Encrypt / Decrypt Options to Right-Click Menu

If you use the built-in file encryption in Windows 7 or Vista, you might be interested in adding an option to the right-click menu to more easily encrypt and decrypt your files, rather than having to use the file properties dialog.

Open up regedit.exe through the start menu search box, and then find the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
In the right-hand pane, create a new 32-bit DWORD value called EncryptionContextMenu and give it a value of 1.Now when you right-click on a file, you’ll see a new option called Encrypt.

When you choose this option, you’ll receive the following dialog, asking if you want to encrypt just the file, or also the parent folder. You can also choose just the file as the default.

Once the files are encrypted, you’ll notice that the title of the file is now green, indicating that it’s been encrypted. The right-click option will also now change to Decrypt.

You Can Also Download .Reg File From Here

Read More

Restore Previous Versions of the Registry

If you want to manually restore a specific section of the registry from a previous System Restore snapshot, or access some specific keys from an older version of the registry, you can do so by getting access to those files and then exporting sections from them. Here’s how to do it in Windows 7 or Vista.
Since Windows 7 and Vista utilize Shadow Copy, otherwise known as Volume Snapshot Service, to power the “Previous Versions” feature, there are snapshots of important files taken over time, including registry hives, so we can access the older versions of registry files this way without having to do a full System Restore.

Access Previous Registry Hives from Shadow Copy
Important Note: before we get started, we should really give you a disclaimer: you should not use this technique unless you know what you’re doing and are willing to deal with possible problems, or at least have some good backups of your files. Still here? Read on.

The first thing you’re going to want to do is disable User Account Control, because you can’t really access the folders otherwise. Once you’ve done that and rebooted, open up a new Windows Explorer window and head to the following folder:
C:\Windows\System32\Config
Right-click anywhere in the white space area of the folder, choose Properties from the menu, and then click the Previous Versions tab. Once you’re there, double-click the appropriate folder (Hint: Look at the Date modified field to decide which version of the files you want to restore.)
Select the registry hive files you need, and copy them to a folder of your choice.
Click OK when you see the Windows Security prompt.
And now you should have a folder containing the backup registry keys.
Now that you have the backup versions of the registry, you can use them to access the older version.

Loading a Registry Hive and Accessing Specific Keys
At this point you can load the entire registry hive into the registry, which will make it a sub-key of one of the main sections, and allow you to access settings from the older version. Open up the Registry Editor using regedit.exe in the Start Menu search or run boxes, click on HKEY_LOCAL_MACHINE or HKEY_USERS, and then use File –> Load Hive.
You’ll be prompted to give the new hive a name—for this example I just used test.
And just like that, you can see the new key with the contents from last week’s backup copy. So, for instance, if one of the settings or license keys for an application was lost, we can find it by browsing through the keys for that application. You’ll have to manually make the changes if you’re doing just a few keys.
If you are trying to use this method to restore large chunks of the registry, you can export a key, modify the exported file to have the correct key path instead of Test, and then import it again. It’s a bit of a pain, but might be helpful if you need to.
Once you’re done, you should make absolutely certain to delete this entire key, or else it’s going to add a lot of extra bloat to your registry that you really don’t need.

Access the Previous Version’s Registry Keys Through the Command Line
Instead of loading the registry key using the GUI and adding all those keys to your current registry, you can use the RegFileExport tool from Nirsoft to access and extract the data from the backup files directly—you’ll just need to know the exact key that you’re looking for
So, for example, if you wanted to access the list of currently installed programs from the Programs and Features dialog. You’d run a command like this against the saved backup copy of the SOFTWARE registry hive—assuming you have the command-line application in the same directory as the backup file:
regfileexport SOFTWARE ExportedKey.reg “HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\Uninstall”This will generate a regular .reg file that you can either double-click to enter the contents into the registry, or you can open it up and find specific keys that you might want to use.

Read More

How to Clean Up Windows Context Menu

One of the most irritating things about Windows is the context menu clutter that you have to deal with once you install a bunch of applications. It seems like every application is fighting for a piece of your context menu, and it’s not like you even use half of them.
Today we’ll explain where these menu items are hiding in your registry, how to disable them the geeky way, and an easier cleanup method for non-geeks as well.
Either way, your context menu won’t look like this one anymore…
Tools Required:

• ShellExview
• ShellMenuView

Cleaning the Context Menu by RegistryIf you want to clean things up the truly geeky way, you can open up regedit.exe through the start menu search or run box, and then browse down to one of the following keys… sadly the context menu items are not stored in a single location.
Most of the menu items that used for all files and folders can be found by looking at one of these keys:
HKEY_CLASSES_ROOT\*\shell
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\AllFileSystemObjects\ShellEx

Items that are specific to folders can usually be found in one of these keys instead:
HKEY_CLASSES_ROOT\Directory\shell
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers
The context menu items found at these different locations will need to be handled differently, and we’ll explain how, so keep reading!

Dealing with “shell” Items
Let’s take a look at one item as an example… if you browse down to the shell key under Directory you’ll see the items for Add to VLC media player and Play with VLC. Items under the regular “shell” key are usually really easy to spot, and easy to deal with.
If you want to hide one of these items so that you’ll have to Shift+Right-Click, then you can add a new string value on the right-hand side and name it “Extended”

If you’d like to disable it instead, but don’t want to delete the key, you can add a new string value and call it “LegacyDisable”.

And, you could just delete the whole key if you really wanted to… but I’d export a copy just in case.

