+ -e <registryhive> ...
+ Interactive edit one or more of registry files
+
+-Enter the registry editor. It is a small command system. ? for help
++Enter the registry editor. This is a small command system. Press '?' for help
+ there. See other documentation for more on regedits.
+-If both -I and -e given, editor will be entered after import, but
+-before save, so you can check things if you need.
++If both -I and -e given, editor will be entered after importing, but
++before saving, so you can check things if you need.
+
+
+ Options:
+@@ -292,12 +292,12 @@
+
+ samusrgrp
+ is a command line tool to add users to groups or remove users from
+-groups. Users and groups must be local (cannot be domain / AD).
++groups. Users and groups must be local (i.e. they cannot be domain / AD).
+ It can also list the groups with their members in several forms, the
+-output can be used in scripts of course.
++output can be used in scripts as it is provided in machine readable format.
+
+ Listing groups will also list domain users that are members of the
+-group (if any), but it will not be able to look up the name, so it
++group (if any), but it will not be able to look up the name, so they
+ will be listed as a SID only.
+
+ samusrgrp version 0.2 130501, (c) Petter N Hagen
+@@ -310,7 +310,7 @@
+ -L = list groups and also their members
+ -s = Print machine SID
+
+-For add or remove, you must also specify a bit more info:
++To add or remove a user, you must also specify some more information:
+
+ Parameters:
+ <user> can be given as a username or a RID in hex with 0x in front
+@@ -356,9 +356,9 @@
+ Members name (if available, else SID)
+ Members SID
+
+-So in this example, the Guests group have 2 members: Administrator and
++So in this example, the Guests group has 2 members: Administrator and
+ Guest.
+-At the time of writing this, it WILL NOT LIST EMPTY GROUPS (no
++At the time of writing this, it WILL NOT LIST EMPTY GROUPS (groups with no
+ members). I plan to change this, empty groups on one line with -1 in
+ member number field, and rest of user fields empty.
+
+@@ -429,7 +429,7 @@
+
+ User RID (hex)
+ User name
+-Is user admin? (1 = yes, 0 = no) (member of group ID 0x220)
++Is the user an administrator? (1 = yes, 0 = no) (member of group ID 0x220)
+ Account flags, ACB (hex). See sam.h file.
+ Password hash length. 14 = normal password. 0 or 4 = probably blank.
+
+@@ -441,58 +441,61 @@
+ Reset user :01f4:Administrator
+ Reset user :03e9:pnh
+
+-which of course is :RID:username
++which of course is in the format :RID:username
+
+
+ Explanation on this:
+ -r -f -> Reset password of admin user with lowest RID
+ not counting built-in admin (0x1f4) unless it is the only admin
+
+-All windows from NT3.1 up has a system created administrator account
++All Windows systems, from version NT3.1 up, include a predefined administrator account
+ with RID (user ID) 0x1f4 (500 decimal)
+
+-Before Windows XP the installer asked for a password for this account,
+-and then it was used to login first after installation.
+-(Built-in guest account was also created by the installer, but it has
++Before Windows XP, the installer asked for a password for this account,
++and then it was used to login right after installation.
++(The built-in 'Guest' account was also created by the installer, but it has
+ always been disabled by default)
+
+-On Windows XP and newer systems, the installer also creates this
+-account, but locks it down, it generally cannot be logged in. It is
+-also not shown on the welcome screen (unless all other users are
++On Windows XP and newer Windows systems, the installer also creates this
++account, but it is locked down. It cannot be used to log in. It is
++also not shown on the 'Welcome' screen (unless all other users are
+ deleted or disabled)
+-The installer instead asks for a user to create during install. That
++
++Instead, the installer asks for a new user to create during the installation. That
+ user is a normal non-hardwired user (RID > 0x3e8, 1000 decimal),
+-and it is added to the built-in administrators group (group # 0x220).
++and it is added to the built-in Administrators' group (group # 0x220).
+
+-It is users in the built-in group 0x220 that generally has full
++The users in the built-in group 0x220 ('Administrators') generally have full
+ administrator rights to the machine.
