(Ebook - Computer) Hacking The Windows Registry
Páginas: 23 (5740 palabras)
Publicado: 15 de julio de 2011
HACKING THE REGISTRY
Click & Retrieve
Source
CODE!
Hacking the
BY KEITH PLEAS
Windows Registry
It’s a jungle out there, but with some guidance, an intrepid developer can unlock the secrets of the Win32 Registry.
ately: some of them are particular to the new Windows shell (first delivered on Windows 95 but currently in beta on Windows NT), some work only with NT (also known as“Microsoft’s real operating system”), and some will work for everybody. So, grab your tools (primarily a copy of RegEdit) and prepare for an exciting round of hacking the registry. The registration database, commonly called the registry, contains a substantial amount of data about the computer and users. It includes computer data such as hardware, the OS, and installed applications, and user USER alsomaps to a subkey). Keys beneath the root are referenced by building a string key by concatenating each node together, separated by backslashes. Each key also contains data stored in values: a key may have no values, a default value, or any number of named values in addition to the default. The data in the values may be in a variety of forms, though text and binary data types are by far the mostcommon. While key names and value names are never localized, text data often is. Using the Windows 95 RegEdit utility shows you a much compacted view of the registry including the root keys, several subkeys, a default (text) value, and a named (binary) value (see Figure 2). Note that Windows NT has a similar but slightly different structure: it omits HKEY_ CURRENT_CONFIG and substitutes a somewhatanalogous HKEY_PERFORMANCE_ DATA for HKEY_DYN_ DATA.
I
f USER, Kernel, and GDI are the heart, brain, and eyes of Windows, the registry would be the memory—both long and short term. OK, maybe this metaphor is a bit weak, but the point should be obvious: the registry is a critical component of a well-functioning system and you’re not going to get very far without it. The registry is lightlydocumented and not well understood. Programming it can be similar to the old neurological technique of zapping part of the cerebral cortex with an electrode and seeing what happens: the patient may remember a baseball game or experience a war-related flashback. In Windows, you may enable a cool new feature or render your system unbootable. But it’s the thrill of the hunt that makes it so exciting.After a brief introduction to get our terminology straight, I’ll skip the fundamentals of the registry—MSDN would be an ideal place to find this information—and leap into advanced aspects. Along the way I’ll note a variety of thing you can take advantage of immediKeith Pleas is an independent developer, author, and trainer. He is the author of the forthcoming book, Visual Basic Tips & Tricks, fromAddison-Wesley. He can be reached on Compu-Serve at 71333,3014 (from the Internet: 71333.3014@compu-serve.com).
22
SPELUNKING THE REGISTRY
information such as their desktop settings and customization preferences. The registry stores data in a hierarchically structured tree. Each node in the tree is called a key. Each key can contain additional keys called subkeys (see Figure 1). Keys arecomposed of printable characters and cannot include backslashes (\) or wildcard characters (* or ?). Several predefined keys, represented with uppercase words separated by underscores, can be accessed using numeric constants. These keys are always “open,” so it’s not necessary to use the RegOpen... functions on them. It’s important to note that the root key for machine information HKEY_LOCAL_MACHINE(HKEY_CLASSES_ ROOT and HKEY_CURRENT_CONFIG map to subkeys) and the root key for user information is HKEY_USERS (HKEY_CURRENT_ A variety of common components can be found in the registry, especially if they have anything to do with OLE. Here are some examples so you’ll know what you’re looking at when you go spelunking with RegEdit. Creatable OLE classes, provided by OLE servers, must be in the...
Click & Retrieve
Source
CODE!
Hacking the
BY KEITH PLEAS
Windows Registry
It’s a jungle out there, but with some guidance, an intrepid developer can unlock the secrets of the Win32 Registry.
ately: some of them are particular to the new Windows shell (first delivered on Windows 95 but currently in beta on Windows NT), some work only with NT (also known as“Microsoft’s real operating system”), and some will work for everybody. So, grab your tools (primarily a copy of RegEdit) and prepare for an exciting round of hacking the registry. The registration database, commonly called the registry, contains a substantial amount of data about the computer and users. It includes computer data such as hardware, the OS, and installed applications, and user USER alsomaps to a subkey). Keys beneath the root are referenced by building a string key by concatenating each node together, separated by backslashes. Each key also contains data stored in values: a key may have no values, a default value, or any number of named values in addition to the default. The data in the values may be in a variety of forms, though text and binary data types are by far the mostcommon. While key names and value names are never localized, text data often is. Using the Windows 95 RegEdit utility shows you a much compacted view of the registry including the root keys, several subkeys, a default (text) value, and a named (binary) value (see Figure 2). Note that Windows NT has a similar but slightly different structure: it omits HKEY_ CURRENT_CONFIG and substitutes a somewhatanalogous HKEY_PERFORMANCE_ DATA for HKEY_DYN_ DATA.
I
f USER, Kernel, and GDI are the heart, brain, and eyes of Windows, the registry would be the memory—both long and short term. OK, maybe this metaphor is a bit weak, but the point should be obvious: the registry is a critical component of a well-functioning system and you’re not going to get very far without it. The registry is lightlydocumented and not well understood. Programming it can be similar to the old neurological technique of zapping part of the cerebral cortex with an electrode and seeing what happens: the patient may remember a baseball game or experience a war-related flashback. In Windows, you may enable a cool new feature or render your system unbootable. But it’s the thrill of the hunt that makes it so exciting.After a brief introduction to get our terminology straight, I’ll skip the fundamentals of the registry—MSDN would be an ideal place to find this information—and leap into advanced aspects. Along the way I’ll note a variety of thing you can take advantage of immediKeith Pleas is an independent developer, author, and trainer. He is the author of the forthcoming book, Visual Basic Tips & Tricks, fromAddison-Wesley. He can be reached on Compu-Serve at 71333,3014 (from the Internet: 71333.3014@compu-serve.com).
22
SPELUNKING THE REGISTRY
information such as their desktop settings and customization preferences. The registry stores data in a hierarchically structured tree. Each node in the tree is called a key. Each key can contain additional keys called subkeys (see Figure 1). Keys arecomposed of printable characters and cannot include backslashes (\) or wildcard characters (* or ?). Several predefined keys, represented with uppercase words separated by underscores, can be accessed using numeric constants. These keys are always “open,” so it’s not necessary to use the RegOpen... functions on them. It’s important to note that the root key for machine information HKEY_LOCAL_MACHINE(HKEY_CLASSES_ ROOT and HKEY_CURRENT_CONFIG map to subkeys) and the root key for user information is HKEY_USERS (HKEY_CURRENT_ A variety of common components can be found in the registry, especially if they have anything to do with OLE. Here are some examples so you’ll know what you’re looking at when you go spelunking with RegEdit. Creatable OLE classes, provided by OLE servers, must be in the...
Leer documento completo
Regístrate para leer el documento completo.