The Registry Torn Apart --- ____________________________________________________________________________
The registry is a hierarchical database that contains virtually all information about your computer's configuration. Under previous version of Windows, those setting where contained in files like config.sys, autoexec.bat, win.ini, system.ini, control.ini and so on. From this you can understand how important the registry is. The structure of the registry is similar to the ini files structure, but it goes beyond the concept of ini files because it offers a hierarchical structure, similar to the folders and files on hard disk. In fact the procedure to get to the elements of the registry is similar to the way to get to folders and files. In this section I would be examing the Win95\98 registry only although NT is quite similar.
The Registry EditorThe Registry Editor is a utility by the filename regedit.exe that allows you to see, search, modify and save the registry database of Windows. The Registry Editor doesn't validate the values you are writing: it allows any operation. So you have to pay close attention, because no error message will be shown if you make a wrong operation. To launch the Registry Editor simply run RegEdit.exe ( under WinNT run RegEdt32.exe with administer privileges). The registry editor is divided into two sectios in the left one there is a hierarchical structure of the database (the screen looks like Windows Explorer) in the right one there are the values. The registry is organized into keys and subkeys. Each key contains a value entry , each one has a name, a type or a class and the value itself. The name is a string that identifies the value to the key. The length and the format of the value is dependent on the data type.
As you can see with the Registry Editor, the registry is divided into five principal keys: there is no way to add or delete keys at this level. Only two of these keys are effectively saved on hard disk: HKEY_LOCAL_MACHINE and HKEY_USERS. The others are jusr branches of the main keys or are dynamically created by Windows.
HKEY_LOCAL_MACHINE This key contains any hardware, applications and services information. Several hardware information is updated automatically while the computer is booting. The data stored in this key is shared with any user. This handle has many subkeys:
Config Contains configuration data for different hardware configurations. Enum This is the device data. For each device in your computer, you can find information such as the device type, the hardware manufacturer, device drivers and the configuration. Hardware This key contains a list of serial ports, processors and floating point processors.Network Contains network information. Security Shows you network security information. Software This key contains data about installed software.System It contains data that checks which device drivers are used by Windows and how they are configured.
HKEY_CLASSES_ROOT This key is an alias of the branch HKEY_LOCAL_MACHINE\Software\Classes and contains OLE, drag'n'drop, shortcut and file association information.
HKEY_CURRENT_CONFIG This key is also an alias. It contains a copy of the branch HKEY_LOCAL_MACHINE\Config, with the current computer configuration.
HKEY_DYN_DATA Some information stored in the registry changes frequently, so Windows maintains part of the registry in memory instead of on the hard disk. For example it stores PnP information and computer performance. This key has two sub keys
Config Manager This key contains all hardware information problem codes, with their status. There is also the sub key HKEY_LOCAL_MACHINE\Enum, but written in a different way. PerfStats It contains performance data about system and network
HKEY_USERS This important key contains the sub key .Default and another key for each user that has access to the computer. If there is just one user, only .Default key exists. . Each sub key maintains the preferences of each user, like the desktop colors, the fonts used, and also the settings of many programs. If you open a user subkey you will find five important subkeys:
AppEvent It contains the path of audio files that Windows plays when some events happen. Control Panel Here are the settings defined in the Control Panel. They used to be stored in win.ini and control.ini. Keyboard Layouts It contains a voice that identify the actual keyboard disposition how it is set into the Control Panel. Network This key stores subkeys that describe current and recent network shortcuts. RemoteAccess The settings of Remote Access are stored here. Software Contains all software settings. This data was stored in win.ini and private .ini files. HKEY_CURRENT_USER It is an alias to current user of HKEY_USERS. If your computer is not configured for multi-users usage, it points to the subkey .Default of HKEY_USERS.
Description of .reg file
Here I am assuming that you already have a .reg file on your hard disk and want to know more about how it is structured.Now do not double click the .reg file or it's content will be added to the registry, of course there will be warning message that pops up. Now to view the properties of the .reg file open it in notepad.To do so first launch notepad by going to Start>Programs>Accessories>Notepad.Then through the open menu open the .reg file.Now the thing that differentiates .reg files from other files is the word REGEDIT4. It is found to be the first word in all .reg files. If this word is not there then the registry editor cannot recognize the file to be a .reg file. Then follows the key declaration which has to be done within square brackets and with the full path.If the key does not exist then it will be created.After the key declaration you will see a list of values that have to be set in the particular key in the registry.The values look like this: "value name"=type:value Value name is in double commas. Type can be absent for string values, dword: for dword values and hex: for binary values and for all other values you have to use the code hex(#): , where # indicate the API code of the type.
Published on Black Sun Research Facility -Important Note: expand string has API code = 2 and extended string has API code = 7.
As you can see, strings are in double quotes, dword is hexadecimal and binary is a sequence of hexadecimal byte pairs, with a comma between each. If you want to add a back slash into a string remember to repeat it two times, so the value "c:\Windows" will be "c:\\Windows". Before write a new .reg file, make sure you do this else you will get an error message.