+
+-(XP installer can create several users, but only first gets group
++(Note: XP installer can create several users, but only the first user gets group
+ 0x220)
+
+-More users can of course be added from the control panel, and they can
+-be put into the 0x220 group if neccessary. From the "simplified"
+-control panel dialog this is what happens if user is selected to be able to
+-have full (or admin) access to the machine. If user is set to "normal"
+-or something like that, it is not in the 0x220 group.
++More users can of course be added from the Control Panel, and they can
++be added to the 0x220 group if neccessary. From the "simplified"
++Control Panel dialog this is what happens if a user is selected and is configured to
++have full (or admin) access to the machine. If a user is set to "normal"
++or something like that, it will not be included in the 0x220 group.
+
+ From the "Users and Groups" part of the administrative tools (not
+-available on some home versions of windows) the group assignments and
++available on some Windows Home versions) the group assignments and
+ other user info can be changed in more detail of course.
++
+ From there, users in a domain (if machine is in domain) can also be
+-added to the local 0x220 group, the domain user full access to that
+-local machine even if the user is nothing special in the domain.
++added to the local 0x220 group. A domain user will have full access to that
++local machine even if the user is not included in any Domain Administrators'
++group.
+
+ Anyway..
+-On XP and newer, it is therefore not the hardwired 0x1f4 account that is
+-used for admim. On home machines it is most often the first regular one (since
+-most people do not change any user stuff after the installer) or it
+-could be any other user in the list.
++On XP and newer Windows version, the hardwired 0x1f4 account is not used
++for administrative purposes. On home machines it is most often the first
++regular user (since most people do not change any user stuff after the
++installation) or it could be any other user in the list.
+
+-So this reset function picks the first it finds over 0x3e8 (1000)
++So this reset function picks the first user it finds over 0x3e8 (1000)
+ that is also in the 0x220 group. It will most likely work for 98% of
+-home user machines :) Unless there are no users in the 0x220 group,
+-then it picks the 0x1f4 hard-wired user (since it may be Windows
++home user machines :) If there are no users in the 0x220 group,
++then it will pick the 0x1f4 hard-wired user (since the system may be Windows
+ 2000??????).
+
+ This may of course be wrong if someone managed to remove all accounts
+@@ -502,7 +505,7 @@
+
+ Explanation on -a -r:
+
+-The -r -a option will reset all users in the 0x220 group. Also user
++The -r -a option will reset all users in the 0x220 group. This includes user
+ 0x1f4, which maybe is bad.. will consider changing this...
+
+
+--- a/README.txt
++++ b/README.txt
+@@ -7,17 +7,17 @@
+
+ "ntreg" (the registry library) and
+ "libsam" (SAM manipulation library, user, groups etc)
+-is licensed under the GNU Lesser Public License. See LGPL.txt.
++are licensed under the GNU Lesser Public License. See LGPL.txt.
+
+ "chntpw" (the password reset / registry editor frontend)
+ "reged" (registry editor, export and import tool)
+ "sampasswd" (password reset command line program)
+ "samusrgrp" (user and group command line program)
+-is licensed under the GNU General Public License, see GPL.txt.
++are licensed under the GNU General Public License, see GPL.txt.
+
+
+-For manual to the different commands, see MANUAL.txt
+-Also, all have some help built in, just use the -h option.
++For a manual of the different commands, plese see MANUAL.txt
++Also, all programs have some built-in help, just use the -h option.
+
+ See INSTALL.txt for compile instructions.
+
+@@ -29,16 +29,23 @@
+
+ At that site there's a floppy and a bootable CD that use chntpw to
+ access the NT/2k/XP/Vista/Win7/Win8 system it is booted on to edit password etc.
+-The instructions below are for the standalone program itself, not the floppy.
++The instructions below are for the standalone program itself, not for the floppy.
+
+ What does chntpw do?
+ --------------------
+
+ This little program will enable you to view some information and
+-change user passwords, change user/group memberships
+-in a Windows (NT/XP/Vista/win7/win8) etc SAM userdatabase file.
+-You do not need to know the old passwords.
+-However, you need to get at the registry files some way or another yourself.
++change user's passwords, change user/group's memberships
++in a Windows (NT, XP, Vista, Win7, Win8, etc.) SAM userdatabase file.
++You do not need to know the previous passwords.
++However, you need to access at the registry files some way or another yourself.
++
++For example, you can run this utility from a Live CD in a Windows computer
++and, after booting, mount the NTFS filesystem. Or remove the hard drive
++from the system and install it (e.g. using a USB hard-disk case) in a
++Linux system where you have this tool installed.
++
++
+ In addition it contains a simple registry editor with full write support,
+ and hex-editor which enables you to
+ fiddle around with bits&bytes in the file as you wish yourself.
+@@ -46,9 +53,9 @@
+ Also have registry import or export
+ -----------------------------------
+
+-"reged" is a program that can do import and export of .reg files into
+-the registry hive (binary) files. Also has an editor, but still
+-rudimentary text based command line type thing.
++"reged" is a program that can import and export .reg files into
++the registry hive (binary) files. It also has an editor, but it is still
++a rudimentary text based command-line type of thing.
+
+ And by popular request
+ Even have programs that can be used in scripts!
+@@ -65,41 +72,42 @@
+
+ I often forget passwords. Especially on test installations (that
+ I just _must_ have some stuff out of half a year later..)
+-On most unix-based boxes you just boot the thingy off some kind
++On most Unix-based boxes you just boot the thingy off some kind
+ of rescue bootmedia (cd/floppy etc), and simply edit the
+ password file.
+ On Windows however, as far as I know, there is no way except reinstalling
+ the userdatabase, losing all users except admin.
+ (ok, some companies let you pay lotsa $$$$$ for some rescue service..)
+ (ok, from Windows Vista or something you can make a password reset
+-file, but you have to remember to do that BEFORE you forget your password...)
++CD or USB, but you have to remember to do that BEFORE you forget your password...)
+
+ How?
+ ----
+
+-Currently, this thing only runs under linux, but it may just happen
++Currently, this thing only runs under Linux, but it may just happen
+ to compile on other platforms, too.
+
+-So, to set a new adminpassword on your Windows installation you either:
++So, to set a new administrator's password on your Windows installation you either:
+
+-1) Take the harddrive and mount it on a linux-box
++1) Take the harddrive and mount it on a Linux box
+
+ or
+
+-2) Boot a "live" linux CD with full GUI (many available: Ubuntu,
++2) Boot a "live" Linux CD with full GUI (there are many available: Ubuntu,
+ Knoppix and more. Search for them)
+
+-In both those cases, use the "chntpw.static" program found in the
++In both those cases, you can use the "chntpw.static" program found in the
+ "static" zip file on my website.
++
+ or
+
+-3) Use my linux boot CD (or USB) at: http://pogostick.net/~pnh/ntpasswd/
++3) Use my Linux boot CD (or USB) avialable at: http://pogostick.net/~pnh/ntpasswd/
+
+ Usage:
+ ------
+
+-For manual to the different commands, see MANUAL.txt
+-Also, all have some help built in, just use the -h option.
++You will find a manual to the different commands in the MANUAL.txt file.
++Also, all programs have some help built in, just use the -h option.
+
+ Some old tech babble on how the password is stored
+ --------------------------------------------------
+@@ -108,21 +116,21 @@
+
+ A struct, called the V value of a key in the NT registry
+ was suddenly somewhat documented through the pwdump utility
+-included in the unix Samba distribution.
++included in the Unix Samba distribution.
+ This struct contains some info on a user of the NT machine,
+ along with 2 crypted versions of the password associated
+ with the account.
+
+ One password is the NT console login password,
+-the other the LANMAN network share password
++the other is the LANMAN network share password
+ (which essentially is the first one in uppercase only,
+- and no unicode)
++ and no Unicode)
+
+ This is how NT encrypts the passwords:
+
+ The logon cleartext password a user enters is:
+-1) Converted to unicode
+-2) A MD4 hash is made out of the unicode string
++1) Converted to Unicode
++2) A MD4 hash is made out of the Unicode string
+ 3) Then the hash is crypted with DES, using the RID (lower
+ part of the SID, userid) as the crypt key.
+ This is the so called "obfuscation" step, so
+@@ -134,7 +142,7 @@
+ 1) Uppercased (and illegal characters probably removed)
+ 14 bytes max, if less the remaining bytes are zeroed.
+ 2) A known (constant) string is DES-encrypted
+- using 7 first characters of the password as the key.
++ using the 7 first characters of the password as the key.
+ Another constant is encrypted using the last 7 chars
+ as the key.
