Some suggestions for computer beginners (Registration Form) _ Application Tips

Someone once said, understand the registration form to read the win system, this sentence is not false. So, what is the registry? What is the function of the registry? How to modify the registry to achieve the best results? How do you distinguish between the useful and the useless and even the harmful parts of the registration list?

What is a registry? In the era of using DOS and win3.x operating systems, most applications use the INI file (initialization file) to save some configuration information, such as setting paths, environment variables, and so on. System.ini and Win.ini control the characteristics and access methods of all windows and applications, and it works well in a small number of users and in a few application environments. As the number of applications grows and the complexity grows, additional parameter entries need to be added to the. ini file. In this way, in a changing environment, after the application is installed in the system, everyone changes the. ini file. However, almost no one has deleted the relevant settings in the. ini file after deleting the application, so the two files System.ini and Win.ini will become larger and bigger. Each additional content leads to slower system performance and a similar challenge every time an application is upgraded: The upgrade adds more parameters but never removes the old parameter settings. And there is an obvious problem, the maximum size of an. ini file is 64KB. To be able to solve this problem, the software vendor itself starts to support its own. ini file, then points to a specific INI file, so that multiple. ini files affect the system's normal access level settings.

In the Windows operating system sequence, the System.ini and Win.ini two files contain all the control features of the operating system and information about the application, System.ini managing computer hardware, Win.ini managing desktops and applications. All drivers, fonts, settings, and parameters are saved in the. ini file, and any new programs will be recorded in the. ini file. These records are referenced in the program code. Because of the size of the Win.ini and System.ini files, programmers Add Auxiliary. ini files to control more applications. Microsoft Word, for example, has a Word.ini file that contains options, settings, default parameters, and other information that is relevant to Word's functioning. In System.ini and Win.ini, you only need to indicate the Word.ini path and file name.

In order to solve the related problems, Microsoft in 1995 officially launched the replacement of the win3.x operating system WIN95, to a certain extent, the emergence of WIN95 is an epoch-making product, because Windows95 for the first time using the "registry" To configure and manage many Plug and play or prerequisite hardware and software programs that are temporarily invoked or permanently resident. This makes Windows95 become a real 32-bit operating system, with the five basic functions of microcomputer operating systems. This makes the registry the first time that this thing appears in the eyes of everyone.

The registry was originally designed as a data file reference file for an application, and finally expanded into 32-bit operating systems and applications that included everything under all functionality. The registry is a set of files that control the appearance of the operating system and how to respond to external events. These "events" range from direct access to a hardware device to an interface, how to respond to a particular user to how the application works, and so on. The registry, which is complicated by its purpose and nature, is designed specifically to work with 32-bit applications, and the size of the file is limited to about 40MB. The use of a powerful registry database to unify the centralized management of the system hardware facilities, software configuration and other information, thus facilitating the management, enhance the stability of the system.

Thus, the registry (Registry) is a core "database" of hardware devices in the above version of the operating system, as well as a client application that can run and save settings correctly, or a very large, tree-like hierarchical database system. It records the software that users install on the machine and the interrelated information of each program, and it contains the hardware configuration of the computer, including the automatically configured Plug and Play devices and the various device descriptions, status attributes, and various state information and data.

Well, after we've said the registry and its history, let's take care of its function. One benefit of the registry is adding or removing program features, which are part of the Control Panel feature in the Start menu. When you install the software, a record is made in the registry so that it appears as part of a specialized list in the Add or remove program. The registry is saved in several files on your hard disk, but the only way to access and modify them is by using the Registry Editor program. To access it, click the Start button, and then click Run. Enter regedit in the dialog box that appears and press ENTER. This will go into Registry Editor and you will now see the registry.

　　 600){this.resize=true;this.width = 600;}">600){this.resize=true;this.width = 600;}">

The registry is organized more like a file on disk, and if you have ever used a folder view in Windows Explorer, you will be familiar with it. In the registry, however, these folders are called keys. To open a key, simply click on the small plus sign (+) next to it. Then you'll see that each key contains more keys, called subkeys or values. Values are individual settings for a variety of different keys and therefore are customizable. They are arranged by name on the left side of the registry window, and they also describe the type of data contained and the data itself. There is no need to worry about which data type to use, because it is obvious to the data itself, or it will be explained during the editing process. These thousands of keys are sorted logically, and may make you feel like you don't know what to do when you first see the registry. To get the idea straight, you first need to know that there are five root keys and the basic structure of the registry.

