[home] [<-back] [index] [next->]
____________________________________________________________________
[ 10:. - [ hax0ring your registry ] [monkey zee] :. ]
[monkey_zee@hotmail.com] :. ]
____________________________________________________________________
#Include /*If you can't make backups you can't edit the
Registry*/
Introduction
This guide is intended to give you enough information to become sufficiently
interested in Registry editing and also enough so you can actually do what
you want - it is suggested however that you do further reading and also if you
really want total control over your Operating System (OS) you really want an
Open Source OS (Micro$oft don't currently do this) that way if you want to
alter something you can do it at the source. If you had already written your
own OS at the age of 6 this guide is not for you (unless you want to see how
stupid people live).
This guide is written with the Windows 98 Registry in mind, much of it
Applies to NT, ME AND 2000 though. None applies to the 3.1 Registry which is has a
completely different structure and use. I have used the default directories
etc. where possible, if your Windows is not installed in C:Windows then
change the instructions accordingly.
Finally I must agree that a lot of Registry editing is pointless if you can
find a key in The Registry which alters some trait of a program then chances
are you'll also find the option within one of the program's menus, but this
is not always the case once when I was trying to play a music CD the program
skipped to the next track after playing 20 seconds of each track, finally I
found a key called "Preview" in the section with all my CD player's option
it had a value of "1" which I changed to "0" and after that it was all OK, I
have subsequently looked for a way to have manually done this but I can't find
one (although I'm now a little curious to find out how it got turned on in the
1st place).
Just be safe in the knowledge that the worst that can happen is that you
Will need to reinstall Windows.
Sections:
-----------------------------------------------------------------------
I. How to make sure that whatever you do in The Registry can be fixed
-----------------------------------------------------------------------
II. How to use RegEdit.exe
-----------------------------------------------------------------------
III. Explanation of how programs use The Registry
-----------------------------------------------------------------------
IV. M$Internet Explorer title hack
-----------------------------------------------------------------------
V. Example Registry edits
-----------------------------------------------------------------------
VI. How to create your own Registry edits
-----------------------------------------------------------------------
VII. Suggested further reading
-----------------------------------------------------------------------
^-Sections
=======================================================================
=======================================================================
=======================================================================
I. How to make sure that whatever you do in The Registry can be fixed:
=======================================================================
=========================================
The best way of backing up your Registry:
-----------------------------------------
Save "user.dat" and "system.dat" in the Windows directory under different
names (I suggest "user.zee" and "system.zee" that way if you forget what
they are called you can always refer back to this text). DON'T FORGET - make a
backup each time you alter The Registry since each time you install a piece
of hardware or software The Registry is changed (in fact some programs store
values in The Registry about the position of its window on the screen so it
is the same size next time you start the program). Also, as a rule, it is best
to only change one thing at a time (when possible).This means that if something
goes wrong you can identify what it is more easily - if you've changed 7
things in 40 minutes it's really annoying to have to go back to the previous
settings and have to do it again. (Yes this is something I've learnt from
experience)
=======================
How to use the backups:
-----------------------
1.If Windows loads but you have an undesired effect then you can open
Windows Explorer and rename your backups to "user.dat" and "system.dat"
(you may need to change "folder settings" in Windows Explorer so you can see
all file types) then reboot.
2.If on the other hand Windows cannot start and the system hangs then reboot
and after ScanDisk runs you will get a menu asking what you want to do
(because it has been detected that Windows did not successfully load). If
you want you can try running in safe mode but chances are this will not load
either instead choose to stay in DOS. If you've never used DOS before this
can be quite scary. In DOS you will most likely be presented with a black
screen with white letters "C:>" (there are ways of changing this) if you
called the files "user.zee" and "system.zee" then type each of these lines
followed by the enter key
attrib C:Windowsuser.dat -r
attrib C:Windowssystem.dat -r /*strips files of "readonly"ness
*/
ren C:Windowsuser.zee C:Windowsuser.dat /*renames*/
ren C:Windowssystem.zee C:Windowssystem.dat
(Alternatively you could make a batch file and do it all in one go, to do
this just copy/paste the relevant lines and save the file as Zee.bat then
all you need to do from DOS is type Zee to run it. Don't include the bits
between the /*s, it won't work if you do.)