Dealing with “shellex” Items
You probably noticed the other registry keys above that have “shellex” (Shell Extension) in the name instead of just “shell”. Those types of keys will need to be handled differently… for an example, we’ll head down to one of the keys mentioned above:
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers
These items will be a little more tough to decipher… but you can usually figure out an item by the key name on the left, and then just modify the (Default) value by putting a few dashes in front of it, which will disable the item without actually deleting anything.
By The example, clicked on 7-ZIP on the left, and by putting dashes in front of the value data I’ve disabled that menu item.

You’ll want to go through each location in the list at the top of this article until you figure out where exactly the offending items are located. At that point, you can use one of the tricks we mentioned in order to disable that item.

Dealing With Specific File Type Items
Sometimes, although not often, the menu items are located on the registry key for a specific file type. In that case you’ll need to first locate the file extension key by looking under HKEY_CLASSES_ROOT for that extension, which will tell you the name of the key that you need to look for.

For instance, if I wanted to remove a menu item for Excel documents (.xls) I would look at this registry key, which gives me the name of the actual key to look under…
HKEY_CLASSES_ROOT\.xls
As you can see above, the actual type of the file is “Excel.Sheet.8″, so I’ll then browse down to this registry key:

HKEY_CLASSES_ROOT\Excel.Sheet.8\shell
And now I can use the same techniques as above to disable items under “shell”… remember LegacyDisable and Extended? Yep, those work here.

Cleaning Up the Context Menu the Easy Way
Instead of hacking the registry, you can use two different NirSoft utilities to clean up the context menu. Sadly, some of the menu items are implemented as Explorer shell extensions (like the “shellex” keys we explained above), and some are implemented as regular context menu items (like the regular “shell” keys we explained above).
The first tool we will check out is ShellMenuView, which allows us to manage all of those “shell” key items with an easy to use interface.Just browse down until you find the offending item, then click the Disable button… which will actually create a LegacyDisable key just like we explained in the manual section above.

You’ll see that those items are instantly disabled:
Next, we need to disable those “shellex” or Shell Extensions, using another great Nirsoft utility appropriately called ShellExView. This one works the same exact way as the first utility… just click on the Disable button to remove the items.
After using both of these utilities for just a few minutes, I was able to get my context menu back to the pristine “new install” state.

Read More

Add Any Application to Desktop Right-Click Menu

If you want really quick access to launch a frequently used application without putting extra icons on your desktop, you can add that application to the context menu for the desktop with a simple registry hack. Here’s how to do it.

Let's See how to add Notepad to the menu, but you could add any applications you want instead. The first thing you’ll want to do is:O

pen up regedit.exe through the Start Menu search or run box.

Browse down to the following key:
HKEY_CLASSES_ROOT\Directory\Background\shell
Next, you’ll want to create a new key underneath the shell key, the name of which is exactly what is going to show up on the desktop menu. Right-click on the “shell” key, and then choose New \ Key from the menu.
Give the new key the name that you want to show up on the desktop context menu. For this example we’ll be using Notepad.

If you want to assign an “Alt” key to this menu entry for quicker access, you can change the (Default) value on the right and put an & character in front of the key you want to use. For instance, if you wanted to be able to just use the N key to launch Notepad once the desktop context menu pops up, you can do this:
Personally I don’t find this terribly useful since you have to use the mouse to right-click on the desktop… may as well just use the mouse to click the item. Still, for completeness I’ve included it.Next you’ll need to create the command key that will actually hold the command used to launch the application. Right-click on the new Notepad key, and then choose New \ Key from the menu.
Give this key the name “command” in lowercase.
To complete this step you’ll need the full path to the application that you want to launch. You can use Shift + Right-Click to get the Copy as Path menu item to find this more quickly.Note: of course, for Notepad you wouldn’t need the full path, but this is just an example.
Now click on “command” on the left side, and then double-click on the (Default) key in the right side to edit the string value.
Paste in the full path to the executable that you got from the “Copy as Path” step above, or you can put in the full path yourself if you’d like.

And right-clicking on the desktop will produce the new menu item… naturally, using this menu item should launch Notepad.

Read More

How to Kill Windows with the Blue Screen of Death

Have you ever wanted to show off your keyboard ninja skills by taking down Windows with just a couple of keystrokes? All you have to do is add one registry key, and then you can impress your friends… or use it to convince people to switch to Linux.

This isn’t a bug, it’s a “feature” in Windows that is designed to let users trigger a crash dump for testing purposes. There’s even a whole Microsoft KB article on the subject.

To enable this feature,

Open up regedit.

Browse down to one of these keys, depending on your keyboard type:

USB Keyboard
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\Parameters

PS/2 Keyboard
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
Now right-click on the right-hand pane and add a new DWORD key namedCrashOnCtrlScroll, giving it a value of 1.
Reboot your computer, 

and when it starts back up you can trigger the Blue Screen of Death by using the following keyboard shortcut:Hold down Right Ctrl and hit Scroll Lock twice
To remove this “feature” you can just delete the registry key and then restart your computer again.

Read More

How to Disable All Notification Balloons in Windows 7 or Vista

If you find the popup notification balloons in the Windows system tray to be too annoying, you might be interested to know that you can completely disable them. 

This would be an extreme option, of course… typically you can just turn them off in any offending applications, but if you want to disable them across the board, Following is the solution.

Procedure:
Open up regedit.exe through the start menu search or run box.

Browse down to the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Right-click on the right-hand pane, and create a new 32-bit DWORD with the following values:

Name: EnableBalloonTips
Value: 0You’ll have to logoff and back on in order to see the change… or to be more correct, you won’t see any popup balloons anymore.

Read More

Display a Text Message At Logon In Windows 7

Sometimes you might want to leave a text message for a user before they log into a Windows 7 computer. Here Is a trick that allows you to leave a message they can read before logging in.

