after a long time again i am back on my blog .................
the new topic which i am going to start hear is back track.
to work with back track its mendatory to know what exactly it is to learn more about back track please follor the link...............Click hear
Friday, October 8, 2010
Saturday, September 25, 2010
BOM SABADO
BOM SABADO!
the lattest orkut attack is a kind of XSS attack which attack on the cookies of orkut users and hope fully also stoling their ID and PASSWORD .
it work holds the property of worm with some special features.
My advise to you all if you people get such type of scrap in your orkut then plezse del it and change the PASSWORD also your security code od EMAIL ID.
Also delete all the cookies from your browser cache.......
"BOM SABADA" is a pourtguish word meaning "GOOD SATURDAY".
the lattest orkut attack is a kind of XSS attack which attack on the cookies of orkut users and hope fully also stoling their ID and PASSWORD .
it work holds the property of worm with some special features.
My advise to you all if you people get such type of scrap in your orkut then plezse del it and change the PASSWORD also your security code od EMAIL ID.
Also delete all the cookies from your browser cache.......
"BOM SABADA" is a pourtguish word meaning "GOOD SATURDAY".
Tuesday, June 22, 2010
Techniques which make your pen drive boot able
You can make your pen drive boot able.its really cool suppose their is no cd rom in your computer and you want to format or repair your windows you can do these all just by making your pen drive bootable.
Necessary requirements:
Your hardware should be compatible (BIOS should be updated).
For details just check the link.........CLICK HERE
Necessary requirements:
Your hardware should be compatible (BIOS should be updated).
For details just check the link.........CLICK HERE
Friday, June 11, 2010
GSM technology
GSM initially stood for Group Spécial Mobile, the CEPT (Conference of European Posts & Telegraphs) formed the group to develop a Pan-European cellular system to replace the many systems already in place in Europe that were all incompatible.The main features of GSM were to be International Roaming ability, good sound quality, small cheap handsets and ability to handle high volumes of users. GSM was taken over in 1989 by the ETSI (European Telecommunications Standards Institute) and they finalised the GSM standard in 1990. GSM service started in 1991. It was also renamed this year to Global System for Mobile communications (GSM).
For details plz check http://hakindia007.my3gb.com/GSM%20Technologies.docx
Standards in wireless telephone networks
for more details plz chek.............http://hakindia007.my3gb.com/2807_file_Standards_in_wireless_telephone_networks_TP_2003.pdf
For details plz check http://hakindia007.my3gb.com/GSM%20Technologies.docx
Standards in wireless telephone networks
for more details plz chek.............http://hakindia007.my3gb.com/2807_file_Standards_in_wireless_telephone_networks_TP_2003.pdf
Mobile Virus
A mobile virus is an electronic virus that targets mobile phones or wireless-enabled Pads.
As wireless phone and PDA networks become more numerous and more complex, it has become more difficult to secure them against electronic attacks in the form of viruses or other malicious software
History
The first instance of a mobile virus occurred in June 2004 when it was discovered that a company called Ojam had engineered an anti-piracy Trojan virus in older versions of their mobile phone game Mosquito. This virus sent SMS text messages to the company without the user's knowledge. This virus was removed from more recent versions of the game; however it still exists on older, unlicensed versions. These older versions may still be distributed on file-sharing networks and free software download web sites.
In July 2004, computer hobbyists released a proof-of-concept mobile virus named Cabir. This virus replicates itself on Bluetooth wireless networks.
In March 2005 it was reported that a computer worm called Commwarrior-A has been infecting Symbian series 60 mobile phones. This worm replicates itself through the phone's Multimedia Messaging System (MMS). It sends copies of itself to other phone owners listed in the phone user's address book. Although the worm is not considered harmful, experts agree that it heralds a new age of electronic attacks on mobile phones.
Common mobile viruses
Cabir: Infects mobile phones running on Symbian OS. When a phone is infected, the message 'Caribe' is displayed on the phone's display and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals.
Duts: A parasitic file infecter virus and is the first known virus for the PocketPC platform. It attempts to infect all EXE files in the current directory (infects files that are bigger than 4096 bytes)
Skulls: A trojan horse piece of code. Once downloaded, the virus, called Skulls, replaces all phone desktop icons with images of a skull. It also will render all phone applications, including SMSes and MMSes useless
Commwarrior: First worm to use MMS messages in order to spread to other devices. Can spread through Bluetooth as well. It infects devices running under OS Symbian Series 60. The executable worm file once launched hunts for accessible Bluetooth devices and sends the infected files under a random name to various devices.
As wireless phone and PDA networks become more numerous and more complex, it has become more difficult to secure them against electronic attacks in the form of viruses or other malicious software
History
The first instance of a mobile virus occurred in June 2004 when it was discovered that a company called Ojam had engineered an anti-piracy Trojan virus in older versions of their mobile phone game Mosquito. This virus sent SMS text messages to the company without the user's knowledge. This virus was removed from more recent versions of the game; however it still exists on older, unlicensed versions. These older versions may still be distributed on file-sharing networks and free software download web sites.
