Windows Registry (What It Is and How To Use It)- Techyunk

Windows Registry

In this tutorial, we will see what is windows registry? If normal computer user wants to edit his windows OS. Then he would use control panel. We have some settings in control panel. But as an ethical hacker, you have two more ways to modify windows completely. One of the most powerful methods is by using the registry. This is so powerful method that Microsoft afraid to tell the people about the registry.

Related

What is windows registry?



The Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the Registry- Wikipedia.
If you perform a single wrong step in the registry, you may have to format your computer. There are thousands of settings available in the hierarchy.

Why use registry?

Now you may have a question in your mind that why we want to use the registry. Suppose if you are an ethical hacker and if any how your PC got hacked. Now the hacker can delete your files, can install software, can access control panel and many more things. In this case, you can use the registry to change everything in the windows. You can hide control panel from the start menu, hide options from right click etc.

How to access the registry hierarchy? 

To access windows registry, press windows key+ RIn text box enter regedit. Now click on yes to grant permissions. You will see a hierarchy like the following image.

windows registry ethical hacking

There are  5 root keys. If you open any of them, you will see thousands of settings in each root key. Different root key contains the different type of settings.

Contains information about all the users who log on to the computer, including both generic and user-specific information.

Root Key Description
HKEY_CLASSES_ROOT (HKCR) Describes file type, file extension, and OLE information.
HKEY_CURRENT_USER (HKCU) Contains user who is currently logged into Windows and their settings.
HKEY_LOCAL_MACHINE (HKLM) