Everyone knows that there are countless INF files in my computer, but few know what the INF file is. At best, only the INF file can unlock the locked note.
What exactly is the INF file and what is the INF file capable? Today, let's join us in the mysterious world of INF files.
Unveil the secret of the INF file
INF is device information
File is a file format released by Microsoft for hardware device manufacturers. The inf file contains hardware device information or scripts to control hardware operations.
. The inf file specifies how the hardware driver is installed in the system, where the source file is, which folder the driver is installed in, and how to add relevant information to the Registry.
Drivers required to install monitors, modems, printers, and other devices all use the INF file. It is the credit of INF that Windows can find the drivers of these hardware devices and install them correctly.
Installation. When we add system components through "Start> Control Panel> add and delete Programs> Windows Installer", the INF file is automatically called. In other scenarios
Right-click the INF file and select "Install" to install the application.
A large number of INF files are stored in the C:/Windows/INF folder. This folder is generally hidden. If you want to view this folder, you can select View> folder option> View ", select "show all files" under "files and folders ".
Anatomy of the INF file structure
The inf file is actually a plain text file, which can be opened and edited by any text editing software, such as Notepad and wordpad. The inf file has a set of writing rules, and each inf file is strictly written according to these rules.
* Rule 1: The inf file is segmented. Each inf file contains many sections, and the section name is enclosed in square brackets. Some of these node names are defined by the system and some are customized by the user. Name of each node
The maximum length is 255 characters (in Windows 2000/XP/2003 operating system) or 28 characters (in Windows
98 ). There is no sequential difference between a section and a section. In addition, if two identical node names appear in the same inf file, the system automatically merges the entries under these two node names.
* Rule 2: The content between a section is an entry. Each section is composed of multiple entries, each entry is in the form of Signature = "$ Chicago $. If there are multiple values after an equal sign for each entry, separate each value with a comma.
* Rule 3: The inf file is case-insensitive.
* Rule 4: The content after ";" is a comment.
* Rule 5: if the content of a single entry is too large to be fully written in one row, use "/" to write the content of a row into multiple rows.
After understanding the rules of the INF file, let's dissect the structure of the INF file together.
1. Version Section
Each inf file contains such a section. The entries in this section mainly describe the device types supported by this INF file and the applicable operating system. In this section, if
"Signature =" $ Chicago $ "" indicates that the INF file is applicable to Windows
For all operating systems after 98, if an entry such as "Signature =" $ Windows NT $ "is contained, the INF file applies to Windows
2000/XP/2003 operating system, and the two must have one.
In this section,
[Deleteme]
Hkcu, "software/Microsoft/Windows/CurrentVersion/policies/system", "disableregstrytools"
HKLM, "Software/Microsoft/Windows/CurrentVersion/policies/system", "disableregstrytools"
Enter the name and save it as unlock. INF. The name is required and the extension must be INF.
Directly run the *. inf file
Install *. inf programmatically, for example, install the protocol driver packet. INF.
Right-click packet. inf and select "Install" from the menu.
After finding the registry, We can find
Hkey_classes_root/inffile/Shell/install/command
The corresponding key value is:
% SystemRoot %/system32/rundll32.exe setupapi, installhinfsection defaultinstall 132% 1
Use the preceding command line to set % 1 to the name of the. inf file to be installed. Call CreateProcess to install the specified inf file.
Use CreateProcess (...)
Command:
"Rundll32.exe setupapi, installhinfsection defaultinstall 132/" Your inf file name.
Open the disabled registry using the INF file
In Windows 2000 and XP, if the registry is disabled, it cannot be opened by importing the Registry file. (In the 98 System), I studied the INF file and found that the INF file can be used to open the registry. The following is the original file.
[Version]
Signature = "$ Windows NT $"
[Defainstall install]
Addreg = addreg. Reg
[Addreg. Reg]
Hkcu, "software/Microsoft/Windows/CurrentVersion/policies/system", disableregistrytools, % REG_DWORD %, 0
[Strings]
REG_DWORD = 0x00010001
REG_SZ = 0x00000000
REG_BINARY = 0x00000001
You just need to copy it and change the file name to *. inf and then right-click it to import it.