Add a Text Message
To add a message, click on Start and enter regedit into the Search box and hit Enter.
Navigate to: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Policies\System and double-click on legalnoticecaption.In the Value data field enter in the header you want…for instance your company name or the name of your computer…whatever you want it to be, then click OK.
Then double-click on legalnoticetext …
And in the Value data field enter in the message you want to display and click OK. Close out of Registry Editor and reboot the computer.

After the machine reboots you’ll see the text message you just created at the Welcome screen.
You can include whatever text message you want to be included for the user to read before they log in.

Read More

Understandig Registry Edit

Some Info on NT:
32 bit GUI Windows networking (client server model) Operating System. 1st version: 3.1 (circa 1994), then 3.5, then 3.51, then 4.0 (most used and this version was the 1st to adopt the same GUI as Windows 95). NT stands for New Techology. NT's main competitor is Novel Netware which is more established and has been around longer as a network operating system. Despite that, it is losing market share to NT and Linux. That's why NT is becoming a little bit more important. Windows 2000 which is supposedly the next version is supposed to be out sometime in October 1999. This version formerly called Cairo has been delayed 3 times over the last 2-3 years. Everything in this tutorial directory relates to Windows NT v. 4.0 . Some of this might also be useful for Windows 95 and Windows 98 but please note that despite the similar GUI environments all of them have major differences between each other and each are distinct. The major difference is security, with NT there is a decent degree of security and robustness. With Windows 95, and 98 there is hardly any security at all. For example with NT you cannot log in without a password and a username that is correct. With Windows 98/95, just hit the cancel button on the log on menu (which is not usually enabled anyways) and you will get into the system. With NT, you can have a network from anywhere from 20-20,000 users or so on the same domain. Each Domain will have a Primary Domain Controller (PDC) and a few Backup Domain Controllers (BDC's). There is only one PDC in a domain, it is the main server that holds all the log in info and does most of the work. BDC's are backups in case the PDC gets to busy such as multiple users logging in at the same time. PDC has all the official settings for the entire domain (in most cases an entire network) on it. BDC's usually have partial and not right up-to-date settings and information on it. Backing up the Registry of your PDC (Primary Domain Controller) is an important part of disaster prevention, because it contains all of your user accounts. If you ever have to rebuild a PDC from scratch, then you can restore your user accounts by restoring the Registry.

Backup and Restore:
Even with Windows 98, and Windows 95 you can not just backup the registry when you back up files. What you would need to do is run either: regedit32.exe (for NT) or regedit.exe and then click the registry menu, then click export registry. The next step is to click all, then pick the drive to back up onto (usually a removable drive like tape, floppy, cd, zip drive, jazz drive etc.) and then hit "ok". To restore a registry from a backed up version, enter the registry program the same way, click import registry and click the drive and path where the backup is and hit "ok". It will restore it back to the previous backed up settings and may require a reboot.

Note: registry backups are saved as .reg files, and they are associated with regedit as default. This means that once you double-click a .reg file, it's contents will be inserted into your own registry.
What is SAM?SAM is short for Security Accounts Manager, which is located on the PDC and has information on all user accounts and passwords. Most of the time while the PDC is running, it is being accessed or used.
What do I do with a copy of SAM?You get passwords. First use a copy of SAMDUMP.EXE to extract the user info out of it. You do not need to import this data into the Registry of your home machine to play with it. You can simply load it up into one of the many applications for cracking passwords, such as L0phtCrack, which is available from:http://www.L0phtCrack.com
Of interest to hackers is the fact that all access control and assorted parameters are located in the Registry. The Registry contains thousands of individual items of data, and is grouped together into "keys" or some type of optional value. These keys are grouped together into subtrees -- placing like keys together and making copies of others into separate trees for more convenient system access.
The Registry is divided into four separate subtrees. These subtrees are called

• HKEY_CLASSES_ROOT
• HKEY_CURRENT_USER
• HKEY_LOCAL_MACHINE
• HKEY_USERS

We'll go through them from most important to the hacker to least important to the hacker.
First and foremost is the HKEY_LOCAL_MACHINE subtree. It contains five different keys. These keys are as follows:

• SAM and SECURITY - These keys contain the info such as user rights, user and group info for the domain (or workgroup if there is no domain), and passwords. In the NT hacker game of capture the flag, this is the flag. Bag this and all bets are off.

The keys are binary data only (for security reasons) and are typically not accessible unless you are an Administrator or in the Administrators group. It is easier to copy the data and play with it offline than to work on directly. This is discussed in a little more detail in section 09-4.

• HARDWARE - this is a storage database of throw-away data that describes the hardware components of the computer. Device drivers and applications build this database during boot and update it during runtime (although most of the database is updated during the boot process). When the computer is rebooted, the data is built again from scratch. It is not recommended to directly edit this particular database unless you can read hex easily.

There are three subkeys under HARDWARE, these are the Description key, the DeviceMap key, and the ResourceMap key. The Description key has describes each hardware resource, the DeviceMap key has data in it specific to individual groups of drivers, and the ResourceMap key tells which driver goes with which resource.

• SYSTEM - This key contains basic operating stuff like what happens at startup, what device drivers are loaded, what services are in use, etc. These are split into ControlSets which have unique system configurations (some bootable, some not), with each ControlSet containing service data and OS components for that ControlSet. Ever had to boot from the "Last Known Good" configuration because something got hosed? That is a ControlSet stored here.
• SOFTWARE - This key has info on software loaded locally. File associations, OLE info, and some miscellaneous configuration data is located here.