In July 2004, computer hobbyists released a proof-of-concept mobile virus named Cabir. This virus replicates itself on Bluetooth wireless networks.
In March 2005 it was reported that a computer worm called Commwarrior-A has been infecting Symbian series 60 mobile phones. This worm replicates itself through the phone's Multimedia Messaging System (MMS). It sends copies of itself to other phone owners listed in the phone user's address book. Although the worm is not considered harmful, experts agree that it heralds a new age of electronic attacks on mobile phones.
Common mobile viruses
Cabir: Infects mobile phones running on Symbian OS. When a phone is infected, the message 'Caribe' is displayed on the phone's display and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals.
Duts: A parasitic file infecter virus and is the first known virus for the PocketPC platform. It attempts to infect all EXE files in the current directory (infects files that are bigger than 4096 bytes)
Skulls: A trojan horse piece of code. Once downloaded, the virus, called Skulls, replaces all phone desktop icons with images of a skull. It also will render all phone applications, including SMSes and MMSes useless
Commwarrior: First worm to use MMS messages in order to spread to other devices. Can spread through Bluetooth as well. It infects devices running under OS Symbian Series 60. The executable worm file once launched hunts for accessible Bluetooth devices and sends the infected files under a random name to various devices.
Thursday, May 20, 2010
The Five A’s that Make Cybercrime so Attractive
Botnets, Trojans and Phishing…Oh my! The dedicated researchers at Symantec are at it again, scaring the living daylights out of companies and consumers with overwhelming evidence that the web is indeed a dark and foreboding place. If you wade through the nearly one hundred pages of gloom and doom in Symantec’s recent Global Internet Security Threat Report for 2009 you’ll want to either stock up on more security protection software or give up on the idea that any web transaction is every really secure. And if Symantec’s new report isn’t enough to rattle you, check out similar regular reports from any of the other big security players—McAfee, RSA, Trend Micro or CyberSource’s 2010 Online Fraud Report.
So why is e-commerce so fraught with risk despite the huge amount of money, effort, and technology devoted to making the online world safe? that’s simple: Because crime in the virtual realm has a lot going for it compared with traditional crime in the physical realm. Why use a gun to commit a robbery when you can use credit cards and stolen identities? Every fraudster, scammer and organized cybercriminal knows the five Big A’s: The five big advantages of doing crime online.
1. Affordability: You don’t need much more than a computer and an internet connection to commit virtual crimes.
2. Acceptable Risk: Cybercriminals bear a low risk of being caught or prosecuted.
3. Attractiveness: The universe of opportunity to commit cybercrimes is virtually unbounded.
4. Availability: With the help of automation, cybercriminals can operate a 24 x 7 criminal enterprise.
The critical fifth advantageous “A” is one that fraudsters know a lot about because without it they’re out of business: Anonymity.
The inherent anonymity of the Internet is a critical element that enables fraudsters to freely commit deception that leads to profit. As long as computers and people are vulnerable to hacking—both always have been, and always will be—cybercriminals will take advantage of the anonymity the Internet affords them.
There’s another “A” word that fraudsters are aware of that is a disadvantage to web fraud: Anomaly. Fraudsters manipulate computers to hide their tracks, and these attempts to mask the truth can trip them up. Take IP addresses for example. Lots of web sites—banks, social networks, internet retailers and many more—use your IP address to identify your computer and ancillary information, like its geolocation. Fraudsters use hidden proxies that conceal their true device location via an alternate IP address. By using a hidden proxy scammers can pretend to be in one location, frequently a U.S. city, when the device they are actually using to execute a fraudulent transaction is located in another country altogether. Our customers see this cloaking trick all the time. They’re able to go around hidden proxies to get the true IP address and geolocation which gives them another way to decide whether to trust—or block—the computer from their site.
I suspect fraudsters—mostly off-shore organized criminals—don’t read the state-of-information-security reports from the big security vendors, or if they do they use the information to advance their technology or adjust their tactics. In my next column I’ll shed more light on another powerful weapon of the cybercriminals that shows up in every security vendor report: botnets.
So why is e-commerce so fraught with risk despite the huge amount of money, effort, and technology devoted to making the online world safe? that’s simple: Because crime in the virtual realm has a lot going for it compared with traditional crime in the physical realm. Why use a gun to commit a robbery when you can use credit cards and stolen identities? Every fraudster, scammer and organized cybercriminal knows the five Big A’s: The five big advantages of doing crime online.
1. Affordability: You don’t need much more than a computer and an internet connection to commit virtual crimes.
2. Acceptable Risk: Cybercriminals bear a low risk of being caught or prosecuted.
3. Attractiveness: The universe of opportunity to commit cybercrimes is virtually unbounded.
4. Availability: With the help of automation, cybercriminals can operate a 24 x 7 criminal enterprise.
The critical fifth advantageous “A” is one that fraudsters know a lot about because without it they’re out of business: Anonymity.