　　 600){this.resize=true;this.width = 600;}">600){this.resize=true;this.width = 600;}">

The point to mention here is that it's not a good sign that the registry is getting bigger and larger as the use of time and a lot of system-generated garbage impacts, because the bigger the registry, the slower your computer will run, so many novice friends ask why their computers are getting slower, In many cases, because there is too much garbage in your registry, so your system is running more and more slowly, so it is often necessary to "thin" the registration form. Now, of course, a lot of third party software, for example, Super Rabbit, Windows optimization master, such as system finishing software with the registry garbage removal function, suggest novice friends must be next, often optimize their own registry and system, many research and research in some of the configuration, whether it is for the security and operation of the computer will be very helpful.

Here we will explain each of the following according to the figure:

　　 600){this.resize=true;this.width = 600;}">600){this.resize=true;this.width = 600;}">

In Windowsnt/2000/xp, if you open with an editor with Windows, you can see only five, and a hidden root key: Hkey_perfor_mance_data.

*hkey_class_root

Records the format and associated information for all data files in the Windows operating system, mainly recording the file name suffixes of different files and the corresponding applications their keys can be divided into two categories: a class of files have been registered extensions, such subkeys preceded by a "."; The other is information about various types of files.

*hkey_current_user

This root key contains the user profile information for the currently logged-on user, which guarantees that different users log on to the computer using their own modified settings, such as their own wallpaper, their inbox, and their own security access rights.

*hkey_local_machine

This root key contains the configuration Reiki for the current computer, including the hardware installed to set up the software. This information is for all users to log on to the system service. This is the largest and most important root key in the registry!

*hkey_users

The HKEY_USERS root key includes information about the default user (the Defaults subkey) and all previously logged on users.

*hkey_current_config

This root key is actually exactly the same as the data under the HKDY_LOCAL_MACHINE/CONFIG/0001 branch.

*hkey_dyn_data Root Key

This key saves the system configuration and current performance information that is created each time the system starts. This root key exists only in windows9x.

*hkey_performance_data

Although there is no Hkey_dyn_dat key in the Windowsnt/2000/xp registry, it hides a key named "Hkey_performance_data." Dynamic information in all systems is stored in this subkey, and the system's own registry Editor cannot see the keys. Only special programs can be used to view this key, such as using Performance Monitor.

Now let's talk about the modification of the registry. Here to remind you that if you are not sure, remember to make sure that you back up the registry before you modify it. Modify the registry, in addition to using Microsoft's own editor--regedit.exe, can also be modified through Third-party software, or the use of hand-written. reg registry files. Have you ever tried to write your own registry file? Without any modifier? Just pour the written registry file ——. reg into the registry? Oh, this skill does not need everyone to know, you just know the above two on it. Of course, if you are a computer fan, we are in favor of further study.

Now let's take a look at the structure of the. reg file.

The standard format for. reg files is as follows:

REGEDIT4

[Path] (note case)

"Key Name" = "Key Value" (for string type key value)

"Key Name" =hex: Key value (for binary key values)

"Key Name" =dword: Key value (for DWORD key value)

The contents of the brackets are my own notes, and when you write the file, you don't need those parentheses, all the other items listed above must be included. Note quotes that cannot be entered in Chinese in quotation marks, must be in English quotes, otherwise there will be an error.

So, how do you write a. reg file? We need a text editor to use Windows Notepad. Click the right mouse button, select a new text document, and then in the generated text file to enter the contents of the above specifications can be, and finally, choose Save As, enter the file name you want +.reg save it. For example, if you want to generate Test.reg, enter Test.reg to save, you can see that a test.reg with an icon has been generated. Double-click to run this Test.reg file can modify the registry, the system will prompt "whether to import the registry" information, OK. OK, we can write the registration form manually. Don't worry, let's take a look at a standard example, which is derived from the registration form, we learn slowly, and then imitate it can write their own. reg file.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoRun" =dword:00000000

"NoRecentDocsMenu" =hex:01,00,00,00

"NoFavoritesMenu" =dword:00000000

"User" = "Sundrink"

As you can see, the DWORD is 16, the hex is binary, and the string can be directly assigned. Just copy the contents of the above to a text document and save it as the. reg file you want to run. Oh, the original is not very difficult, just a little patience can be. Of course, you have to imitate, you have to write your own. reg file, you can use Notepad.

Why do you want to write the registration form? Because sometimes we will encounter a lock regedit of the machine, what way to solve it? Oh, if you can write the registry file, it is very simple ... Let's play the imagination! It won't take long.

The above manual modification method only for those who love the computer, the general novice friend best or honest with the third party software with the method to modify, so both convenient and can see clearly, but it is recommended that you must do a good job in the backup before the change. OK, about the registry changes to the problem here, there are many similar tutorials on the internet, such as improving the speed of the performance, there are many, we can use Google search, their own learning. In fact, a lot of things are the computer to find out, only their own diligent to grope, your computer level can be really improved. Gossip no longer says more, we continue.