3.If you can do neither of these two things (e.g. your backup is corrupted)
then reboot the computer when you see "Starting Windows {whatever your
Windows is}", push the "F8" key a menu should come up Choose "Safe mode command
Prompt only" from the menu. You will be presented with a black screen with white
letters "C:>". Change to your Windows directory (type cdWindows) and type
"RegEdit /e savereg.reg" It will say "exporting file". eventually it will
stop with an error message. After this, type "attrib system.dat -r -s -h". Then
type "ren system.dat system.old". Finally type "RegEdit /c savereg.reg".
These commands will pull only the undamaged sections from your old Registry and
Make a new one based on these. If it fails, reinstall Windows. If it works, some
Of your programs may no longer function, they will need to be reinstalled.
If none of this appeals to you (I.E. - you are scared of DOS) then don't
Even bother reading the rest of this file, editing The Registry is pretty stupid
without backups (unless if you are completely sure what you're doing is
right). If you don't have the technical ability to backup your Registry you
WILL screw up Windows big time so just don't bother. Quite simply editing
without having a backup is plain stupid so BACKUP!
^-Sections
=======================================================================
=======================================================================
=======================================================================
II. How to use RegEdit.exe
=======================================================================
To start The Registry editor (RegEdit) type RegEdit.exe in the run box or
Open Windows Explorer and type C:WindowsRegEdit.exe in the address bar then
press enter (whilst you've got Explorer open you may want to drag the icon onto
The Windows pop-up start menu or desktop and create yourself a shortcut for
Future use) It's got a lovely icon (a friend of mine likes it so much he made a
model one out of sugar cubes). You should be presented with a vaguely familiar
interface, it looks a lot like Windows Explorer. Everyone I speak to says
you should never even acknowledge The Registry exists - doing so will only bring
bad karma to your system, well they don't say that but they do say that one
false move will leave you with a totally broke OS if you're lucky and a
house razed to the ground if you're not! This is not further from the truth -
click on the + next to [HKEY_CURRENT_USER] then in the left pane right click in an
empty space choose a New entry (any type but I'm choosing DWORD) call it
ScrewUp then edit it so it has a value of 1. Now click the X button at the
top right of RegEdit to close it, note that RegEdit does not ask if you want to
save changes - Micro$oft obviously think that anyone using RegEdit doesn't
deserve the user friendliness they put in their other programs (e.g. Word
"Are you SURE you're sure ?")Now shutdown your computer - restart it and note
that nothing happened even though you've altered The Registry, if any of
your friends told you using RegEdit was dangerous now is the time to phone them
and tell them they are stupid.
OK you've lost all your friends but at least you've got more time to
Registry
edit now, so fire up RegEdit again. First we'll get rid off that stupid
entry
we just made, so click on the plus next to [HKEY_CURRENT_USER] again and
highlight ScrewUp (click on it once) then press delete (on your keyboard) to
delete it.
As you've already seen to create a new value right click in an empty space
and choose New then new options will appear choose one of the lower three ,
have a go at all the stuff but don't edit any of the entries already there.
Here is your first useful Registry edit and a chance for you to try out your
skills (only in deleting though - more advanced stuff in later sections I
promise)
---------------------------------------------------------------------------
Lesson One: Edit the uninstall list:
Sometimes programs don't remove all traces of themselves when you uninstall
them or you can't uninstall them properly because a file has become corrupt
or whatever. This is really annoying and untidy and editing The Registry is the
only way to take them out of the Add/Remove programs list (without buying
some expensive program that just automates the process anyways).
1.Again open RegEdit from "Run" by typing "RegEdit.exe" in the box.
2.Click on "HKEY_LOCAL_MACHINES"
3.Now click on "Software" then "Microsoft", "Current Version" and finally
"Uninstall"
4.Each entry in the right window corresponds to an application
5.Highlight the entries you no longer need and press delete (on your
keyboard)
As you can see it's actually not that difficult and when you've got a backup
there's absolutely nothing to worry about.