The second most important main key is HKEY_USERS. It contains a subkey for each local user who accesses the system, either locally or remotely. If the server is a part of a domain and logs in across the network, their subkey is not stored here, but on a Domain Controller. Things such as Desktop settings and user profiles are stored here.
The third and fourth main keys, HKEY_CURRENT_USER and HKEY_CLASSES_ROOT, contain copies of portions of HKEY_USERS and HKEY_LOCAL_MACHINE respectively. HKEY_CURRENT_USER contains exactly would you would expect a copy of the subkey from HKEY_USERS of the currently logged in user. HKEY_CLASSES_ROOT contains a part of HKEY_LOCAL_MACHINE, specifically from the SOFTWARE subkey. File associations, OLE configuration and dependency information.
What are hives?Hives are the major subdivisions of all of these subtrees, keys, subkeys, and values that make up the Registry. They contain "related" data. Look, I know what you might be thinking, but this is just how Microsoft divided things up -- I'm just relaying the info, even I don't know exactly what all the advantages to this setup are. ;-)
All hives are stored in %systemroot%\SYSTEM32\CONFIG. The major hives and their files are as follows:

Hive	File	Backup File
HKEY_LOCAL_MACHINE\SOFTWARE	SOFTWARE	SOFTWARE.LOG
HKEY_LOCAL_MACHINE\SECURITY	SECURITY	SECURITY.LOG
HKEY_LOCAL_MACHINE\SYSTEM	SYSTEM	SYSTEM.LOG
HKEY_LOCAL_MACHINE\SAM	SAM	SAM.LOG
HKEY_CURRENT_USER	USERxxx ADMINxxx	USERxxx.LOG ADMINxxx.LOG
HKEY_USERS\.DEFAULT	DEFAULT	DEFAULT.LOG

Hackers should look for the SAM file, with the SAM.LOG file as a secondary target. This contains the password info.
For ease of use, the Registry is divided into five separate structures that represent the Registry database in its entirety. These five groups are known as Keys, and are discussed below:

HKEY_CURRENT_USER

This registry key contains the configuration information for the user that is currently logged in. The users folders, screen colors, and control panel settings are stored here. This information is known as a User Profile.

HKEY_USERS

In windowsNT 3.5x, user profiles were stored locally (by default) in the systemroot\system32\config directory. In NT4.0, they are stored in the systemroot\profiles directory. User-Specific information is kept there, as well as common, system wide user information.

This change in storage location has been brought about to parallel the way in which Windows95 handles its user profiles. In earlier releases of NT, the user profile was stored as a single file - either locally in the \config directory or centrally on a server. In windowsNT 4, the single user profile has been broken up into a number of subdirectories located below the \profiles directory. The reason for this is mainly due to the way in which the Win95 and WinNT4 operating systems use the underlying directory structure to form part of their new user interface.
A user profile is now contained within the NtUser.dat (and NtUser.dat.log) files, as well as the following subdirectories:

• Application Data: This is a place to store application data specific to this particular user.
• Desktop: Placing an icon or a shortcut into this folder causes the that icon or shortcut to appear on the desktop of the user.
• Favorites: Provides a user with a personalized storage place for files, shortcuts and other information.
• NetHood: Maintains a list of personlized network connections.
• Personal: Keeps track of personal documents for a particular user.
• PrintHood: Similar to NetHood folder, PrintHood keeps track of printers rather than network connections.
• Recent: Contains information of recently used data.
• SendTo: Provides a centralized store of shortcuts and output devices.
• Start Menu: Contains configuration information for the users menu items.
• Templates: Storage location for document templates.

HKEY_LOCAL_MACHINE

This key contains configuration information particular to the computer. This information is stored in the systemroot\system32\config directory as persistent operating system files, with the exception of the volatile hardware key.

The information gleaned from this configuration data is used by applications, device drivers, and the WindowsNT 4 operating system. The latter usage determines what system configuration data to use, without respect to the user currently logged on. For this reason the HKEY_LOCAL_MACHINE regsitry key is of specific importance to administrators who want to support and troubleshoot NT 4.
HKEY_LOCAL_MACHINE is probably the most important key in the registry and it contains five subkeys:

• Hardware: Database that describes the physical hardware in the computer, the way device drivers use that hardware, and mappings and related data that link kernel-mode drivers with various user-mode code. All data in this sub-tree is re-created everytime the system is started.
• SAM: The security accounts manager. Security information for user and group accounts and for the domains in NT 4 server.
• Security: Database that contains the local security policy, such as specific user rights. This key is used only by the NT 4 security subsystem.
• Software: Pre-computer software database. This key contains data about software installed on the local computer, as well as configuration information.
• System: Database that controls system start-up, device driver loading, NT 4 services and OS behavior.

Information about the HKEY_LOCAL_MACHINE\SAM Key

This subtree contains the user and group accounts in the SAM database for the local computer. For a computer that is running NT 4, this subtree also contains security information for the domain. The information contained within the SAM registry key is what appears in the user interface of the User Manager utility, as well as in the lists of users and groups that appear when you make use of the Security menu commands in NT4 explorer.

Information about the HKEY_LOCAL_MACHINE\Security key

This subtree contains security information for the local computer. This includes aspects such as assigning user rights, establishing password policies, and the membership of local groups, which are configurable in User Manager.

HKEY_CLASSES_ROOT

The information stored here is used to open the correct application when a file is opened by using Explorer and for Object Linking and Embedding. It is actually a window that reflects information from the HKEY_LOCAL_MACHINE\Software subkey.