The inherent anonymity of the Internet is a critical element that enables fraudsters to freely commit deception that leads to profit. As long as computers and people are vulnerable to hacking—both always have been, and always will be—cybercriminals will take advantage of the anonymity the Internet affords them.
There’s another “A” word that fraudsters are aware of that is a disadvantage to web fraud: Anomaly. Fraudsters manipulate computers to hide their tracks, and these attempts to mask the truth can trip them up. Take IP addresses for example. Lots of web sites—banks, social networks, internet retailers and many more—use your IP address to identify your computer and ancillary information, like its geolocation. Fraudsters use hidden proxies that conceal their true device location via an alternate IP address. By using a hidden proxy scammers can pretend to be in one location, frequently a U.S. city, when the device they are actually using to execute a fraudulent transaction is located in another country altogether. Our customers see this cloaking trick all the time. They’re able to go around hidden proxies to get the true IP address and geolocation which gives them another way to decide whether to trust—or block—the computer from their site.
I suspect fraudsters—mostly off-shore organized criminals—don’t read the state-of-information-security reports from the big security vendors, or if they do they use the information to advance their technology or adjust their tactics. In my next column I’ll shed more light on another powerful weapon of the cybercriminals that shows up in every security vendor report: botnets.
Phishing latest technique
Dear all this new technique i learn from my friend Prashant.I think you like
This method is the easiest method till this time for making fake pages.
steps are given below.
well make an account on my3gb.com
then copy the webpage whose fake page you want to create(Like gmail,Yahoomail,Orkut etc)
then open source code search method=post
in this place https://www.google.com/accounts/ServiceLoginAuth?service=mail paste or write safin.php .
save this .
now upload this page along with that safin.php to my3gb.com (they should be in same directory)
now gmail.html is your fake fage.
for checking the result open your my3gb account, in the same directory you will gotthe id & password of the Victim.
For script leave your email id on this blog in comment section.
This method is the easiest method till this time for making fake pages.
steps are given below.
well make an account on my3gb.com
then copy the webpage whose fake page you want to create(Like gmail,Yahoomail,Orkut etc)
then open source code search method=post
in this place https://www.google.com/accounts/ServiceLoginAuth?service=mail paste or write safin.php .
save this .
now upload this page along with that safin.php to my3gb.com (they should be in same directory)
now gmail.html is your fake fage.
for checking the result open your my3gb account, in the same directory you will gotthe id & password of the Victim.
For script leave your email id on this blog in comment section.
Thursday, May 13, 2010
firewall
A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices which is configured to permit or deny computer applications based upon a set of rules and other criteria.
Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
There are several types of firewall techniques:
1. Packet filter: Packet filtering inspects each packet passing through the network and accepts or rejects it based on user-defined rules. Although difficult to configure, it is fairly effective and mostly transparent to its users. It is susceptible to IP spoofing.
- Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.
- Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
- Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.
Saturday, May 8, 2010
IDS/IPS (SNORT)
Snort is an open source IDS (Intrusion detection system) written by Martin Roesch.
It was bought by the commercial company SourceFire which was bought itself by the FireWall Giant CheckPoint in 2005.
Like Tcpdump, Snort uses the libpcap library to capture packets.
Snort can be runned in 4 modes:
- sniffer mode: snort will read the network traffic and print them to the screen.
- packet logger mode: snort will record the network traffic on a file
- IDS mode: network traffic matching security rules will be recorded (mode used in our tutorial)
- IPS mode: also known as snort-inline (IPS = Intrusion prevention system)
Snort is a very powerful tool and is known to be one of the best IDS on the market even when compared to commercial IDS.
A lot of people in the very active snort community are sharing their security rules which is very useful if you are not an security expert and wants to have up-to-date rules.
The SourceFire company is releasing very frequent new security rules that can be downloaded either for free some days after their releases or immediatly but for money.
By chance, The bleedingsnort community create security rules for free directly after their releases.
Another tool is needed to display the logs generated by the Snort IDS and sent into the database. This tool is BASE for Basic Analysis and Security Engine. It is in fact a php script displaying alerts on a web interface.
It was bought by the commercial company SourceFire which was bought itself by the FireWall Giant CheckPoint in 2005.
Like Tcpdump, Snort uses the libpcap library to capture packets.
Snort can be runned in 4 modes:
- sniffer mode: snort will read the network traffic and print them to the screen.
- packet logger mode: snort will record the network traffic on a file
- IDS mode: network traffic matching security rules will be recorded (mode used in our tutorial)
- IPS mode: also known as snort-inline (IPS = Intrusion prevention system)
Snort is a very powerful tool and is known to be one of the best IDS on the market even when compared to commercial IDS.
A lot of people in the very active snort community are sharing their security rules which is very useful if you are not an security expert and wants to have up-to-date rules.
The SourceFire company is releasing very frequent new security rules that can be downloaded either for free some days after their releases or immediatly but for money.
By chance, The bleedingsnort community create security rules for free directly after their releases.
Another tool is needed to display the logs generated by the Snort IDS and sent into the database. This tool is BASE for Basic Analysis and Security Engine. It is in fact a php script displaying alerts on a web interface.
Windows Registry Tutorial
Windows Registry Tutorial
________________________________________
Overview
The Registry is a database used to store settings and options for the 32 bit versions of Microsoft Windows including Windows 95, 98, ME and NT/2000. It contains information and settings for all the hardware, software, users, and preferences of the PC. Whenever a user makes changes to a Control Panel settings, or File Associations, System Policies, or installed software, the changes are reflected and stored in the Registry.
The physical files that make up the registry are stored differently depending on your version of Windows; under Windows 95 & 98 it is contained in two hidden files in your Windows directory, called USER.DAT and SYSTEM.DAT, for Windows Me there is an additional CLASSES.DAT file, while under Windows NT/2000 the files are contained seperately in the %SystemRoot%\System32\Config directory. You can not edit these files directly, you must use a tool commonly known as a "Registry Editor" to make any changes (using registry editors will be discussed later in the article).
The Structure of the Registry
The Registry has a hierarchal structure, although it looks complicated the structure is similar to the directory structure on your hard disk, with Regedit being similar to Windows Explorer.
Each main branch (denoted by a folder icon in the Registry Editor, see left) is called a Hive, and Hives contains Keys. Each key can contain other keys (sometimes referred to as sub-keys), as well as Values. The values contain the actual information stored in the Registry. There are three types of values; String, Binary, and DWORD - the use of these depends upon the context.
There are six main branches, each containing a specific portion of the information stored in the Registry. They are as follows:
o HKEY_CLASSES_ROOT - This branch contains all of your file association mappings to support the drag-and-drop feature, OLE information, Windows shortcuts, and core aspects of the Windows user interface.
o HKEY_CURRENT_USER - This branch links to the section of HKEY_USERS appropriate for the user currently logged onto the PC and contains information such as logon names, desktop settings, and Start menu settings.
o HKEY_LOCAL_MACHINE - This branch contains computer specific information about the type of hardware, software, and other preferences on a given PC, this information is used for all users who log onto this computer.
o HKEY_USERS - This branch contains individual preferences for each user of the computer, each user is represented by a SID sub-key located under the main branch.
o HKEY_CURRENT_CONFIG - This branch links to the section of HKEY_LOCAL_MACHINE appropriate for the current hardware configuration.
o HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use with the Plug-&-Play features of Windows, this section is dymanic and will change as devices are added and removed from the system.
Each registry value is stored as one of five main data types:
o REG_BINARY - This type stores the value as raw binary data. Most hardware component information is stored as binary data, and can be displayed in an editor in hexadecimal format.
o REG_DWORD - This type represents the data by a four byte number and is commonly used for boolean values, such as "0" is disabled and "1" is enabled. Additionally many parameters for device driver and services are this type, and can be displayed in REGEDT32 in binary, hexadecimal and decimal format, or in REGEDIT in hexadecimal and decimal format.
o REG_EXPAND_SZ - This type is an expandable data string that is string containing a variable to be replaced when called by an application. For example, for the following value, the string "%SystemRoot%" will replaced by the actual location of the directory containing the Windows NT system files. (This type is only available using an advanced registry editor such as REGEDT32)
o REG_MULTI_SZ - This type is a multiple string used to represent values that contain lists or multiple values, each entry is separated by a NULL character. (This type is only available using an advanced registry editor such as REGEDT32)
o REG_SZ - This type is a standard string, used to represent human readable text values.
Other data types not available through the standard registry editors include:
o REG_DWORD_LITTLE_ENDIAN - A 32-bit number in little-endian format.
o REG_DWORD_BIG_ENDIAN - A 32-bit number in big-endian format.
o REG_LINK - A Unicode symbolic link. Used internally; applications should not use this type.
o REG_NONE - No defined value type.
o REG_QWORD - A 64-bit number.
o REG_QWORD_LITTLE_ENDIAN - A 64-bit number in little-endian format.
o REG_RESOURCE_LIST - A device-driver resource list.
Editing the Registry
The Registry Editor (REGEDIT.EXE) is included with most version of Windows (although you won't find it on the Start Menu) it enables you to view, search and edit the data within the Registry. There are several methods for starting the Registry Editor, the simplest is to click on the Start button, then selectRun, and in the Open box type "regedit", and if the Registry Editor is installed it should now open and look like the image below.
An alternative Registry Editor (REGEDT32.EXE) is available for use with Windows NT/2000, it includes some additional features not found in the standard version, including; the ability to view and modify security permissions, and being able to create and modify the extended string values REG_EXPAND_SZ & REG_MULTI_SZ.
Create a Shortcut to Regedit
This can be done by simply right-clicking on a blank area of your desktop, selecting New, then Shortcut, then in the Command line box enter "regedit.exe" and click Next, enter a friendly name (e.g. 'Registry Editor') then click Finish and now you can double click on the new icon to launch the Registry Editor.
Using Regedit to modify your Registry
Once you have started the Regedit you will notice that on the left side there is a tree with folders, and on the right the contents (values) of the currently selected folder.
Like Windows explorer, to expand a certain branch (see the structure of the registry section), click on the plus sign [+] to the left of any folder, or just double-click on the folder. To display the contents of a key (folder), just click the desired key, and look at the values listed on the right side. You can add a new key or value by selecting New from the Edit menu, or by right-clicking your mouse. And you can rename any value and almost any key with the same method used to rename files; right-click on an object and click rename, or click on it twice (slowly), or just press F2 on the keyboard. Lastly, you can delete a key or value by clicking on it, and pressing Delete on the keyboard, or by right-clicking on it, and choosing Delete.
Note: it is always a good idea to backup your registry before making any changes to it. It can be intimidating to a new user, and there is always the possibility of changing or deleting a critical setting causing you to have to reinstall the whole operating system. It's much better to be safe than sorry!
Importing and Exporting Registry Settings
A great feature of the Registry Editor is it's ability to import and export registry settings to a text file, this text file, identified by the .REG extension, can then be saved or shared with other people to easily modify local registry settings. You can see the layout of these text files by simply exporting a key to a file and opening it in Notepad, to do this using the Registry Editor select a key, then from the "Registry" menu choose "Export Registry File...", choose a filename and save. If you open this file in notepad you will see a file similar to the example below:
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\Setup]
"SetupType"=dword:00000000
"CmdLine"="setup -newsetup"
"SystemPrefix"=hex:c5,0b,00,00,00,40,36,02
The layout is quite simple, REGEDIT4 indicated the file type and version,[HKEY_LOCAL_MACHINE\SYSTEM\Setup] indicated the key the values are from, "SetupType"=dword:00000000 are the values themselves the portion after the "=" will vary depending on the type of value they are; DWORD, Stringor Binary.
So by simply editing this file to make the changes you want, it can then be easily distributed and all that need to be done is to double-click, or choose "Import" from the Registry menu, for the settings to be added to the system Registry.
Deleting keys or values using a REG file
It is also possible to delete keys and values using REG files. To delete a key start by using the same format as the the REG file above, but place a "-" symbol in front of the key name you want to delete. For example to delete the [HKEY_LOCAL_MACHINE\SYSTEM\Setup] key the reg file would look like this:
REGEDIT4
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup]
The format used to delete individual values is similar, but instead of a minus sign in front of the whole key, place it after the equal sign of the value. For example, to delete the value "SetupType" the file would look like:
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\Setup]
"SetupType"=-
Use this feature with care, as deleting the wrong key or value could cause major problems within the registry, so remember to always make a backup first.
Regedit Command Line Options
Regedit has a number of command line options to help automate it's use in either batch files or from the command prompt. Listed below are some of the options, please note the some of the functions are operating system specific.
regedit.exe [options] [filename] [regpath]
[filename] Import .reg file into the registry
/s [filename] Silent import, i.e. hide confirmation box when importing files
/e [filename] [regpath] Export the registry to [filename] starting at [regpath] e.g. regedit /e file.reg HKEY_USERS\.DEFAULT
/L:system Specify the location of the system.dat to use
/R:user Specify the location of the user.dat to use
C [filename] Compress (Windows 98)
/D [regpath] Delete the specified key (Windows 98)
Maintaining the Registry
On Windows NT you can use either the "Last Known Good" option or RDISK to restore to registry to a stable working configuration.
How can I clean out old data from the Registry?
Although it's possible to manually go through the Registry and delete unwanted entries, Microsoft provides a tool to automate the process, the program is called RegClean. RegClean analyzes Windows Registry keys stored in a common location in the Windows Registry. It finds keys that contain erroneous values, it removes them from the Windows Registry after having recording those entries in the Undo.Reg file.
________________________________________
Overview
The Registry is a database used to store settings and options for the 32 bit versions of Microsoft Windows including Windows 95, 98, ME and NT/2000. It contains information and settings for all the hardware, software, users, and preferences of the PC. Whenever a user makes changes to a Control Panel settings, or File Associations, System Policies, or installed software, the changes are reflected and stored in the Registry.
The physical files that make up the registry are stored differently depending on your version of Windows; under Windows 95 & 98 it is contained in two hidden files in your Windows directory, called USER.DAT and SYSTEM.DAT, for Windows Me there is an additional CLASSES.DAT file, while under Windows NT/2000 the files are contained seperately in the %SystemRoot%\System32\Config directory. You can not edit these files directly, you must use a tool commonly known as a "Registry Editor" to make any changes (using registry editors will be discussed later in the article).
The Structure of the Registry
The Registry has a hierarchal structure, although it looks complicated the structure is similar to the directory structure on your hard disk, with Regedit being similar to Windows Explorer.
Each main branch (denoted by a folder icon in the Registry Editor, see left) is called a Hive, and Hives contains Keys. Each key can contain other keys (sometimes referred to as sub-keys), as well as Values. The values contain the actual information stored in the Registry. There are three types of values; String, Binary, and DWORD - the use of these depends upon the context.
There are six main branches, each containing a specific portion of the information stored in the Registry. They are as follows:
o HKEY_CLASSES_ROOT - This branch contains all of your file association mappings to support the drag-and-drop feature, OLE information, Windows shortcuts, and core aspects of the Windows user interface.
o HKEY_CURRENT_USER - This branch links to the section of HKEY_USERS appropriate for the user currently logged onto the PC and contains information such as logon names, desktop settings, and Start menu settings.
o HKEY_LOCAL_MACHINE - This branch contains computer specific information about the type of hardware, software, and other preferences on a given PC, this information is used for all users who log onto this computer.
o HKEY_USERS - This branch contains individual preferences for each user of the computer, each user is represented by a SID sub-key located under the main branch.
o HKEY_CURRENT_CONFIG - This branch links to the section of HKEY_LOCAL_MACHINE appropriate for the current hardware configuration.
o HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use with the Plug-&-Play features of Windows, this section is dymanic and will change as devices are added and removed from the system.
Each registry value is stored as one of five main data types:
o REG_BINARY - This type stores the value as raw binary data. Most hardware component information is stored as binary data, and can be displayed in an editor in hexadecimal format.
o REG_DWORD - This type represents the data by a four byte number and is commonly used for boolean values, such as "0" is disabled and "1" is enabled. Additionally many parameters for device driver and services are this type, and can be displayed in REGEDT32 in binary, hexadecimal and decimal format, or in REGEDIT in hexadecimal and decimal format.
o REG_EXPAND_SZ - This type is an expandable data string that is string containing a variable to be replaced when called by an application. For example, for the following value, the string "%SystemRoot%" will replaced by the actual location of the directory containing the Windows NT system files. (This type is only available using an advanced registry editor such as REGEDT32)
o REG_MULTI_SZ - This type is a multiple string used to represent values that contain lists or multiple values, each entry is separated by a NULL character. (This type is only available using an advanced registry editor such as REGEDT32)
o REG_SZ - This type is a standard string, used to represent human readable text values.
Other data types not available through the standard registry editors include:
o REG_DWORD_LITTLE_ENDIAN - A 32-bit number in little-endian format.
o REG_DWORD_BIG_ENDIAN - A 32-bit number in big-endian format.
o REG_LINK - A Unicode symbolic link. Used internally; applications should not use this type.
o REG_NONE - No defined value type.
o REG_QWORD - A 64-bit number.
o REG_QWORD_LITTLE_ENDIAN - A 64-bit number in little-endian format.
o REG_RESOURCE_LIST - A device-driver resource list.
Editing the Registry
The Registry Editor (REGEDIT.EXE) is included with most version of Windows (although you won't find it on the Start Menu) it enables you to view, search and edit the data within the Registry. There are several methods for starting the Registry Editor, the simplest is to click on the Start button, then selectRun, and in the Open box type "regedit", and if the Registry Editor is installed it should now open and look like the image below.
An alternative Registry Editor (REGEDT32.EXE) is available for use with Windows NT/2000, it includes some additional features not found in the standard version, including; the ability to view and modify security permissions, and being able to create and modify the extended string values REG_EXPAND_SZ & REG_MULTI_SZ.
Create a Shortcut to Regedit
This can be done by simply right-clicking on a blank area of your desktop, selecting New, then Shortcut, then in the Command line box enter "regedit.exe" and click Next, enter a friendly name (e.g. 'Registry Editor') then click Finish and now you can double click on the new icon to launch the Registry Editor.
Using Regedit to modify your Registry
Once you have started the Regedit you will notice that on the left side there is a tree with folders, and on the right the contents (values) of the currently selected folder.
Like Windows explorer, to expand a certain branch (see the structure of the registry section), click on the plus sign [+] to the left of any folder, or just double-click on the folder. To display the contents of a key (folder), just click the desired key, and look at the values listed on the right side. You can add a new key or value by selecting New from the Edit menu, or by right-clicking your mouse. And you can rename any value and almost any key with the same method used to rename files; right-click on an object and click rename, or click on it twice (slowly), or just press F2 on the keyboard. Lastly, you can delete a key or value by clicking on it, and pressing Delete on the keyboard, or by right-clicking on it, and choosing Delete.
Note: it is always a good idea to backup your registry before making any changes to it. It can be intimidating to a new user, and there is always the possibility of changing or deleting a critical setting causing you to have to reinstall the whole operating system. It's much better to be safe than sorry!