+ The result of these two crypts are simply appended,
+@@ -142,13 +150,13 @@
+ 3) The same obfuscation DES stage as 3 above.
+ 4) 16 bytes result put into the V struct.
+
+-Since the number of possible combinations in the lanman
++Since the number of possible combinations in the LANMAN
+ password is relatively low compared to the other one,
+ and it's easy to see if it's shorter than 8 chars or not
+ it's used first in brute-force-crackers.
+
+-This program, however, don't care at all what the old
+-one is, it just overwrites it with the new one.
++This program, however, does not care at all what the old
++passowrd is, it just overwrites it with the new one.
+
+ Ok. So, how do we find and identify the V struct?
+ Yeah.. that was the hard part.. The files structure
+@@ -204,4 +212,4 @@
+ 0x0035a8 80 REG_BINARY <F>
+ 0x003228 508 REG_BINARY <V>
+
+-For more techincal info, look it up in the source code.
++For more technical info, look it up in the source code.
--- chntpw-1.0.orig/debian/patches/series
+++ chntpw-1.0/debian/patches/series
@@ -0,0 +1,11 @@
+01_port_to_gcrypt.patch
+#02_upstream_documents
+#03_keyname-overflow
+04_get_abs_path
+#05_control_empty_values
+06_correct_test_open_syscall
+07_detect_failure_to_write_key
+08_no_deref_null
+09_improve_robustness
+10_remove_static
+11_improve_documentation
--- chntpw-1.0.orig/debian/reged.8
+++ chntpw-1.0/debian/reged.8
@@ -0,0 +1,120 @@
+.\" Hey, EMACS: -*- nroff -*-
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH REGED 8 "6th August 2014"
+.\" Please adjust this date whenever revising the manpage.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh disable hyphenation
+.\" .hy enable hyphenation
+.\" .ad l left justify
+.\" .ad b justify to both left and right margins
+.\" .nf disable filling
+.\" .fi enable filling
+.\" .br insert line break
+.\" .sp <n> insert n+1 empty lines
+.\" for manpage-specific macros, see man(7)
+.SH NAME
+reged \- utility to export/import and edit a Windows registry hives
+.SH SYNOPSIS
+.B reged
+.RI [ options ]
+.RI -x <registryhivefile> <prefixstring> <key> <output.reg>
+
+.B reged
+.RI [ options ]
+.RI -I <registryhivefile> <prefixstring> <input.reg>
+
+.B reged
+.RI [ options ]
+.RI -e <registryhivefile>
+
+
+.br
+.SH DESCRIPTION
+This manual page documents briefly the
+.B reged
+command.
+This manual page was written for the Debian distribution
+because the original program does not have a manual page.
+
+.PP
+.B reged
+is the an interactive command line utility that can be used to
+export, import or edit a Microsoft Windows registry hive.
+
+.SH OPTIONS
+.TP
+.B \-h
+Show summary of options.
+.TP
+.B \-x <registryhivefile> <prefixstring> <key> <output.reg>
+Export parts of a hive file to a text registry (.reg) file.
+Prefixstring indicates the part of the registry hive to dump (for example
+HKEY_LOCAL_MACHINE\\SOFTWARE). The <key> parameter defines the key to dump
+(recursively). You can use \\ or \\\\ to list all the keys in the hive file.
+
+Only one hive file and one .reg file can be defined.
+
+.TP
+.B \-I <registryhivefile> <prefixstring> <input.reg>
+Import the content of the input.reg file into the registry file. The value
+<prefixstring> can be any valid prefix, for example is
+HKEY_LOCAL_MACHINE\\SOFTWARE.
+
+Only one .reg and one hive file supported at the same time
+
+.TP
+.B \-e <registryhive> ...
+Interactive edit one or more registry files.
+
+.TP
+.B \-L
+Log all changed filenames to /tmp/changed. When this option is set the
+program automatically saves the changes in the hive files without prompting the
+user.
+
+Be careful when using the \fB-L\fR option as a root user in a multiuser system.
+The filename is fixed and this can be used by malicious users (dropping a
+symlink with the same name) to overwrite system files.
+
+
+.TP
+.B \-C
+Automatically save all changes. Do not prompt the user.
+
+.TP
+.B \-N
+Do not allocate more information, only allow the editing of existing values with same size.