Command Line Registry Arguments
FILENAME.REG to merge a .reg file with the registry /L:SYSTEM to specify the position of SYSTEM.DAT /R:USER to specify the position of USER.DAT /e FILENAME.REG [KEY] to export the registry to a file. If the key is specified, the whole branch will be exported./c FILENAME.REG to substitute the entire registry with a .reg file /s to work silently, without prompt information or Warnings.
That wraps up the Windows Registry
This entry was posted
on 8:44:00 PM
.
You can leave a response
and follow any responses to this entry through the
Subscribe to:
Post Comments (Atom)
.
Recent Posts
Translate This Page
Join us on orkut
Email Me
Clock
Calendar
Counter
World Map
Bookmarks
Site Meter
Terms & Conditions
This web page, posts in forum and software is provided for educational use only! If you engage in any illegal activity the author does not take any responsibility for it. By using and browsing the contents on this page you agree with terms.
Archives
-
▼
2008
(453)
-
▼
May
(269)
- YouTube For Video Download..
- Microsoft Word trick
- How to Backup Windows XP without S/w
- Worst Windows Feature
- Talk to gtalk friends from yahoo
- Some IP commands.......
- Accelerate access to the programz.
- Top 10 Rapidshare Search Engines
- Make a autorun file for ur CD
- ***MegaUpload ToolBar Hacks***
- serials and cracks 2
- FIX MEMORY LEAK IN FIREFOX
- To add 13 communities in related community
- One more Orkut worm! Orkut hackers are on rampage!
- CONVERT A 512 MB duo/produo/MMC CARD TO 640 MB
- Make ur Windows Genuine using notepad!!!!
- New multi Search Engine
- Google Launches Future Search
- To change from FAT 32 to NTFS file system
- [Book] Greasemonkey Hacks (Hacks)
- Transfer files with remote desktop
- FireFox Making World record
- Access Stored User Names and Passwords with rundll
- More than 1000 friends within a day
- Google Search Tricks
- How to exceed your download limit on Rapidshare
- hidden dos commands
- Find serial numbers for programs easy in Google
- Basic Needs Of Hacking
- Best utorrent Configuration
- Speed Up Starting Of CD/DVD Burning Software
- USE UR NOTEPAD AS DIARY
- Editing The Boot.ini File
- Enable/Disable Your Task Manager
- Hiding User Accounts On Logon Screen In XP
- How to lock Folder? other way
- how to lock folder in your pc
- Nokia Secret Codes2
- Nokia Secret Codes
- tip how to lock folder
- All run shortcuts.....!!!
- Be Invisible!
- New Danger Virus FOunddd
- how to hack my friend pc through yahoo messenger?
- invisible topic??
- name check
- Watch movie in ms dos!!!!!!!
- Some More !!
- DIFFERENT WAYS : A TO Z
- chck hw sexy ur name is...
- Are you a boy or a gal......not a game,chk it out!
- increase your net speed
- to lock a folder in windows!!
- how to remove the ORKUT virus!!!
- remote access!!!
- vat is registry??
- learn hacking!!
- hack windows XP passwrd!!
- all run commands!!
- a sample c code for virus!!
- format your hardisk using notepad!!
- hacking DSL router!!
- DOS hacking
- all DOS commands!!
- shutdown ur friends pc!!
- remote access method!!
- increase ur browsing speed!!
- hack IE!!
- changing title of MEDIA player!!
- hacking PC while chatting!!
- common scrap anyone without any ads!!(orkut)
- remove the shutdown option!!
- how to fix corrupted files of XP!!!
- AUTOMATING the installation of XP!!!
- DOS tricks!!
- SET the SEARCH screen to the classic look!!!
- creating a VIRUS!!
- to convert FAT partition to NTFS!!!
- Hiding Folders in windows - the Hackers way
- Add ur own photo in My Computer properties
- If Run command is disabled
- Monitoring the system
- Disabling Scandisk
- FREE SMS ON MOBILE
- Eliminating the Right Click on the Taskbar
- Eliminating the Right Click on the Desktop
- finding the cracks or serials
- Remove Brontok Virus Urself
- GET AIRTEL LIVE FREE ON UR CELL
- how to clone a hard drive
- make xp origional
- Modify Your CD-ROM to Watch DVD Movies
- REMOVE CMOS USER PASSWORD VIA DOS
- LEARN MAGIC SECRETS !
- SHORTCUT KEYS FOR ORKUT !
- LOGIN WITH MULTIPLE IDS AT SAME TIME IN ORKUT !
- MESSENGER PLUS DOWNLOAD-NEW RELEASE !
- ULTIMATE MIND READER !
- DANGER SPECIAL !
- BEAUTIFUL ROSES FOR BEAUTIFUL PEOPLES !
-
▼
May
(269)
0 comments