HKEY_CURRENT_CONFIG

The information contained in this key is to configure settings such as the software and device drivers to load or the display resolution to use. This key has a software and system subkeys, which keep track of configuration information.

Understanding Hives

The registry is divided into parts called hives. These hives are mapped to a single file and a .LOG file. These files are in the systemroot\system32\config directory.

Registry Hive	File Name
HKEY_LOCAL_MACHINE\SAM	SAM and SAM.LOG
HKEY_LOCAL_MACHINE\SECURITY	Security and Security.LOG
HKEY_LOCAL_MACHINE\SOFTWARE	Software and Software.LOG
HKEY_LOCAL_MACHINE\SYSTEM	System and System.ALT

QuickNotes

Ownership = The ownership menu item presents a dialog box that identifies the user who owns the selected registry key. The owner of a key can permit another user to take ownership of a key. In addition, a system administrator can assign a user the right to take ownership, or outright take ownership himself.
REGINI.EXE = This utility is a character based console application that you can use to add keys to the NT registry by specifying a Registry script.

---

The Following table lists the major Registry hives and some subkeys and the DEFAULT access permissions assigned:

\\ denotes a major hive \denotes a subkey of the prior major hive
\\HKEY_LOCAL_MACHINE	Admin-Full Control Everyone-Read Access System-Full Control
\HARDWARE	Admin-Full Control Everyone-Read Access System-Full Control
\SAM	Admin-Full Control Everyone-Read Access System-Full Control
\SECURITY	Admin-Special (Write DAC, Read Control) System-Full Control
\SOFTWARE	Admin-Full Control Creator Owner-Full Control Everyone-Special (Query, Set, Create, Enumerate, Notify, Delete, Read) System-Full Control
\SYSTEM	Admin-Special (Query, Set, Create, Enumerate, Notify, Delete, Read) Everyone-Read Access System-Full Control
\\HKEY_CURRENT_USER	Admin-Full Control Current User-Full Control System-Full Control
\\HKEY_USERS	Admin-Full Control Current User-Full Control System-Full Control
\\HKET_CLASSES_ROOT	Admin-Full Control Creator Owner-Full Control Everyone-Special (Query, Set, Create, Enumerate, Notify, Delete, Read) System-Full Control
\\HKEY_CURRENT CONFIG	Admin-Full Control Creator Owner-Full Control Everyone-Read Access System-Full Control

Read More

The Registry Edit - An Overview

The Registry Editor

The Registry Editor is a utility by the filename regedit.exe that allows you to see, search, modify and save the registry database of Windows. The Registry Editor doesn't validate the values you are writing: it allows any operation. So you have to pay close attention, because no error message will be shown if you make a wrong operation.

To launch the Registry Editor simply run RegEdit.exe ( under WinNT run RegEdt32.exe with administer privileges). The registry editor is divided into two sectios in the left one there is a hierarchical structure of the database (the screen looks like Windows Explorer) in the right one there are the values.

The registry is organized into keys and subkeys. Each key contains a value entry , each one has a name, a type or a class and the value itself. The name is a string that identifies the value to the key. The length and the format of the value is dependent on the data type.

As you can see with the Registry Editor, the registry is divided into five principal keys: there is no way to add or delete keys at this level. Only two of these keys are effectively saved on hard disk: HKEY_LOCAL_MACHINE and HKEY_USERS. The others are jusr branches of the main keys or are dynamically created by Windows.

HKEY_LOCAL_MACHINE

This key contains any hardware, applications and services information. Several hardware information is updated automatically while the computer is booting. The data stored in this key is shared with any user. This handle has many subkeys:

Config

Contains configuration data for different hardware configurations.

Enum

This is the device data. For each device in your computer, you can find information such as the device type, the hardware manufacturer, device drivers and the configuration.

Hardware

This key contains a list of serial ports, processors and floating point processors.

Network

Contains network information.

Security

Shows you network security information.

Software

This key contains data about installed software.

System

It contains data that checks which device drivers are used by Windows and how they are configured.

HKEY_CLASSES_ROOT

This key is an alias of the branch HKEY_LOCAL_MACHINE\Software\Classes and contains OLE, drag'n'drop, shortcut and file association information.

HKEY_CURRENT_CONFIG

This key is also an alias. It contains a copy of the branch HKEY_LOCAL_MACHINE\Config, with the current computer configuration.

HKEY_DYN_DATA

Some information stored in the registry changes frequently, so Windows maintains part of the registry in memory instead of on the hard disk. For example it stores PnP information and computer performance. This key has two sub keys

Config Manager

This key contains all hardware information problem codes, with their status. There is also the sub key HKEY_LOCAL_MACHINE\Enum, but written in a different way.

PerfStats

It contains performance data about system and network

HKEY_USERS

This important key contains the sub key .Default and another key for each user that has access to the computer. If there is just one user, only .Default key exists. . Each sub key maintains the preferences of each user, like the desktop colors, the fonts used, and also the settings of many programs. If you open a user subkey you will find five important subkeys:

AppEvent

It contains the path of audio files that Windows plays when some events happen.

Control Panel

Here are the settings defined in the Control Panel. They used to be stored in win.ini and control.ini.

Keyboard Layouts

It contains a voice that identify the actual keyboard disposition how it is set into the Control Panel.

Network

This key stores subkeys that describe current and recent network shortcuts.

RemoteAccess

The settings of Remote Access are stored here.

Software

Contains all software settings. This data was stored in win.ini and private .ini files.

HKEY_CURRENT_USER

It is an alias to current user of HKEY_USERS. If your computer is not configured for multi-users usage, it points to the subkey .Default of HKEY_USERS.