+
+.TP
+.B \-E
+Do not expand the hive file (safe mode).
+
+.TP
+.B \-t
+Print debug information of allocated blocks.
+
+.TP
+.B \-v
+Print verbose information and debug messages.
+
+.SH KNOWN BUGS
+
+There are many \fBunknown\fR bugs. If you find bugs please report them to the author.
+
+.SH SEE ALSO
+.B chntpwd, samusrgrp, sampasswd
+.br
+You will find more information available on how this program works, in the
+text files
+.IR /usr/share/doc/chntpw/README.txt
+and
+.IR /usr/share/doc/chntpw/MANUAL.txt
+
+.SH AUTHOR
+This program was written by Petter N Hagen.
+
+This manual page was written by Javier Fernandez-Sanguino <jfs@debian.org>,
+for the Debian GNU/Linux system (but may be used by others).
--- chntpw-1.0.orig/debian/rules
+++ chntpw-1.0/debian/rules
@@ -0,0 +1,106 @@
+#!/usr/bin/make -f
+# Sample debian/rules that uses debhelper.
+# GNU copyright 1997 to 1999 by Joey Hess.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+# This is the debhelper compatibility version to use.
+# export DH_COMPAT=5
+
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
+include /usr/share/quilt/quilt.make
+
+CFLAGS = -DUSELIBGCRYPT -Wall
+
+ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
+ CFLAGS += -g
+endif
+ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
+ INSTALL_PROGRAM += -s
+endif
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+ CFLAGS += -O0
+else
+ CFLAGS += -O2
+endif
+
+build: build-arch build-indep
+build-arch: build-stamp
+build-indep: build-stamp
+build-stamp: $(QUILT_STAMPFN)
+ dh_testdir
+ $(MAKE) CFLAGS="$(CFLAGS)"
+ touch build-stamp
+
+clean: unpatch
+ dh_testdir
+ dh_testroot
+ [ ! -f Makefile ] || $(MAKE) clean
+ -rm -f *.gif
+ rm -f build-stamp
+ dh_clean
+
+install: build
+ dh_testdir
+ dh_testroot
+ dh_prep
+ dh_installdirs
+ install -m 755 chntpw $(CURDIR)/debian/chntpw/usr/sbin/
+ install -m 755 reged $(CURDIR)/debian/chntpw/usr/sbin/
+ install -m 755 sampasswd $(CURDIR)/debian/chntpw/usr/sbin/
+ install -m 755 samusrgrp $(CURDIR)/debian/chntpw/usr/sbin/
+
+
+binary-indep: build-indep install
+# We have nothing to do here
+
+binary-arch: build-arch install
+ dh_testdir
+ dh_testroot
+ # Do not install the documentation until available
+ [ ! -f faq.uu ] || for i in *.uu; do uudecode $$i; done
+ [ ! -f faq.html ] || dh_installdocs faq.html bootdisk.html *.gif
+ dh_installdocs
+ dh_installexamples
+ dh_installman debian/chntpw.8 debian/samusrgrp.8 debian/reged.8 debian/sampasswd.8
+ dh_installchangelogs HISTORY.txt
+ dh_link
+ dh_strip
+ dh_compress
+ dh_fixperms
+ dh_installdeb
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+
+UPSTREAM_VER=140201
+UPSTREAM_URL=http://pogostick.net/~pnh/ntpasswd
+UPSTREAM_FILE=chntpw-source-$(UPSTREAM_VER).zip
+PACKNAME=chntpw
+DEBIAN_VER=1.0
+UNPACK_DIR=$(PACKNAME)-$(DEBIAN_VER).orig
+EXTRACT_DIR=/tmp
+
+update-docs:
+ for file in faq.html bootdisk.html syskey.txt regedit.txt ; do \
+ wget -q -O $$file $(UPSTREAM_URL)/$$file; \
+ done
+
+get-orig-source:
+ wget -O $(UPSTREAM_FILE) $(UPSTREAM_URL)/$(UPSTREAM_FILE)
+ -rm -rf chntpw-$(UPSTREAM_VER) $(UNPACK_DIR)
+ unzip $(UPSTREAM_FILE)
+ mv chntpw-$(UPSTREAM_VER) $(UNPACK_DIR)
+ # Some binary files are statically linked with OpenSSL, therefore not distributable
+ # Upstream has been notified, no response yet
+ rm -f $(UNPACK_DIR)/*.static
+ tar zcf $(PACKNAME)_$(DEBIAN_VER).orig.tar.gz $(UNPACK_DIR)
+ rm -rf $(UNPACK_DIR) $(UPSTREAM_FILE)
+
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install configure