Now we are talking about the security of the registry. From the development trend of computer viruses, worms and Trojans are more and more viruses. Unlike file viruses, which are commonly infected with executables, such programs typically do not infect normal system files, but instead install themselves as part of the system. Relatively speaking, this kind of virus's concealment is stronger some, is not easy to be discovered by the user. But no matter what kind of virus program in the infection system will leave some clues. Here we summarize the areas where viruses may change so that they can be found more quickly.

First, change the system's related configuration file. This situation is mainly for 95/98 systems.

The virus may change Autoexec.bat, as long as the statement in which the Execute virus program file is added can automatically activate the virus at system startup. * Change Drive:\windows\win.ini or system.ini files. Viruses usually add the name of the virus itself after the "run=" of Win.ini, or change "shell=" in the System.ini file.

Second, change registry health values.

Currently, as long as the new worm/Trojan virus generally has to modify the system registry action. They are modified in a number of places in general have the following:

Hklm\software\microsoft\windows\currentversion\runonce\

Description: Programs that are executed automatically when the system starts

Hklm\software\microsoft\windows\currentversion\runservices\

Description: System service programs that are executed automatically when the system starts

Hklm\software\microsoft\windows\currentversion\run\

Description: A program that executes automatically when the system starts, which is where the virus is most likely to be modified/added. For example: win32.swen.b virus will increase: hklm\software\microsoft\windows\currentversion\run\ucfzyojza= "Cxsgrhcl.exeautorun"

HKEY_CLASSES_ROOT\Exefile\Shell\Open\Command

Note: This key value enables the virus to run when the user runs any EXE program, etc. \txtfile\.. Or.. \comfile\.. can also be changed to enable the virus to automatically run the function.

In addition, some health values may also be exploited to achieve more specific functions:

Some viruses prevent users from viewing and modifying the registry by modifying the following key values:

Hkcu\software\microsoft\windows\currentversion\policies\

system\disableregistrytools=

In order to prevent users from using. REG file modifies the registry key value, the following key values are also modified to display a Memory access error window

For example, the WIN32.SWEN.B virus modifies the default health value to:

hkcr\regfile\shell\open\command\ (Default) = "Cxsgrhcl.exeshowerror"

Through the modification of the above places, the main purpose of the virus program is to be executed automatically during the system startup or the program running, and the purpose of automatic activation has been achieved.

summed up a variety of trojans, viruses may change the place, the following is to talk about the defense problem. Of course, before talking about the continued emphasis on the backup registry, to tell the truth, to deal with more and more powerful trojans, viruses, rely on several existing methods is far from enough, backup a "thoroughly clean" registry is the most important. Backup method is still a lot of online, there are many, here also no longer do more elaboration, Google one can be.

Security risks: In the WINDOWS2000/XP system, the default Messenger service is in the startup state, and a malicious person can send information to the target computer through the "netsend" directive. The target computer will receive harassment information from the other person at any time, seriously affecting normal use.

Workaround: First open Registry Editor. For system services, we can manage through the various options under "Hkey_local_machinesystemcurrentcontrolsetservices" in the registry, where each subkey is the corresponding "service" in the system, such as " The child key for the Messenger service is messenger. All we need to do is to find the start key value under the Messenger entry and modify that value to 4. This will disable the service and the user will no longer be subject to "letter" harassment.

Security risks: If the hacker is connected to our computer and the computer has Remote Registry Service (REMOTEREGISTRY) enabled, the hacker can set up the services in the registry remotely, so the Remote Registry Service requires special protection.

Workaround: We can set the Remote Registry Service (RemoteRegistry) startup mode to Disabled. However, after hacking our computer, hackers can still convert the service from "Disable" to "autostart" through simple operation. Therefore, it is necessary for us to remove the service.

Locate the RemoteRegistry item under "Hkey_local_machinesystemcurrentcontrolsetservices" in the registry, right-click the item and select "Delete" (Figure 1), and you will not be able to start the service after you delete the item.

Be sure to export and save the item information before deleting it. When you want to use the service, you can simply import the saved registry file.

Security risks: We all know that in windows2000/xp/2003, the system opens some "shares" by default, which are ipc$, C $, d$, e$, and admin$. A lot of hackers and viruses are sharing the intrusion system through this default.

Workaround: To prevent ipc$ attacks, you should set the RestrictAnonymous entry for "Hkey_local_machinesystemcurrentcontrolsetcontrollsa" in the Registry to "1", which prevents IPC $ 's connection.