Importing and Exporting Registry Settings
A great feature of the Registry Editor is it's ability to import and export registry settings to a text file, this text file, identified by the .REG extension, can then be saved or shared with other people to easily modify local registry settings. You can see the layout of these text files by simply exporting a key to a file and opening it in Notepad, to do this using the Registry Editor select a key, then from the "Registry" menu choose "Export Registry File...", choose a filename and save. If you open this file in notepad you will see a file similar to the example below:
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\Setup]
"SetupType"=dword:00000000
"CmdLine"="setup -newsetup"
"SystemPrefix"=hex:c5,0b,00,00,00,40,36,02
The layout is quite simple, REGEDIT4 indicated the file type and version,[HKEY_LOCAL_MACHINE\SYSTEM\Setup] indicated the key the values are from, "SetupType"=dword:00000000 are the values themselves the portion after the "=" will vary depending on the type of value they are; DWORD, Stringor Binary.
So by simply editing this file to make the changes you want, it can then be easily distributed and all that need to be done is to double-click, or choose "Import" from the Registry menu, for the settings to be added to the system Registry.
Deleting keys or values using a REG file
It is also possible to delete keys and values using REG files. To delete a key start by using the same format as the the REG file above, but place a "-" symbol in front of the key name you want to delete. For example to delete the [HKEY_LOCAL_MACHINE\SYSTEM\Setup] key the reg file would look like this:
REGEDIT4
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup]
The format used to delete individual values is similar, but instead of a minus sign in front of the whole key, place it after the equal sign of the value. For example, to delete the value "SetupType" the file would look like:
REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\Setup]
"SetupType"=-
Use this feature with care, as deleting the wrong key or value could cause major problems within the registry, so remember to always make a backup first.
Regedit Command Line Options
Regedit has a number of command line options to help automate it's use in either batch files or from the command prompt. Listed below are some of the options, please note the some of the functions are operating system specific.
regedit.exe [options] [filename] [regpath]
[filename] Import .reg file into the registry
/s [filename] Silent import, i.e. hide confirmation box when importing files
/e [filename] [regpath] Export the registry to [filename] starting at [regpath] e.g. regedit /e file.reg HKEY_USERS\.DEFAULT
/L:system Specify the location of the system.dat to use
/R:user Specify the location of the user.dat to use
C [filename] Compress (Windows 98)
/D [regpath] Delete the specified key (Windows 98)
Maintaining the Registry
On Windows NT you can use either the "Last Known Good" option or RDISK to restore to registry to a stable working configuration.
How can I clean out old data from the Registry?
Although it's possible to manually go through the Registry and delete unwanted entries, Microsoft provides a tool to automate the process, the program is called RegClean. RegClean analyzes Windows Registry keys stored in a common location in the Windows Registry. It finds keys that contain erroneous values, it removes them from the Windows Registry after having recording those entries in the Undo.Reg file.
Troubleshooting the Windows Registry
Introduction
The Windows registry is nothing more than a database of the hardware and software installed on your computer. Your operating system uses instructions stored in the registry to determine how installed software and hardware should function. Normally, software you purchase will include a standard Windows installer that writes to the registry during installation. If you’re asked to restart your computer after installing software, you can be reasonably sure the registry has been modified.
Some software does not include the standard installer, or uses no installer at all. Software that does not require an installer can usually be run from any location on your computer. The registry also prevents you from copying installed software from one computer to another. It “binds” software to your computer and your computer only.
Diagnosis: When things go wrong
Normally, a casual computer user never has to locate, view, or edit the registry; but sometimes hardware conflicts and improperly installed software make these tasks a necessity. Symptoms pointing to a registry problem include
• consistent error dialog boxes that refer to missing Dynamic Linked Libraries (DLLs)
• missing Virtual device driver (VxD) files
• new or partially installed drivers conflicting with vestiges of old drivers
• extremely slow boot and/or shut-down processes
• slow performance after the computer has completed the boot process
• system “freezes”
• trouble installing or removing applications
If you encounter any of these symptoms, you should first try to uninstall the application reporting the errors. Often, this process will remove the DLLs and registry entries that are giving you problems. If you have already tried this strategy, however, and you suspect you may have a registry problem, you should next try to reboot your computer into Safe Mode.
To boot your computer into Safe Mode in Vista or Windows XP, press the F8 key before or just as the Windows splash screen appears. A boot menu will appear. You can select either Safe Mode or Safe Mode with Networking. Other versions of Windows have similar Safe Mode procedures. Consult your user manual for full details about these procedures.
How to fix registry problems
The easiest way to fix registry problems is to use either a free or commercially available registry cleaner. Before you download and install these applications, you should back up your registry in case anything unexpected happens in the process. This will allow you to return your computer to the state it was in before the repair process. It is also a good idea to periodically back up your registry, even when your computer is running smoothly. Below are backup and restoration instructions for three Windows systems. If you use another version of Windows, the procedures are similar.
Follow these steps to back up and restore the registry for Windows 2000 or Windows XP.