--- chntpw-1.0.orig/debian/sampasswd.8
+++ chntpw-1.0/debian/sampasswd.8
@@ -0,0 +1,120 @@
+.\" Hey, EMACS: -*- nroff -*-
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH SAMPASSWD 8 "6th August 2014"
+.\" Please adjust this date whenever revising the manpage.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh disable hyphenation
+.\" .hy enable hyphenation
+.\" .ad l left justify
+.\" .ad b justify to both left and right margins
+.\" .nf disable filling
+.\" .fi enable filling
+.\" .br insert line break
+.\" .sp <n> insert n+1 empty lines
+.\" for manpage-specific macros, see man(7)
+.SH NAME
+sampasswd \- reset passwords of users in the SAM user database
+.SH SYNOPSIS
+.B sampasswd
+.RI [ options ]
+.RI -u user
+.RI < samfile >
+.br
+.SH DESCRIPTION
+This manual page documents briefly the
+.B sampasswd
+command.
+This manual page was written for the Debian distribution
+because the original program does not have a manual page.
+
+.PP
+.B sampasswd
+is a non-interactive command line utility that can reset a user's
+password and/or the user's account bits from the SAM user database file of a
+Microsoft Windows system (Windows NT, 2000, XP, Vista, 7, 8.1, etc.).
+This file is usually located at
+\\WINDOWS\\system32\\config\\SAM on the file system of a Microsoft Windows
+Operating System
+
+On success, the program does not output any informatin and the exit code is 0.
+
+.SH OPTIONS
+.TP
+.B \-h
+Show summary of options.
+.TP
+.B \-r
+Reset the user's password.
+.TP
+.B \-a
+Reset all the users. If this option is used there is no need to specify the next option.
+.TP
+.B \-u <user>
+User to change. The user value can be provided as a username, or a RID number in
+hexadecimal (if the username is preceded with '0x'). Usernames including
+international characters will probably not work.
+.TP
+.B \-l
+Lists the users in the SAM database.
+.TP
+.B \-H
+Output human readable output. The program by default will print a parsable table unless
+this option is used.
+.TP
+.B \-N
+Do not allocate more information, only allow the editing of existing values with same size.
+.TP
+.B \-E
+Do not expand the hive file (safe mode).
+.TP
+.B \-t
+Print debug information of allocated blocks.
+.TP
+.B \-v
+Print verbose information and debug messages.
+
+.SH EXAMPLES
+.TP
+.B sampasswd -r -u theboss
+Reset the password of a user named 'theboss', if found.
+
+.TP
+.B sampasswd -r -u 0x3ea
+Reset the password of the user with RID '0x3a'.
+
+.TP
+.B samusrgrp -r -a
+Reset the password of all the users in the Administrator's group (0x220)
+
+.TP
+.B samusrgrp -r -f
+Reset the password of the administrative users with the lowest RID number.
+This does not include the built-in administrator (0x1f4) unless no other
+administrative user can be found in the database file.
+
+
+.SH KNOWN BUGS
+
+If the username includes international (non-ASCII) characters the program
+will not (usually) find it. Use the RID number instead.
+
+.SH SEE ALSO
+.B chntpwd, reged, samusrgrp
+.br
+You will find more information available on how this program works, in the
+text files
+.IR /usr/share/doc/chntpw/README.txt
+and
+.IR /usr/share/doc/chntpw/MANUAL.txt
+
+More documentation is available at the upstream's author site:
+.BR http://pogostick.net/~pnh/ntpasswd/
+
+.SH AUTHOR
+This program was written by Petter N Hagen.
+
+This manual page was written by Javier Fernandez-Sanguino <jfs@debian.org>,
+for the Debian GNU/Linux system (but may be used by others).