------------------------Here endeth the lesson-----------------------------
^-Sections
=======================================================================
=======================================================================
=======================================================================
III. Explanation of how programs use The Registry
=======================================================================
Programs look to The Registry for all sorts of things. Most of the
Preferences that you choose in programs (look in
HKEY_CURRENT_USERControlPaneldesktop
to see what kind of stuff is stored) are stored in The Registry. These Registry
keys are usually created when the program is installed. It is used as an
alternative to .INI files which were used in previous versions of Windows
(although kept for backward compatibility). Basically it is just a way of
storing values of importance, such as whether options are turned on or off,
so they can be retrieved later especially on subsequent runnings of the
program (I.E. possibly after the computer has been re-booted and any
settings stored in memory would be lost)
It is quite simple to write programs in Visual BASIC (VB) which alter/
Lookup values in The Registry. A short example of how this can be done is included
below, remember that many programs designed for use in Windows are developed
using VB (hence similar appearances - menus, maximise/minimise/X buttons
etc.)
a commercial program would be a compiled version so even if you use a hex
editor the .executable would look nothing like this :
------------------------------RegUse.VB-------------------------------------
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.RegWrite ("HKCUMyNewKey", 1 ,"REG_DWORD")
WshShell.RegWrite ("HKCUMyNewKeyMyValue", "Hello world!")
WScript.Echo WshShell.RegRead("HKCUMyNewKeyMyValue")
WScript.Echo WshShell.RegRead("HKCUMyNewKey")
WshShell.RegDelete "HKCUMyNewKeyMyValue"
WshShell.RegDelete "HKCUMyNewKey"
----------------------Here endeth the VB script---------------------------
NOTES: HKCU is an abbreviation of HKEY_CURRENT_USERS, the first line loads
the WshShell object since it is not called automatically upon script
execution (probably to save memory).
Here are the VB processes (and their general syntax) that I have so far come
across, they are all used in the above example:
To delete a portion of The Registry use RegDelete
Syntax: WshShell.RegDelete strName
To read a portion of The Registry use RegRead
Syntax: WshShell.RegRead(strName)
To write a new entry into The Registry use RegWrite
Syntax: WshShell.RegWrite strName, varValue [,strType]
However Micro$oft applications aren't the only languages around that can use
The Registry. This Perl Script can extract data from the HKEY_LOCAL_MACHINE
key, it could then be operated on and added back into The Registry but the
below is just an example.
-----------------------------------regedit.pl------------------------------
#! c:perl�inperl.exeuse
Win32::Registry;
$p = "SOFTWAREMicrosoftWindows
CurrentVersion";
$main::HKEY_LOCAL_MACHINE->Open($p, $CurrVer) ||
die "Open: $!
";
$CurrVer->GetValues(%vals);
foreach $k (keys %vals) {
$key = $vals{$k};
print "$$key[0] = $$key[2]
";
}
-------------------------here endeth the Perl Script------------------------
When you create or alter a value in The Registry you alter the information
passed to a program (when you create a value this usually means that there
is a default value stored in the program which it uses if there is no Registry
value) that is why when you created a new entry called ScrewUp it didn't do
anything - however if some Micro$oft programmer had decided to add a routine
that crashes the computer which runs if an entry with the value of 1 is
found then we would have had to revert to backups.
^-Sections
=======================================================================
=======================================================================
=======================================================================
IV. M$Internet Explorer title hack
=======================================================================
This is something many people want to, maybe because it is so easy a lot of
people do it and others see it and want to do it as well (this is the kind
of thing corporate types think makes their company look more professional -
like having the company name/logo spinning round *really* fast as a screensaver).
Chances are you will have seen this, at the top of Micro$oft Internet
Explorer (M$IE). In the title bar there are 2 things, the title of the site
(specified in the HTML, Java etc.) and the words "Microsoft Internet Explorer"
(separated by a hyphen). However if you got your M$IE off an ISP CD it might say
" HTML tags (I actually thought I had the wrong article at
first) and then goes on to say :
"the window title can be customized by Internet content providers (ICPs),
Internet service providers (ISPs), or corporate administrators by using
Microsoft Internet Explorer Administration Kit (IEAK)."
which sounds interesting (but probably quite expensive) I don't think
Micro$oft like you doing this but the article includes some brilliant and
crazy pieces of not very helpful advice such as:
"This section describes how to add or remove a custom Internet Explorer
window title by manually editing The Registry. To do this, use the
appropriate method."
