Windows Registry Editor

%By Edu%



Introduction

The registry is a database that stores all the Operating System configuration and informations. The Registry Editor Tool is located by default in the System folder. The 16-bits Windows95,98,ME Registry Tool (application) is called ‘Regedit.exe’ while 32-bits Windows NT4,2000,XP,2003 have both ‘Regedit.exe’ and ‘Regedt32.exe’ applications. The files that composes the registry in Windows 95/98/ME are ‘system.dat’ and ‘user.dat’. On Windows NT/2000/XP/2003 the files are ‘SOFTWARE’, ‘SYSTEM’, ‘SECURITY’ , ‘SAM’.

Read the full article at :

http://sarkar112.googlepages.com/Edu19-Win...tryTutorial.pdf

and, for those who dont have a PDF reader, use the HTML version :
Windows Registry Editor Tutorial HTML Version


ps: thnks to sarkar112 for using his googlepages account to host the file

Fast Disclaimer :

You may re-distribute it, but u must give the author full credits. u could edit, but first contact the author.

ps: Sarkar112 was granted full permissions to do the HTML version.

thks and hope u guys find it usefull

Very nice tutorial edu19, it's a useful reference for beginners using win32 to start programming, or learning what majorly affects the win32 platform in many ways, it can be used for many useful purposes, and many destructive purposes, I recommend all user's to read it, and use it as a reference for information about the windows registry.

ah thks for the feedback friend. glad u liked it. I tried to detail it a lot in order to fit everyone from beguinner to intermediate users. I listed some registry value types that most probably dont know it exists. it also can serve as a fast reference for more advanced users in certain ways

Very good tutorial edu19 and u're getting expert in writing tutorial hope to see few more

Most distributions of linux don't have a registry by default, but you can emulate one by using the electra project for gnome users (hxxp://www.libelektra.org/Main_Page), and still have a use for this tutorial, I personally dislike the registry, but you can develop virii, and mess around with the windows operating system by using it, I suggest you do not use electra because you can already configure a linux distribution to suit your needs.

EDIT: For Edu19's Convinience
HTML version uploaded
http://sarkar112.googlepages.com/Edu19-Win...ryTutorial.html

ah thks a lot mate.
ah the only thing is if Linux distributions dont have a registry by default, why add an emulated one? ....wouldnt it be a new vector of possible attacks ?

Elektra isn't really a registry, it's actually just an application to help customize your linux distribution in many ways, just like you can custimize windows in ways that you would not do without the registry, you could do everything you do in elektra in the unix bash shell, it just makes it simpler and faster for you.

The windows registry, however, controls almost everything you do in windows, and if you edit it your just editing the registy, windows reads the registry to preform many tasks. However, modifying Elektra modifies only a few thngs that could be changed through the unix shell, linux distributions don't actually read the Elektra registry, it reads the files you have modified through Elektra.

ah good to know that.
it is very true about windows. it reads the registry for everything. u have basically 2 options in windows : change settings via GUI interface or change them directly in the registry. both will modify the registry. thks to regedit application and REG scripts it is possible to customize 98% of windows OS via command line
the registry is like the windows 'heart'

Still, windows reads the registry, linux does not read Elektra, Elektra simply modifies the files on the operating system. Windows requires the registry to do many tasks on the operating system, Linux does not require Elektra, it requires the files that Elektra modifies.

hehe nice...

I still like the windows registry. it is so powerfull and easy to manipulate

The windows registry is easy to manipulate, but you shouldn't trust windows for security, instead if you have permission, you should use it against itself, and prove how badly people need to switch to a different operating system.

that´s true but if u know how to setup windows and set access restrictions it becomes much better

Much better, yet still insecure, if you make one minor mistake with the registry, it can crash your operating system, normal user's are too afraid to use it with all the warnings, so they probably won't restore the registry to how it was before it was infected, so it's a good target for beginners.

true. the worst thing to happen is not incorrectly deleting or modidying a key or value but modifying ACLs on registry. this can be much more 'lethal' .

If you gain system privileges, you have access to more registry values that an administrator user, and you can gain complete access to the system, such as root on linux, try accessing HKEY_LOCAL_MACHINE/Security.

ha that´s true... but as an administrator u have the rights to change the ACL for that registry key.

the only key administrators cannot effectivelly change is

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials

If u check the permissions for the above key u will see that Only SYSTEM has special rights. Administrators dont even appear there, meaning they cannot do anything... wow, n microsoft claimed administrators had full access to the machine LOL

Well, there are many ways to use the system user, you can look on white-scorpians site for a simple example of how to do it, and you can play around with the registry.

yes...I have even written a simple tutorial on ways to logon as SYSTEM user

There are many ways to logon as the SYSTEM user, but Microsoft should give the same privileges they give to the system user to an administrator, or it's harder to recover your system from a malicious infection.

true! but on the other hand if a normal admin had SYSTEM privileges, the virus could cause more harm. still. the built-in Administrator user should have SYSTEM rights

What I mean is, windows should have access to the system user, like linux has access to the root user.

hmmm but it has, indirectly, that means u can use a service, rename logon.scr to 'somefile.exe' or use the task scheduller to logon as system, but I think SYSTEM account must be displayed in welcome screen and must have a password which you setup on windows installation, just like the built-in Administrator account.

I think windows vista has already patched the public ways to gain access to the system user. Why didn't microsoft give access to the system user?

wow nice and big tutorial.. Still reading.Thanks for sharing.

I am glad u liked it buddy

but... edit ur post, comment on some part or detail of the tutorial, etc

Edit: Whoops. Accidently posted a message.
Please delete.

thanks, its very usefull

I have just told the other person to edit his/her post and now you go and say thks.
buddy I really appreciate that u liked the tutorial but GSO rules forbids u from posting simple thks posts as you need to say why u re saying thks n comment on something related to what u re saying thks. If I were a moderator I would have to give u a warning point
dont wanna be rude buddy, but please re-read the forum rules not to have future headaches here.

Thats right
I'll let you off the hook this time, but be sure to read the rules.


Regards,

Dennis

Well, if you are local admin, open regedit go to that key, just change the ownership in advanced properties of that key, then you can add a user and give / take rights.
Local admin have all privileges on local machine, usually what is missing is knowledge on how to do things, and using the good tools.

I know that bud, what I mean is that by default the administrators dont have access to that key. but of course they can edit the permissions.

this is awsome, thank you so much!

this is far best tutorial i have read. esp. the conversation between you n sarkar.

thank u so much for the feedback buddy. I am glad you liked and hope it come usefull for you now and in the future...
btw I see it is your first post here, so I may welcome you to the forums. Read our rules please, in case u havent done before.

cheers,

Edu