Step-by-Step teaching you to edit the registry with JS and INF

Source: Internet
Author: User
Tags add format object key modify string version
js| Registry JScript Small Knowledge: JScript is an interpreted, object-based scripting language. Although JScript is less functional than a mature object-oriented language such as C + +, JScript is a big enough feature for its intended use. A JScript program is a collection of statements, and a JScript statement is equivalent to a complete sentence in English. The JScript statement combines the expressions to complete a task. A statement consists of one or more expressions, keywords, or operators (symbols). Typically, a statement writes a line, although one statement can exceed two or more rows. Two or more statements can also be written on the same line, with semicolons ";" Separated. Typically, each new line starts with a new statement, a semicolon (;) is the terminating character of a JScript statement.


First, use JS to edit the registry


In fact, the main JS and VBS file is similar to the structure is a little different just! So we don't have to say more. Here is a simple example of using JS to edit the registry:


var wshshell=wscript.createobject ("Wscript.Shell");
Wshshell.popup ("This is an example of using JS to edit the registry by Yjj");
WshShell.RegWrite ("Hklm\example_js", "String key_js");
WshShell.RegWrite ("Hklm\example_js", "Reginfo by Yjj");
WshShell.RegWrite ("Hklm\example_js\value", "String Key for JS");
WshShell.RegWrite ("Hklm\example_js\binary", 1, "reg_binary");
WshShell.RegWrite ("Hklm\example_js\dword", 1, "REG_DWORD");
WshShell.RegWrite ("Hklm\example_js\next", "NewData");
Wshshell.run ("Regedit");


The first sentence of the above code is to define the object, the second sentence to display a message, the following lines to write the registry, and the last line to run Registry Editor. We can see that using JS to operate the key value to use two slashes "\", and to use ";" Indicates the end. Generally as long as can pay attention to these two points, there is no problem.


Let's look at an example of using JS to edit the registry. As you know, browsing some malicious Web pages will disable our registry because we cannot import registry files, causing us to have no way to use Registry Editor. Save the following code as an arbitrary file with JS suffix name, and then double-click to import it into the registry to unlock the registry:


VAR Wshshell=wscript. Creatobjet ("WSCRIPT.") SHELL ");
Wshshell.popup ("This is an example of using JS to edit the registry by Yjj");
The following example creates a DWORD value in the registry, named DisableRegistryTools, with a value of 0, and note the type of value to be described!
WshShell.RegWrite ("Hkcu\software\microsoft\windows\currentversion\policies\system
\disableregistrytools ", 0," REG_DWORD ");


Try it, isn't it amazing? All of the above is to add a key value, if you want to delete some key values how to do? Very simple, will "WshShell.RegWrite" Change to "Wshshell.regdelete" on it.


Note: JScript is not a compact version of any other language, nor is it a simplification of everything. However, it has its limitations. For example, you cannot use the language to write applications that run independently, and there is no built-in support for read-write files. In addition, JScript scripts can be run only on an interpreter or host, such as ASP, an Internet browser, or a Windows Script host.

Ii. edit the registry with INF file

INF: INF is the file used to install the driver, which is in text format and records all relevant information about the driver. Open an INF file to see a number of items, each has a specific meaning, such as from "version" to see what is supported by the version of Windows: The Win9x series is the code name CHICAGO,WIN2000/XP is Windows NT.

Let's give an example. First open Notepad, and then enter the contents below, then save as Addreg.inf.

[Version]
Signature= "$CHICAGO $"

[DefaultInstall]
Addreg=add

[ADD]
HKLM, "software\★★ Small army ★",%reg_sz%,★★ Xiao June to congratulate you on ★★!
HKLM, "software\★★ Small army ★", SZ String,%reg_sz%,congratulations!
HKLM, "software\★★ Small army ★", Dword Double Byte,%reg_dword%,1
HKLM, "software\★★ Small army ★", BINARY binary Value,%reg_binary%,00,00,00,00,10,11,00,00
HKLM, "software\★★ Small army ★★\ test"; add "test" this subordinate subkey

[Strings]
reg_sz=0x00000000
reg_binary=0x00000001
reg_dword=0x00010001

Right click on this INF file, select the shortcut menu "Install" command, if you enter the format is not wrong, you should see under the HKEY_LOCAL_MACHINE\Software a new primary key: ★ Small Army ★, select this primary key, You should be able to see on the right the default value is "★ Xiao June Congratulations to you ★★!", and a string value called "sz string" is "congratulations!" Wait a minute.