For default shares of types such as C $, d$, and admin$, the "hkey_local_machinesystemcurrentcontrolsetserviceslanmanserverparameters" item needs to be found in the registry. If the system is windows2000server or Windows2003, add the key value "AutoShareServer" (Type "REG_DWORD" and a value of "0") to the item. If the system is Windows2000pro, you should add the key value "AutoShareWks" (Type "REG_DWORD" and the value "0") in the entry.

Security risk: When the Windows system runs wrong, a Dr.Watson program inside the system will automatically save the privacy information of the system call. The privacy information will be stored in the User.dmp and Drwtsn32.log files. Attackers can understand the privacy of the system by cracking the program. So we have to stop the program from leaking out the information.

Workaround: Locate "Hkey_loacl_machinesoftwaremicrosoftwindowsntcurrentversionaedebug" and set the Auto key value to 0, Now Dr.Watson will not record the system run-time error messages. Also, click on "Documentsandsettings→allusers→documents→drwatson" in turn to locate User.dmp and Drwtsn32.log files and delete them. The purpose of deleting these two files is to remove Dr.Watson previously saved privacy information.

Tip: If the Dr.Watson program has been disabled, the "DrWatson" folder and the User.dmp and Drwtsn32.log two files will not be found.

Security risks: Many trojans and viruses are hidden in the Web page malicious ActiveX control methods to run the system's procedures, so as to achieve the purpose of destroying the local system. To ensure system security, we should prevent ActiveX controls from running programs privately.

Workaround: The ActiveX control runs the program by invoking the Windowsscriptinghost component, so we can first delete the "System32" The Wshom.ocx file in the directory so that the ActiveX control cannot invoke Windowsscriptinghost. Then, locate "hkey_local_machinesoftwareclassesclsid{f935dc22-1cf0-11d0-adb9-00c04fd58a0b}" in the registry and delete the item. By doing this, the ActiveX control will no longer be able to invoke the script privately.

Security risks: Windows2000 's paging file is often the object of hacking as well as the Dr.Watson program mentioned earlier, because it is possible for a paging file to divulge information that was originally in memory and then turned to the hard disk. After all, hackers are less likely to see the information in memory, and the information on the hard disk is easily accessible.

Solution: Find "hkey_local_machinesystemcurrentcontrolsetcontrolsessionmanagermemorymanagement", Set the value of the ClearPageFileAtShutdown item below to 1 (Figure 2).

This allows the system to delete the paging file whenever it restarts, effectively preventing information from leaking out.

Security risks: When using Windows system surfing, often encounter password information is automatically recorded by the system, the system will automatically fill in the password after the visit. This can easily cause your privacy information to leak out.

Workaround: Find the Network subkey in the "Hkey_local_machinesoftwaremicrosoftwindowscurrentversionpolicies" branch (if you cannot add it yourself), Under this subkey, create a new double-byte value with the name disablepasswordcaching and set the value to 1. After restarting the computer, the operating system will not be smart to record the password.

Security risks: Now the virus is very smart, unlike previously only through the registry's run value or msconfig items in the load. Some advanced viruses are loaded through the system service. So can we make the virus or Trojan do not have the appropriate permissions to start the service?

Workaround: Run the REGEDT32 command to enable Registry Editor with permissions assignment. Locate the "Hkey_local_machinesystemcurrentcontrolsetservices" branch in the registry, then click "Security → permissions" in the menu bar, and in the Pop-up Services Permission Settings window clicking the "Add" button, Import the Everyone account into the, and then select the Everyone account, set the Read permission for the account to allow, and remove its Full Control permission (Figure 3). Now any Trojan or virus can not start the system service itself. Of course, this method is only valid for viruses and Trojans that do not have administrator privileges.

Security risks: Many viruses are loaded through the registry's run value to implement the startup with the operating system, we can follow the "Prohibit Virus start service" in the method described in the virus and Trojan to the key value of the modification permission to remove.

Workaround: Run the regedt32 command to start the Registry Editor. Locate the "Hkey_current_machinesoftwaremicrosoftwindowscurrentversionrun" branch in the registry, set everyone's Read permission on the branch to allow, and cancel the full control Choice of permissions. So the virus and Trojan can not start itself through the key value.

Viruses and Trojans are constantly "development", we must continue to learn new protection knowledge, in order to resist the invasion of viruses and Trojans. Rather than in the virus or Trojan after the killing, it is better to do defensive work in advance, build a solid wall to resist. Develop a good habit of safe surfing the Internet, as far as possible not to contact those unsafe sites and download unsafe software, video, and so on, run 360 and antivirus software, backup a secure registry file, frequently dozen patches to learn, "nip in the bud" is what we should pursue.

PS: This article in the writing process cited some of the content of the network, here, to those who silently dedicated their knowledge of the anonymous friends to express their gratitude!