--- chntpw-1.0.orig/debian/samusrgrp.8
+++ chntpw-1.0/debian/samusrgrp.8
@@ -0,0 +1,130 @@
+.\" Hey, EMACS: -*- nroff -*-
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH SAMUSRGRP 8 "6th August 2014"
+.\" Please adjust this date whenever revising the manpage.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh disable hyphenation
+.\" .hy enable hyphenation
+.\" .ad l left justify
+.\" .ad b justify to both left and right margins
+.\" .nf disable filling
+.\" .fi enable filling
+.\" .br insert line break
+.\" .sp <n> insert n+1 empty lines
+.\" for manpage-specific macros, see man(7)
+.SH NAME
+samusrgrp \- add or remove users from groups in SAM database files
+.SH SYNOPSIS
+.B samusrgrp
+.RI [ options ]
+.RI < samfile >
+.br
+.SH DESCRIPTION
+This manual page documents briefly the
+.B samusrgrp
+command.
+This manual page was written for the Debian distribution
+because the original program does not have a manual page.
+.PP
+.B samusrgrp
+is a non-interactive command line utility that can add or remove
+a user from a local group that exists in the SAM user database of a
+Microsoft Windows system (Windows NT, 2000, XP, Vista, 7, 8.1, etc.).
+This file is usually located at
+\\WINDOWS\\system32\\config\\SAM on the file system of a Microsoft Windows
+Operating System
+
+On success, the program does not output any informatin and the exit code is 0.
+
+The binary program supports multiple names. If it is called named
+.B samusrtogrp
+it will assume \fB-a\fR mode (add user). If it is called named
+.B samusrfromgrp
+it will assume \fB-r\fR mode (remove user).
+
+.SH OPTIONS
+.TP
+.B \-h
+Show summary of options.
+.TP
+.B \-a
+The user is added to the group. This option has to be followed
+by \-u and \-g .
+.TP
+.B \-r
+The user is removed from the group. This option has to be followed
+by \-u and \-g .
+.TP
+.B \-u <user>
+User to change. The user value can be provided as a username, or a RID number in
+hexadecimal (if the username is preceded with '0x'). Usernames including
+international characters will probably not work.
+.TP
+.B \-g <group>
+Group to change. The group can only be given as a group number, in hexadecimal, preceded with
+with '0x'.
+.TP
+.B \-l
+Lists the groups in the SAM database.
+.TP
+.B \-L
+Lists the groups in the SAM database as well as their members.
+.TP
+.B \-s
+Print the machine SID.
+.TP
+.B \-H
+Output human readable output. The program by default will print a parsable table unless
+this option is used.
+.TP
+.B \-N
+Do not allocate more information, only allow the editing of existing values
+with same size.
+.TP
+.B \-E
+Do not expand the hive file (safe mode).
+.TP
+.B \-t
+Print debug information of allocated blocks.
+.TP
+.B \-v
+Print verbose information and debug messages.
+
+.SH EXAMPLES
+.TP
+.B samusrgrp -a -u theboss -g 0x220 SAMFILE
+Adds a user named 'theboss' to the group 0x220 (Administrators)
+
+.TP
+.B samusrgrp -a -u 0x3ea -g 0x221 SAMFILE
+Adds a user with the id '0x3aa' to the group 0x221 (Users)
+
+.TP
+.B samusrgrp -r -u 0x3ff -g 0x221 SAMFILE
+Remove a user with the id '0x3ff' from the group 0x221 (Users)
+
+.SH KNOWN BUGS
+
+If the username includes international (non-ASCII) characters the program
+will not (usually) find it. Use the RID number instead.
+
+.SH SEE ALSO
+.B chntpwd, reged, sampasswd
+.br
+You will find more information available on how this program works, in the
+text files
+.IR /usr/share/doc/chntpw/README.txt
+and
+.IR /usr/share/doc/chntpw/MANUAL.txt
+
+More documentation is available at the upstream's author site:
+.BR http://pogostick.net/~pnh/ntpasswd/
+
+.SH AUTHOR
+This program was written by Petter N Hagen.
+
+This manual page was written by Javier Fernandez-Sanguino <jfs@debian.org>,
+for the Debian GNU/Linux system (but may be used by others).
--- chntpw-1.0.orig/debian/watch
+++ chntpw-1.0/debian/watch
@@ -0,0 +1,3 @@
+version=3
+http://pogostick.net/~pnh/ntpasswd/editor.html \
+ chntpw-source-(.*)\.zip