Backing up the registry
1. Click Start, click Run, type %SystemRoot%\system32\restore\rstrui.exe and then click OK.
2. On the Welcome to System Restore page, click “Create a restore point” and then click Next.
3. On the Create a Restore Point page, type a name for the restore point and then click Create.
4. After the restore point has been created, click Close.
Restoring the registry
1. Click Start, click Run, type %SystemRoot%\System32\Restore\Rstrui.exe and then click OK.
2. On the Welcome to System Restore page, click Restore my computer to an earlier time (if it is not already selected), and then click Next.
3. On the Select a Restore Point page, click the system checkpoint. In the On this list select the restore point area, click an entry that is named "Guided Help (Registry Backup)," and then click Next. If a System Restore message appears that lists configuration changes that System Restore will make, click OK.
4. On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows XP configuration and then restarts the computer.
5. Log on to the computer. When the System Restore confirmation page appears, click OK.
You can use the following backup and restore processes in Windows Vista
Backing up the registry
1. Click Start
2. Select Run from the Menu
3. When the Run Dialog Box appears type regedit (The windows registry editor will now appear.)
4. Click the File menu option and from its menu, select Export
5. Select the All option in the Export Registry File dialog
6. Type a name for the file you wish to export
7. Click Save.
Restoring the registry
To restore the registry to its saved state in the event of a system failure, click File and select Import from the drop-down menu.
Using a commercially available registry cleaner
The author identifies two programs below that will allow you to safely scan for, clean, and repair a variety of registry problems. While they are capable of solving many registry problems, there are many others available that are equally suited for this task. Thus, we do not recommend one software application over another; rather, we describe these two in order to give you an idea of what to expect from a typical registry cleaning program.
Registry Mechanic (http://www.pctools.com/registry-mechanic/) is a fairly complete, user-friendly registry cleaner that allows you to diagnose and fix problems with a few mouse clicks. This program uses its own backup process before the scan begins so you can return to the computer’s initial state in case anything goes wrong. When you click Start Scan, the program will begin to look for unused or broken registry entries. This process may take a few moments. When bad entries are found, you may then choose to repair or delete them individually or allow the program to repair everything automatically. If you are an experienced user, you may wish to look at the list at a granular level to make sure the deletion process has minimal impact on the programs you regularly use. If you are a novice, allow the program to automatically repair registry problems.
CCleaner (http://www.ccleaner.com/) is a free PC optimization utility that not only cleans the registry but also manages Windows components (file cache, recycle bin, temporary files, and more). It also features its own Uninstaller menu, thereby allowing you to maintain your collection of software, too. CCleaner can be set to run on startup or manually. You can either click Analyze, to see what will be removed before deleting any files, or Run Cleaner, which will analyze and clean all in one process.
How to prevent registry problems
You can avoid registry problems by following a few basic guidelines. The following is not a complete list of preventive measures, but will help you avoid a majority of registry-related problems.
• Shut down your Windows PC with the standard [start] -> shut down procedure. Interrupting this procedure by a “forced shutdown” may corrupt the registry because Windows frequently writes to the registry at this time. A forced shutdown may result in the addition of a partially written file to the registry. The next time you turn on your computer, you may see signs of corruption. Laptop/notebook users should take heed when the battery is low and shut down immediately. The shutdown procedure often requires a lot of hard disk access and, therefore, power. Some laptops immediately cut power in the event of extremely low battery power.
• Uninstall unwanted software or hardware with the vendor’s uninstall program. If an uninstaller did not come with your software, you may also use the standard Windows uninstaller, which is located in System -> Add/Remove Programs. Make sure you allow the Windows uninstaller to complete.
• Do not interrupt software installation procedures or upgrade procedures by forcing the system to shut down. On rare occasions when the system hangs or freezes it is necessary to hold down the power button until the system completely shuts down. However, performing a forced-shutdown after normal operation is not recommended, and doing so during an installation or upgrade is asking for trouble.
• Do not install drivers on top of drivers. If you are installing new drivers for a particular piece of hardware (a video card, for example), make sure to use an approved driver upgrade from the vendor. For example, installing non-standard monitor drivers alongside existing video card drivers from another vendor might cause problems.
• If you absolutely must manually install software from another vendor to work in conjunction with existing hardware, ensure that you completely remove the old drivers before installing anything new. For example, if you would like to update drivers to support your new widescreen monitor, it is a good idea to remove the current driver (thereby setting the driver to “unknown monitor”) before installing the new ones.
• Back up your registry occasionally, even during normal operating conditions, by using the methods described in the “How to fix registry problems” section.
If you frequently install and uninstall programs to try them out, it is a good idea to purchase a registry cleaning application and run it on a regular basis. If you are the organized type who regularly makes to-do lists for computer maintenance, you can put this task on the same schedule as the defragmentation process or a routine spyware check, for example. You may even notice that regular registry cleaning nets a significant increase in the speed and responsiveness of your computer.
Subscribe to:
Comments (Atom)