If you change "% REG_DWORD %, 0" to "% REG_DWORD %, 1", you can disable the registry.
What is autorun. inf?
Autorun. inf is a text configuration file, which can be edited using the text editing software. It can only be located in the root directory of the drive. This file contains commands that need to be run automatically, such as changed drive icons, running program files, and optional shortcut menus.
In fact, most users do not need the autorun. inf file to run the program. Therefore, we can disable the autorun function of the hard disk, even in the root directory of the hard disk
The autorun. inf file is recorded, and Windows does not run the specified program. As a result, hackers may use the autorun. inf file to intrude into the program.
INF file full name information
File is a file used to describe data information such as devices or files in the winodws operating system. The inf file is composed of standard ASCII codes, which can be viewed in any text editor.
Modify the content. In general, we always think that the INF file is the driver of the system device. In fact, this is a wrong idea. The reason why Windows prompts that the INF file is required when installing the driver of some hardware.
The inf file provides the device with a comprehensive description of hardware parameters and the corresponding driver file (DLL file. Just like watching the instruction book install computer hardware, we are
In Windows, the description is the INF file. The inf file is very powerful and can complete almost all functions of daily operations. You can think of it as a super batch under the Windows System
. To be familiar with and understand, or even compile an INF file, you must have a considerable understanding of its internal structure. Next let's take a look at the real look inside the INF file!
The inf file consists of three parts: Section, key, and value.
Key sections:
[Version] version description, mainly used for version control.
[Strings] string information for constant definition.
[Destinationdirs] defines the system path information.
[Sourcedisksnames] indicates the source disk information.
[Sourcedisksnames] indicates the name of the source disk.
[Defainstall install.
Other sections can be customized. An example is provided below.
Program code [version]
Signature = $ Chicago $
Provider = % author %
[Strings]
Product = "add File Association Demo"
Version = "1.0"
Author = "xunchi"
Copyright = "Copyright 2005"
Customfile = "inf"; modify the file name suffix
Program = "Notepad. EXE"; modify the name of the application to be associated
[Add. Reg]
Hkcr, "." % customfile %, "", flg_addreg_type_sz, % customfile % File
Hkcr, % customfile % file, "", flg_addreg_type_sz, installation information
Hkcr, % customfile % "file/shell", "", flg_addreg_type_sz, open
Hkcr, % customfile % "file/Shell/Open/command", "", flg_addreg_type_sz, % Program % 1
[Defainstall install]
Addreg = Add. Reg
In the [version] section, the "signature" item defines the operating system version in which the INF file needs to run. $ Windows NT $,
$ Chicago $, or $ windows
95 $ three values are available. Generally, you can select $ Chicago $. Item provider defines the creation source of the file, and % author % specifies the value of the author item. You can also
Customize other items to describe the version information of the INF file. This inf file is used to associate files, so it is mainly used to operate the Registry. For details, refer to [Add. Reg]. There are four statements in total in the format
Yes. Hkcr indicates the root hkey_classes_root, the second parameter is the sub-Key Path Name, the third parameter is the type of the value, and the last parameter is the value (see the appendix for details ). All of the above are
Operation definition and process. In section [defainstall install], the installation process is started. addreg indicates that the Registry is operated and the operation object is in section add. Reg.
. If you change addreg to delreg, the key value in the registry is deleted. Click the INF file and select "Install" from the menu to start the operation you have defined. The
In the example, right-click the system inf file and add the view and edit function and set the default action, because the installation of an unknown inf file may have a negative impact on the system, double-click the file to open
Edit the file.
Let's take a look at the file operations capabilities of the INF file. See the following example. Program code [version]
Signature = $ Chicago $
Provider = % author %
[Strings]
Product = "file copy and installation demonstration"
Version = "1.0"
Author = "xunchi"
Copyright = "Copyright 2005"
[Filelist]
Processlist.exe; the file is already in the current directory.
[Filelist1]
Wordpad.exe
[Destinationdirs]
Filelist = 11; installed in the Windows System directory
Filelist1 = 10; installed in the Windows directory
[Defainstall install]
Copyfiles = filelist, filelist1
The functions of the same section are similar to those of the previous example. Note that the newly generated section [filelist] is the custom section name, which represents a file group, and the [filelist1] is similar. In Section
In [destinationdirs], you must define the directory to which each file group is copied (for the meaning of each constant, see the appendix ). Copyfiles indicates the file group to be copied.
The inf file operation also includes the installation and uninstallation of the service (NT System) Program, and the INI file conversion. Because these operations are complex and complex, and there is a certain level of danger, we will have the opportunity to discuss them in depth next time.
Finally, let's take a look at the execution mechanism of the INF file. Do you want to simply execute "Install? Even though I do not know why, the knowledge level will not improve. In "Folder Options ",
Find the "Install" command of the INF file to see a string of commands. “Rundll32.exe setupapi, installhinfsection
Defaultinst_all 132
% 1 "indicates the command installhinfsection in the setupapi. dll file that runs the DLL file and passes it the name of the Start section.
Defaultinstall. The starting section can be customized. The execution of INF files can also be used in various programming tools that support API calls. So far, the structure and running mechanism of the INF file I
Now, let's get started with your thinking and let it work better for us.
Constant definition of registry operation:
----------------------------------------------------------
Constant root Value
Hkcr hkey_classes_root.
Hkcu HKEY_CURRENT_USER.
HKLM HKEY_LOCAL_MACHINE.
HKU HKEY_USERS.
-----------------------------------------------------------
Flg_addreg_append add characters after multiple strings
Flg_addreg_type_sz character type
Flg_addreg_type_multi_sz string type
Flg_addreg_type_expand_sz extended string type
Flg_addreg_type_binary binary value
Flg_addreg_type_dword DWORD Value
Flg_addreg_type_none Null Value
----------------------------------------------------------
Constant path defined in [destinationdirs]
----------------------------------------------------------
01 source directory (followed by path)
10 Windows Directory
11 Windows System directory
12 driver directory
17. inf file directory
18. Help file directory
20 font directory
21 root directories
24 application directory
25. shared directory
30 current root directory
50 System Directories
51 spool directory
52 spool driver directory
53 user configuration directory
----------------------------------------------------------
Operations defined in [defainstall install]
----------------------------------------------------------
Logconfig log file configuration
Copy files
Renfiles file name
Delfiles
Updateinis update inis
Updateinifields update ini Field
Add register item in addreg
Delreg Delete registration items
Ini2reg INIFILE to reg file
-----------------------------------------------------------
INF Functions
1. Copy, delete, or rename a file.
2. add or delete a project in the registry.
3. Modify important system settings files (such as autoexec. bat, config. sys, And. INI)
INF rules
INF
It is a plain text file, which is segmented. This is similar to an INI file. Each section is expanded with "[]", and each node name can contain a maximum of 255 characters (Windows
2000/XP/2003 operating system) or 28 characters (Windows
98 ). The content between a section is called an entry. Each section is composed of multiple entries. Each entry is separated by a, for example, a = "B ". If each entry has multiple values after the equal sign,
Then, each value is separated by a comma. INF is not case sensitive. The line comment statement command is ";", similar to 'in VB '. If a row cannot be written, use "/" to wrap the line.
INF running
. Inf
A file is a script file that is interpreted and executed by setupapi of windows. It runs in a simple and linear way, which means that the. inf file does not have a branch.
Statement, that is, a non-conditional statement. Once executed, it is run along a fixed route. It is run in units of a node. It starts from a [install] section and runs from top to bottom.
Line. If the entry is a section, it executes the entries in the subsection one by one, so it is recursively executed. To run the program on the window, right-click the file and click Install.
INF syntax structure
; Specify version and signature Section
[Version]
The system checks whether the current version is applicable according to signuure. If it is applicable, the system executes the command. Otherwise, the command is not executed. Of course, the Force installation is acceptable.
; For Win9x
Signature = "$ Chicago $"
; Winnt +
; Signature = "$ Windows NT $"
; Specifies the Installation File layout. This row is optional. If no layout information file is provided, the INF file must contain the [sourcedisksnames] and [sourcedisksfiles] sections.
Layoutfile = filename. inf
[Sourcedisksnames]
The [sourcedisksnames] section lists the drive letter sequence code, disk descriptor, disk volume number, and disk serial number of the source file.
The syntax of the statements in [sourcedisksnames] is:
Disk-ordinal = "disk-description", disk-label, disk-serial-Number
Here, disk-ordinal is a required sequence code, which identifies a source disk and has uniqueness. It can be set to an integer that increases from 1, 0 is not a valid drive letter sequence code. When multiple source disks exist, the serial number of the drive letter cannot be repeated.
Disk-description is a required disk descriptor. It is a string or string macro enclosed in double quotation marks to describe the content or purpose of the disk. The installation engine displays the string in the dialog box to prompt the user.
Disk-label is the volume ID of the source disk.
Disk-serial-number is not used, but must be set to 0.
[Sourcedisksfiles]
[Sourcedisksfiles] specifies the source file, drive letter sequence, and disk descriptor used during installation. The statement syntax in [sourcedisksfiles] is:
File-name = disk-number [, subdir] [, file-size]
The file-name parameter is required and is the name of the file on the source disk.
Disk-number is the drive letter sequence code that contains the source disk of the file-name specified file. The drive letter sequence code must be listed in [sourcedisksnames] and must be greater than or equal to 1.
Subdir is optional. It specifies the subdirectory of the source disk where the file is located. If it is omitted, the source disk is the default installation path.
File-size is optional, indicating the file size, in bytes.
[Destinationdirs]
; Specifies the default operation directory for copyfiles, renfiles, or delfiles entries
; Syntax file-list-Section = ldid, [subdir]
The ldid list is as follows:
; 01; Current Directory
; 04; Backup Directory
; 10; Windows Directory
; 11; System dir
; 12; iosubsys
; 13; command
; 14; Control Panel directory
; 15; printers directory
; 16; workgrou dir
; 17; INF dir
; 18; help dir
; 19; administration dir
; 20; Fonts
; 21; viewers
; 22; vmm32
; 23; color dir
; 25; shared dir
; 26; winboot
; 28; host winboot
; 30; root of boot drive
; 31; root of host drive of a virtual boot drive
; 32; Old windows dir if exists
The following example shows how to install it in the window/web directory.
; Defaultdestdir = 10, "Web"
The [install] section provides an overview of the INF file installation process, which recognizes other detailed actions in the file that contain the installation Information Section, is a real entry for Windows to build and install functions to identify the installation process and content
[Install]
The [install] section contains two types: [defainstall install] and [otherinstall ].
; [Defainstall install] The section name defaultinstall is explicitly specified in the Registry as described in the preceding table.
This section is also the first entry for the system to obtain the installation information in the INF file. When you right-click the INF file and select "Install", this section is executed.
; The [otherinstall] and [defainstall install] sections follow the same syntax, but must be explicitly called and are often used to define anti-installation actions.
; Default installation Section
[Defainstall install]
; Indicates the subsection for adding the registry. The custom node name is followed by the equal sign. For example, see [add ].
Addreg = add
; Indicates the subnode of the Registry to be deleted. The custom node name is after the equal sign.
Delreg = del
Specifies the file subsection to be copied for installation. The copyfiles command can replace the file being accessed by the system. These functions cannot be implemented through normal del and copy commands.
Copyfiles = cfile
Specifies the file subsections to be deleted for reverse installation. Multiple sections are separated by commas. If the file to be deleted is locked, the file will be placed in the system deletion queue and queued
When the system restarts, the file is automatically deleted.
Delfiles = delete a file segment
; [Delete a file segment]
; File Name List
; Example:
;A.exe
B. sys
; Rename the file segment
; Renfiles = rename a file segment
; [Rename a file segment]
; Syntax:
; [File-list-section]
; New-file-name, old-file-name
; File1, file2; modify the file name file1 to file2
; Update the content subsection of the INI file segment
Updateinis = Update INI file segment
; [Update INI file segment]
; Ini-file, ini-section, [old-ini-entry], [New-ini-entry], [flags]
Ini-file contains the. ini file name of the entry to be modified.
The ini-section contains the name of the node for which you want to change the entry.
; (Optional) old-ini-entry. The common format is key = value.
; New-ini-entry (optional)
; Key = value. Flags are optional operation tags
; Example
; % 01%/wincmd. ini, configuration, "installdir = % 01%"
; % 01%/wincmd. ini, configuration, "mainmenu = % 01%/Language/tcextmenu. MNU"
; Update INI file value content
Updateinifield =
; INI file updates the Registry
Ini2reg = AA. ini
; Update config. sys content
Updatecfgsys = Update autoexec. Bat segment
[Update autoexec. Bat segment]
; Update autoexec. Bat content
Updateautobat = update the autoexec. Bat segment
[Update autoexec. Bat segment]
Define the resource section, such as the resource file. When calling % REG_SZ %, it indicates 0x00000000.
[Strings]
REG_SZ = 0x00000000
REG_BINARY = 0x00000001
REG_DWORD = 0x00010001
; Customize the Section for adding registry entries
[Add]
Note the format: hkey (Root Key abbreviation), subkey (subkey), valuename (key value name), type (key value type), value (key value)
; Hkcu-> HKEY_CURRENT_USER
; Hkcr-> hkey_classes_root
; HKLM-> HKEY_LOCAL_MACHINE
; HKU-> HKEY_USERS
; HKU-> HKEY_USERS
; HKCC-> hkey_current_config
; Hkdd-> hkey_dyn_data
; Unban Registry Editor
Hkcu, software/Microsoft/Windows/CurrentVersion/policies/system, disableregistrytools
; Disable Internet Options of IE
Hkcu, software/policies/Microsoft/Internet Explorer/restrictions, nobrowseroptions, 1, 0
; Specific options in Internet Options of IE
Hkcu, software/policies/Microsoft/Internet Explorer/restrictions, nobrowseroptions, 1, 0
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, settings
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, homepage, 1, 0
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, generaltab
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, cache, 1, 0
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, history, 1, 0
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, colors
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, fonts
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, ages
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, accessibility, 1, 0
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, securitytab, 1, 0
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, secchangesettings, 1, 0
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, secaddsites
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, contenttab, 1, 0
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, ratings, 1, 0
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, certificates, 1, 0
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, certifpers
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, certifsite
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, certifpub
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, formsuggest, 1, 0
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, formsuggest passwords, 1, 0
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, wallet
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, profiles
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, connectionstab, 1, 0
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, connection wizard
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, connwiz admin lock, 1, 0
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, connection settings
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, proxy
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, AutoConfig
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, programstab
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, resetwebsettings
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, check_if_default, 1, 0
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, advancedtab, 1, 0
Hkcu, software/policies/Microsoft/Internet Explorer/control panel, advanced, 1, 0
; Unban download (available for separate use)
Hkcu, software/Microsoft/Windows/CurrentVersion/Internet Settings/zones/3, 1803, 1, 0
Automatically modify ie title bar text, home page, search page, etc.
Hkcu, software/Microsoft/Internet Explorer/Main, window title, 0, "Internet Explorer"
Hkcu, software/Microsoft/Internet Explorer/Main, start page, 0, "http://www.google.cn"
Hkcu, software/Microsoft/Internet Explorer/Main, search page, 0, "http://www.google.cn"
Hkcu, software/Microsoft/Internet Explorer/Main, default_page_url, 0, "http://www.google.cn"
HKLM, software/Microsoft/Internet Explorer/Main, default_search_url, 0, "http://www.google.cn"
HKLM, software/Microsoft/Internet Explorer/Main, search page, 0, "http://www.google.cn"
HKLM, software/Microsoft/Internet Explorer/Main, start page, 0, "http://www.google.cn"
HKLM, software/Microsoft/Internet Explorer/Main, default_page_url, 0, "http://www.google.cn"
HKLM, software/Microsoft/Internet Explorer/Main, default_page_url, 0, "http://www.google.cn"
[Dfile]
This section defines the list of files to be deleted. The 1 mark after filename indicates that if the file cannot be deleted currently, it will be deleted after the system restarts.
; Format: filename, 1
; Example:
A.exe, 1