Description of .reg file

Here I am assuming that you already have a .reg file on your hard disk and want to know more about how it is structured.Now do not double click the .reg file or it's content will be added to the registry, of course there will be warning message that pops up. Now to view the properties of the .reg file open it in notepad.

To do so first launch notepad by going to Start > Programs > Accessories > Notepad.

Then through the open menu open the .reg file.

Now the thing that differentiates .reg files from other files is the word REGEDIT4. It is found to be the first word in all .reg files. If this word is not there then the registry editor cannot recognize the file to be a .reg file.

Then follows the key declaration which has to be done within square brackets and with the full path.If the key does not exist then it will be created.

After the key declaration you will see a list of values that have to be set in the particular key in the registry. The values look like this:

"value name"=type:value

Value name is in double commas. Type can be absent for string values, dword: for dword values and hex: for binary values and for all other values you have to use the code hex(#): , where # indicate the API code of the type.

Read More

How to Change The default Location For Installing Apps

Learn How to Change Default Location For installin Apps In Winows Xp And 7

As we know That The Default Location For Installing Applications In window Xp or 7 Is C:/Program Files .But Most Of Us Want To Install The application To Another Hard drive  For This We Have To Change Directory Every Time When Installing Application. To Get Rid Of This I Have A Trick .You Have To Edit The Settings In Regedit. Just Follow The instruction.
Goto Start->Run->Regedit
Run the Registry Editor (regedit).
Expend The Following Folders
HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> CurrentVersion
In The Folder Current Version Look for the value named ProgramFilesDir. by default,this value will be C:\Program Files. Edit the value to any valid drive or folder and XP will use that new location as the default installation directory for new programs.

Read More

How To Customize Shortcut Arrow In Windows

Simple Trick To Customizing The Shortcut Arrow In Windows XP, Vista And 7 Is Here
All shortcuts have a tiny black arrow attached to it's icon to distinguish from normal files. This arrow can sometimes be pretty annoying and as a Hacker should know how to change each and everything, here goes another trick. Launch the Registry Editor and go to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Shell Icons.
Now, on the right pane is a list of icons ( we found out that on some systems, Windows 98 especially, the right pane is blank. Don't worry, just add the value as required ). Find the value 29. If it isn't there, just add it. The value of this string should be C:\Windows\system\shell32.dll, 29 ( which means the 30th icon in shell32.dll - the first one begins with 0 ). Now, we need blank icon to do this. Just create one with white as the whole icon. Go here to learn how to create an icon. Once done just change the value to C:\xxx.ico, 0 where "xxx" is the full path of the icon file and "0" is the icon in it.
Now for some fun. If the blank icon is a bit boring, change it again. You will find that under shell32.dll there is a gear icon, a shared folder ( the hand ) and much more. Experiment for yourself!
Use Perl to Get List or Services Running on your NT box
Use the following Perl Script to get a list of Services running on your NT system
--------------script.pl-----------------
#!c:\per\bin\perl.exe
use Win32::Service;
my ($key, %service, %status, $part);
Win32::Service::GetServices(' ',\%services);
foreach $key (sort keys %services) {
print "Print Name\t: $key, $services{$key}\n";
Win32::Service::GetStatus( ' ',$services{$key};
\%status);
foreach $part (keys %status) {
print "\t$part : $status{$part}\n" if($part eq "CurrentState");
}
}
-------------script.pl-------------------

Read More

collection of windows hacking Secrets

Some Selected PC Hacking Secrets

Almost all system administrators make certain changes and make the system restricted. System Administrators can hide the RUN option, the FIND command, the entire Control Panel, drives in My Computer like D: A: etc. They can even restrict activities of a hacker my disabling or hiding, even the tiniest options or tools.

Most commonly these restrictions are imposed locally and are controlled by the Windows Registry. But sometimes the smart system administrators control the activities of the hacker by imposing restrictions remotely through the main server.

Poledit or Policy Editor is a small kewl tool which is being commonly used by system administrators to alter the settings of a system. This utility is not installed by default by Windows. You need to install in manually from the Windows 98 Installation Kit from the Resource Kit folder. user.dat file that we saw earlier.

The Policy Editor tool imposes restrictions on the user's system by editing the user.dat file which in turn means that it edits the Windows Registry to change the settings. It can be used to control or restrict access to each and every folder and option you could ever think of. It has the power to even restrict access to individual folders, files, the Control Panel, MS DOS, the drives available etc. Sometimes this software does make life really hard for a Hacker. So how can we remove the restrictions imposed by the Policy Editor? Well read ahead to learn more.

You see the Policy Editor is not the only way to restrict a user's activities. As we already know that the Policy Editor edits the Windows Registry(user.dat) file to impose such restrictions. So this in turn would mean that we can directly make changes to the Windows Registry using a .reg file or directly to remove or add restrictions.

Launch Regedit and go to the following Registry Key:

HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies

Under this key, there will definitely be a key named explorer. Now under this explorer key we can create new DWORD values and modify it's value to 1 in order to impose the restriction. If you want to remove the Restriction, then you can simply delete the respective DWORD values or instead change their values to 0. The following is a list of DWORD values that can be created under the Explorer Key-:

NoDeletePrinter: Disables Deletion of already installed Printers

NoAddPrinter: Disables Addition of new Printers

NoRun : Disables or hides the Run Command

NoSetFolders: Removes Folders from the Settings option on Start Menu (Control Panel, Printers, Taskbar)

NoSetTaskbar: Removes Taskbar system folder from the Settings option on Start Menu

NoFind: Removes the Find Tool (Start >Find)

NoDrives: Hides and does not display any Drives in My Computer

NoNetHood: Hides or removes the Network Neighborhood icon from the desktop

NoDesktop: Hides all items including, file, folders and system folders from the Desktop

NoClose: Disables Shutdown and prevents the user from normally shutting down Windows.