They also don't tell you the whole truth they only tell you about editing
the value in [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain] which
as they admit:
"Customizing the Internet Explorer window title adds "provided by " to the default Internet Explorer window title as follows:
Page title - Microsoft Internet Explorer provided by Custom title"
this isn't strictly lying only withholding information - but it is very
sneaky by telling us about this little hack and not telling us about the other
(which they obviously know about since they coded the damn thing) they imply that
there is no other hack. Now would be a good time to call up Micro$oft and
tell them what you think of them (only if you've registered the software though
!)
This is an example of the program having a default value programmed into it
because if you remove The Registry entry the title reverts back.
^-Sections
=======================================================================
=======================================================================
=======================================================================
V. Example Registry edits
=======================================================================
This is the probably the most fun section. If you are totally lame this will
be the only section you read. If you are cool then this will show you what
the Registry can do and hopefully give you an idea of what you want to do.
-------------------------------------------------------------------------
Change the name of the recycling bin
In RegEdit press "F3" (in the row at the top of the keyboard) or choose
search from the menu and search for "Recycle Bin" there should be 3 occurrences,
you need to change each one to get it to work.
-------------------------------------------------------------------------
Delete a directory which Windows Explorer won't let you delete
Basically search for the name of the directory (by pressing F3) in RegEdit
when you find it you can either delete it or rename it and this will become
the directory the program saves its files to (My Documents is an example of
this - it the default saving directory for Office).
-------------------------------------------------------------------------
Removing Desktop Icons
Go to
HKEY_LOCAL_MACHINESSoftwareMicrosoftWindowsCurrentVersionExplorerDe
sktopNameSpace, the keys in the right Windows have very long names but just
select them to see what they are and delete the ones you don't want.
--------------------------------------------------------------------------
Remove the shortcut arrows
In HKEY_CLASSES_ROOTInkfile there's a value called IsShortcut delete it
then go to HKEY_CLASSES_ROOTPif and do the same.
--------------------------------------------------------------------------
Add new sound effect events
In the key HKEY_CURRENT_USERAppEventsSchemesApps add a new key (right
click on a blank area of the window) called the filename of whatever application
you want the effect to be used with (e.g. Windows explore is
"Explorer.exe").
Then within that key add new keys named with the events you want the sound
effects to be attached to (e.g. "Open" and "Close").
---------------------------------------------------------------------------
Instant start menu access
Go to HKEY_CURENT_USERControlPanelDesktop make a New StringValue (right
click to open menu) named MenuShowDelay and give it a value of 1.
---------------------------------------------------------------------------
Change the name that your PC is registered in
Just double click on RegisteredOwner in
HKEY_LOCAL_MACHINESoftwareMicrosoft
WindowsCurrentVersion and change it to your own details.
---------------------------------------------------------------------------
Get rid of the network neighbourhood icon
Go all the way through to
HKEY_CURRENT_USERSoftwareMicrosodtWindowsCurrent
VesrsionPoliciesExplorer right click in the right window select New
DWORDValue from the popup menu and call it NoNetHood, double click on it to
change its value to 1 - if at some later stage you want it back change the
value to 0 or delete it.
---------------------------------------------------------------------------
DVD-ROM region coding
Chances are you DVD region is set to a specific value but you want to take
advantage of your currencies excellent exchange rate with another country
but they are in different region to you - change the region of your DVD-drive
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion look for
DVD_Region on the right hand side and change its value so you can watch
films that only cost you 3.50 + packing (yay!) - may not work on all drives
---------------------------------------------------------------------------
Change log-on message
Click to HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurentVersionWinlogon
and add two keys "LegalNoticeCaption" (the title of the box) and
"LegalNoticeText" (the text in the box) - the text displayed can be added by
changing their values (double clicking).