Is it strange to expand this primary key and see another primary key, called "test"? In fact, this trick is not mysterious, is that the INF file pounded "Ghost"!

It is known from the above that the INF file is made up of various subsections (sections), with a blank line between the subsections. The name of the section ends from the brackets "[" to "]", and the name of the subsection is its entry point, which must be unique in this file. The section name is followed by the section content, in the form of "Key name = key value". Comments can be added to the file by semicolons ";" Completed, the contents of the semicolon are not interpreted to perform. The format of the writing INF file is as shown above, with the following meanings:

[Version]: Indicates the version of Windows that can be used
Signature: The system from here to see is not suitable for the current version, if appropriate to execute, otherwise not executed.
[DefaultInstall]: Indicates the other subsections contained in the INF file. The INF file can be viewed as a tree with [DefaultInstall] as its backbone, where we can join the AddReg and DelReg keys, which specify the subsection name that you want to add, edit, modify, or delete the registry key.
Addreg=add: means to add content in the registry, which specifies the ⒉ to add Basha ammoniae ∠ Wan mother 鞒 tired  core creak Shang shed  ⒌ men to 

HKEY (root key abbreviation), subkey (subkey), ValueName (key value name), type (key value type), value (key value)

Where the root key abbreviation is very clear, the first two characters must be HK, such as HKEY,HKLM,HKR. A subkey is a branch of a subkey that does not include the root key part, and a null key value indicates the default value. In a key value type, if 0 is specified as a string, and if 1 is a binary type. The string in the key value must be enclosed in double quotes, while the binary data is represented in hexadecimal format, and the bytes are separated by commas "."

Delreg=del: Indicates what to delete in the registry
[Strings]: It's an extension, so you can avoid the number of trouble memory. For example, the string was supposed to be 0, now expressed in REG_SZ.

So here's the basic principle, and now we're going to remove what I just built. Paste the following in Notepad:

[Version]
Signature= "$CHICAGO $"

[DefaultInstall]
Delreg=del

[Del]
HKLM, "software\★★ Small army ★★\ test"
HKLM, "software\★★ Small army ★"

And then save it as the extension. INF file, right-click the INF file, select the "Install" command on the shortcut menu, and then go to the Registry Editor to see if it's just something that has not been built. What do you think? Isn't it amazing?

Some might ask, can you just delete one? OK. For example, I delete the hkey_local_machine\★★, the "SZ string" string value, then only need Notepad to write the following:

[Version]
Signuture= "$CHICAGO $"

[DefaultInstall]
Delreg=del

[Del]
HKLM, "software\★★ Small army ★", SZ String

If you save it, you can only delete this string value by running the same way.

Now, let's take another example of using an INF file to manipulate the registry, specifically to unlock the locked registry with an INF file. What is a locked registry? As you know, to prevent people from using Registry Editor, you can use the following method: in the registry hkey_current_user\software\microsoft\windows\currentverssion\policies\ System, create a new DWORD value DisableRegistryTools and set its key value to 1. This way, when someone runs the Registry Editor, the dialog box "Register edit has been blocked by the administrator" appears, restricting the use of Registry Editor to some extent protects the security of the system.

But what do you do when you want to use Registry Editor? We can use Notepad to compile an INF file for unlocking:

[Version]
Signature= "$CHICAGO $"

[DefaultInstall]
Delreg=del

[Del]
HKCU, "Software\microsoft\windows\currentversion\policies\system",
disableregistrytools,1,00,00,00,00

Save the above to any file with a suffix of. inf, and then right-click it and choose Install from the pop-up menu to unlock the registry.

Please pay special attention to: This method to modify the registry is very dangerous and very strict format requirements (must use English punctuation, and. Please follow the format in this article) and hope you will use it carefully. Well, let's talk about so much, because the level is limited, the improper place please criticize correct.



Related Article

Alibaba Cloud 10 Year Anniversary

With You, We are Shaping a Digital World, 2009-2019

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.