NoSaveSettings: Means to say, 'Don't save settings on exit'

DisableRegistryTools: Disable Registry Editing Tools (If you disable this option, the Windows Registry Editor(regedit.exe) too

will not work.)

NoRecentDocsHistory: Removes Recent Document system folder from the Start Menu (IE 4 and above)

ClearRecentDocsOnExit: Clears the Recent Documents system folder on Exit.

Nolnternetlcon: Removes the Internet (system folder) icon from the Desktop

Under the same key: HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Policies you can create new subkeys other than the already existing Explorer key. Now create a new key and name it System. Under this new key, system we can create the following new DWORD values(1 for enabling the particular option and 0 for disabling the particular option):

NODispCPL: Hides Control Panel

NoDispBackgroundPage: Hides Background page.

NoDispScrsavPage: Hides Screen Saver Page

NoDispAppearancePage: Hides Appearance Page

NoDispSettingsPage: Hides Settings Page

NoSecCPL: Disables Password Control Panel

NoPwdPage: Hides Password Change Page

NoAdminPaqe: Hides Remote Administration Page

NoProfilePage: Hides User Profiles Page

NoDevMgrPage: Hides Device Manager Page

NoConfigPage: Hides Hardware Profiles Page

NoFileSysPage: Hides File System Button

NoVirtMemPage: Hides Virtual Memory Button

Similarly, if we create a new subkey named Network, we can add the following DWORD values under it(1 for enabling the particular option and 0 for disabling the particular option):

NoNetSetupSecurityPage: Hides Network Security Page

NoNelSetup: Hides or disables the Network option in the Control Panel

NoNetSetupIDPage: Hides the Identification Page

NoNetSetupSecurityPage: Hides the Access Control Page

NoFileSharingControl: Disables File Sharing Controls

NoPrintSharing: Disables Print Sharing Controls

Similarly, if we create a new subkey named WinOldApp, we can add the following DWORD values under it(1 for enabling the particular option and 0 for disabling the particular option):

Disabled: Disable MS-DOS Prompt

NoRealMode: Disable Single-Mode MS-DOS.

So you see if you have access to the Windows Registry, then you can easily create new DWORD values and set heir value to 1 for enabling the particular option and 0 for disabling the particular option. But Sometimes, access to the Windows Registry is blocked. So what do you do? Go to the Windows Directory and delete either user.dat or system.dat (These 2 files constitute the Windows Registry.) and reboot. As soon as Windows logs in, it will display a Warning Message informing you about an error in the Windows Registry. Simply ignore this Warning Message and Press CTRL+DEL+ALT to get out of this warning message.(Do not press OK) You will find that all restrictions have been removed.

The most kind of restriction found quite commonly is the Specific Folder Restriction, in which users are not allowed access to specific folders, the most common being the Windows folder, or sometimes even access to My Computer is blocked. In effect, you simply cannot seem to access the important kewl files which are needed by you to do remove restrictions. What do you? Well use the RUN command. (START >RUN). But unfortunately a system administrator who is intelligent enough to block access to specific folder, would definitely have blocked access to the RUN command. Again we are stuck.

Windows is supposed to be the most User Friendly Operating System on earth. (At least Microsoft Says so.)

It gives the User an option to do the same thing in various ways. You see the RUN command is only the most convenient option of launching applications, but not the only way. In Windows you can create shortcuts to almost anything from a file, folder to a Web URL. So say your system administrator has blocked access to the c:\windows\system folder and you need to access it. What do you do? Simply create a Shortcut to it. To do this right click anywhere on the desktop and select New > Shortcut. A new window titled Create Shortcut pops up. Type in the path of the restricted folder you wish to access, in this case c:\windows\system. Click Next, Enter the friendly name of the Shortcut and then click Finish. Now you can access the restricted folder by simply double clicking on the shortcut icon. Well that shows how protected and secure *ahem Windows *ahem is.

HACKING TRUTH: Sometimes when you try to delete a file or a folder, Windows displays an error message saying that the file is protected. This simply means that the file is write protected, or in other words the R option is +. Get it? Anyway, you can stop Windows from displaying this error message and straightaway delete this file by changing its attributes to Non Read Only. This can be done by Right Clicking on the file, selecting Properties and then

unselecting the Read Only Option.

There is yet another way of accessing restricted folders. Use see, DOS has a lovely command known as START. Its general syntax is:

START application_path

It does do what it seems to do, start applications. So in you have access to DOS then you can type in the START command to get access to the restricted folder. Now mostly access to DOS too would be blocked. So again you can use the shortcut trick to launch, c:\command.com or c:\windows\command.com. (Command.com is the file which launches MS DOS).

Accessing Restricted Drives.

The problem with most system administrators is that they think that the users or Hackers too are stupid. Almost all system administrators use the Registry Trick (Explained Earlier) to hide all drives in My Computer. So in order to unhide or display all drives, simply delete that particular key.(Refer to beginning of Untold Secrets Section.)

Some systems have the floppy disk disabled through the BIOS. On those systems if the BIOS is protected, you may need to crack the BIOS password. (For that Refer to the Windows Hacking Chapter). Sometimes making drives readable (Removing R +) and then creating Shortcuts to them also helps us to get access to them.

Further Changing your Operating System's Looks by editing .htt files

If you have installed Windows Desktop Update and have the view as Web Page option enabled, you can customise the way the folder looks by selecting View > Customise this folder. Here you can change the background and other things about that particular folder. Well that is pretty lame, right? We hackers already know things as lame as that. Read on for some kewl stuff.