^-Sections
=======================================================================
=======================================================================
=======================================================================
VI. How to create your own Registry edits
=======================================================================
Hopefully you have some idea from the above examples of what kind of things
you can do, and you should have performed all the skills you need (e.g.
creating word, changing values, searching etc.) at least once. The hardest
hacks are when you create new strings because you have to guess what they
would be called (since these programs are really high profile they follow
patterns especially the Micro$oft ones). Easier hacks are the ones where you
would have had to revert to backups. When editing existing entries they
always follow these rules, a value of 1 is usually means " true"="" or="" "yes"="" and="" 0="" is="" conversely="" "false"="" "no"="" (this="" comes="" from="" boolean="" values="" in="" many="" programming="" languages)="" -="" however="" it="" possible="" for="" a="" programmer="" to="" screw="" up ="" these="" be="" reversed,="" also="" 1="" are="" any="" numbering="" system="" (binary,="" denary="" ,="" hex="" etc.="" no-one="" has="" as="" yet="" designed="" based="" solely="" on="" zeros).="" if="" you="" wanted="" know="" every="" registry="" entry="" program="" could="" influenced="" by="" would="" need="" see="" the="" source="" code="" (not="" very="" likely)="" so="" just="" stick="" editing="" already="" present="" strings.="" here="" full="" list="" of="" default="" trees="" should="" find="" within="" all="" registries="" types="" they="" contain:="" hkey_classes_root:="" contains="" software="" settings="" about="" drag-and-drop="" operations,="" handles="" shortcut="" information,="" other="" user="" interface="" information.="" there="" subkey="" file="" association="" that="" been="" defined.="" hkey_current_user:="" information="" regarding="" currently="" logged-on="" user.="" appevents:="" assigned="" sounds="" play="" applications="" sound="" events.="" control="" panel:="" panel="" settings,="" similar="" those="" defined="" system.ini,="" ="" ="" win.ini="" control.ini="" windows="" 3.xx.="" installlocationsmru:="" paths="" startup="" folder="" programs.="" keyboard="" layout:="" specifies="" current="" layout.="" network:="" network="" connection="" remoteaccess:="" log-on="" location="" using="" dial-up="" networking.="" software:="" configuration="" hkey_local_machine:="" hardware="" generic="" users="" this="" particular="" computer.="" config:="" settings.="" enum:="" device="" hardware:="" serial="" communication="" port(s)="" network(s)="" logged="" to.="" security:="" security="" specific="" system:="" driver="" operating="" settings.="" hkey_users:="" desktop="" each="" logs="" onto="" same="" 95="" system.="" will="" have="" a ="" under="" heading.="" only="" one="" user,="" "default"="" hkey_current_config:="" configuration,="" pointing="" hkey_local_machine.="" hkey_dyn_data:="" dynamic="" plug-and-play="" devices="" installed="" data="" changes="" added="" removed="" on-the-fly.="" when="" you've="" done="" some="" really="" cool="" stuff="" might="" want="" try="" making="" patch.="" patch="" simple="" text="" with="" .reg="" extension="" more="" keys="" values.="" double-click="" file,="" applied="" registry.="" good="" way="" share="" back="" up="" small="" portions="" use="" your="" own="" computer,="" someone="" else's,="" because="" it's="" much="" simpler="" less="" dangerous="" than="" manually="" can="" create="" opening="" editor,="" selecting="" branch,="" choosing="" export="" menu.="" then,="" specify="" filename,="" press="" ok.="" then="" view="" notepad="" (right-click="" select="" edit).="" again,="" (or="" import="" editor's="" menu)="" apply="" time="" regedit="" friendly="" ask="" confirm="" merge="" into="" registry,="" reg="" patches="" out="" disable="" function="" :-="">). A reg patch
will look something like this
---------------------------------------------------------------------------
REGEDIT4
; This is a comment and is not read by the machine you can add them so
; people reading it can find out what the patch does before they merge it
; You can lie and put some backdoor in someone's system if you don't like
; them, but if they have an ounce of sense they will understand the patch
;
; The REGEDIT4 part means this is a win9x Registry file
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionWinlogon]
"LegalNoticeCaption"="How Are You Gentlemen"
"LegalNoticeText"="All your base are belong to us"
-----------------------Here endeth the reg patch---------------------------
And hopefully this example will go some way to explaining how they work and
you will be able to write them straight off:
---------------------------------------------------------------------------
REGEDIT4
[HKEY_...PATHINREGISTRYTREETOKEY1]
"NameOfKey1Value1"=dword:xxxxxxxx (Hexadecimal)
[HKEY_...PATHINREGISTRYTREETOKEY2]
"NameOfKey2Value1"="blahblah" (String value, text)
"NameOfKey2Value2"=hex:ff,00,20,1c...(Hexadecimal Bytes)
"NameOfKey2Value3"=dword:xxxxxxxx (Hexadecimal)
-----------------------Here endeth the example reg patch-------------------
^-Sections
=======================================================================
=======================================================================
=======================================================================
VII Suggested further reading
=======================================================================
The books listed underneath are listed in order of (my) preference, the URLs
included have reviews on them by people who have bought the book (or so
we're lead to believe):
TITLE: Windows 98 Registry Handbook
AUTHOR: Jerry Honeycutt
ISBN: 0789719479
RRP: œ18.49
AMAZON.CO.UK
URL:http://www.amazon.co.uk/exec/obidos/ASIN/0789719479/qid%3D100
0113094/202-2693477-6800652
TITLE: Windows 98: Registry Little Black Book
AUTHOR: Holden
ISBN: 1576102947
RRP: œ24.49
AMAZON.CO.UK
URL:http://www.amazon.co.uk/exec/obidos/ASIN/1576102947/qid%3D100
0113170/202-2693477-6800652
TITLE: Inside the Windows 98 Registry
AUTHOR: Gunter Born
ISBN: 1572318244
RRP: œ40.00
AMAZON.CO.UK
URL:http://www.amazon.co.uk/exec/obidos/tg/stores/detail/-/books/
1572318244/toc/202-2693477-6800652
Obviously as a supplement to these a search engine will come up with lots of
interesting results (I checked Google - http:www.google.com - and got
absolutely hundreds of interesting pages), the authors of these pages have
invariably read the books suggested above and written their own pages which
are basically the same thing in their own words with their own particular
expertise thrown in for good measure. Hence these can be used as a
supplement to the knowledge you have gained from reading the books your own registry
experiences or they can work as an alternative (for those of us who have
better things to spend are money on !)
==========================================================================
Well that's about it now if you do something really cool or want some help
then send me an e-mail (Monkey_Zee@hotmail.com)
Questions/comments/constructive criticism to Monkey_Zee@hotmail - I'm really
interested to find out any other languages which give you uncomplicated
access to The Registry, you can also find out about any new Registry edit
I've done or possibly get my views if your having trouble with something you're
trying to do. If I get any requests to do articles more in-depth about
particular aspects that are only slightly explored in this one I will try to
comply.
Flames to /dev/null (that includes mail about Registry editing not being
'hacking' - I know already)
This text was finished as you see on 11 Sep 2001, but if you find it
Floating around in 2005 and you feel like sending me an e-mail about it then please
do.
This file is not copyrighted in any way, if you do want to pretend you wrote
it make sure you change the name/ e-mail address, if you put any sort of
copyright on it then you are extremely lame. Any additions are welcome but I
would also like to hear from you if you think you have some additional
information I'd be interested in.
EOF
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
/ /
| | | |
| `. | | :
` | | | |
| / / --__ :
/ _--~~ ~--__| |
_-~ ~-_ |
_ _.--------.______| |
______// _ ___ _ (_(__> |
. C ___) ______ (_(____> | /
/ | C ____)/ (_____> |_/
/ /| C_____) | (___> /
| ( _C_____)______/ // _/ /
| |__ _________// (__/ |
| ____) `---- --' |
| _ ___ /_ _/ |
| / | | |
| | / |
| / / | | |
| / / __/___/ | |
| / / | | | |
| | | | | |
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!
[^-top] [next->]