Well, you could also change the default that is stored in a Hidden HTML Template file (I think so..) which is nothing but a HTML document with a .htt extension. This .htt file is found at: %systemroot%\web\folder.htt.

The %systemroot% stands for the drive in which Windows is Installed, which is normally C:

You can edit these .htt files almost just like you edit normal .HTM or .HTML files. Simply open them in an ASCII editor like Notepad. The following is a list of .htt files on your system which control various folders and which can be edited to customise the way various folders look.

controlp.htt Control Panel

printers.htt Printers

mycomp.htt My Computer

safemode.htt Safe Mode

All these files are found in the web folder in %systemfolder%. The folder.htt file has a line:

'Here's a good place to add a few lines of your own"

which is the place where you can add your own A HREF links. These links would then appear in the folder whose folder.htt file you edited. All this might sound really easy and simple, but you see these .htt files do not contain normal HTML code, instead they contain a mixture of HTML and web bots. Hence they can be difficult for newbies to understand

Read More

Internet Explorer Tricks and Tips

Some Selected internet Explorer Tricks Are Here:

Resizable Full Screen Toolbar
The Full Screen option increases the viewable area and makes surfing more enjoyable but sometimes we need the Toolbar but also need to have extra viewing area. Now this hack teaches you how to change the size of the Internet Explorer toolbar. This registry hack is a bit complicated as it involves Binary values, so to make it simple, I have included the following registry file which will enable the resizable option of the Internet Explorer toolbar which was present in the beta version of IE.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
"Theater"=hex:0c,00,00,00,4c,00,00,00,74,00,00,00,18,00,00,00,1b,00,00,00,5c,\
00,00,00,01,00,00,00,e0,00,00,00,a0,0f,00,00,05,00,00,00,22,00,00,00,26,00,\
00,00,02,00,00,00,21,00,00,00,a0,0f,00,00,04,00,00,00,01,00,00,00,a0,0f,00,\
00,03,00,00,00,08,00,00,00,00,00,00,00
HACKING TRUTH: Internet Explorer 5 displays the friendly version of HTTP errors like NOT FOUND etc . They are aimed at making things easier for newbies. If you would rather prefer to see the proper error pages for the web server you're using, go to Tools, Internet Options and select the Advanced tab. Then scroll down and uncheck the Show friendly http errors box.

Making the Internet Explorer & the Explorer Toolbars Fancy
The Internet Explorer toolbar looks pretty simple. Want to make it fancy and kewl? Why not add a background image to it. To do this kewl hack launch the Windows Registry Editor and go to the following key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\ Internet Explorer\Toolbar\.
Now in the right pane create a new String Value and name it BackBitmap and modify it's value to the path of the Bitmap you want to dress it up with by rightclicking on it and choosing Modify. When you reboot the Internet Explorer and the Windows Explorer toolbars will have a new look.

Change Internet Explorer's Caption
Don't like the caption of Internet Explorer caption? Want to change it? Open the registry editor and go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main.
In the right pane create a new String Value names Window Title (Note the space between Window and Title). Right click on this newly created String Value and select Modify. Type in the new caption you want to be displayed. Restart for the settings to take place. 
Now let's move on to some Outlook Express Tricks. 

Colorful Background
Don't like the boring background colors of Outlook Express? To change it launch the Windows Registry Editor and scroll down to the
HKEY_CURRENT_USER\Software\Microsoft\Internet Mail And News key.
On the left pane, click on ColorCycle or select Edit and Modify in the menu. Now change the value to 1. Close and restart. Now, launch Outlook Express and whenever you open up a New Message, hold down ctrl-shift and tap the z key to scroll to change the background color. Repeat the keystroke to cycle through the colors.

Internet Explorer 5 Hidden Features
Microsoft Internet Explorer 5 has several hidden features which can be controlled using the Windows Registry. Open your registry and scroll down to the following key:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions
Create a new DWORD value named x(See complete list of values of x below) and modify it's value to 1 to enable it and to 0 to disable it.
NoBrowserClose : Disable the option of closing Internet Explorer.
NoBrowserContextMenu : Disable right-click context menu.
NoBrowserOptions : Disable the Tools / Internet Options menu.
NoBrowserSaveAs : Disable the ability to Save As.
NoFavorites : Disable the Favorites.
NoFileNew : Disable the File / New command.
NoFileOpen : Disable the File / Open command.
NoFindFiles : Disable the Find Files command.
NoSelectDownloadDir : Disable the option of selecting a download directory.
NoTheaterMode : Disable the Full Screen view option.

Read More

how to disable the Shut Down option

Here I Present The Trick how to disable the Shut Down option in the Shut Down Dialog Box.This trick involves editing the registry, so please make backups. Launch regedit.exe and go to :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
In the right pane look for the NoClose Key. If it is not already there then create it by right

clicking in the right pane and selecting New > String Value.(Name it NoCloseKey ) Now once you see the NoCloseKey in the right pane, right click on it and select Modify. Then Type 1 in the Value Data Box.

Doing the above on a Win98 system disables the Shut Down option in the Shut Down Dialog Box. But on a Win95 machine if the value of NoCloseKey is set to 1 then click on the Start > Shut Down button displays the following error message:
This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.

You can enable the shut down option by changing the value of NoCloseKey to 0 or simply deleting the particular entry i.e. deleting NoCloseKey.
Instead of performing the above difficult to remember process, simply save the following with an extension of .reg and add it's contents to the registry by double clicking on it.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoClose"="1"

Read More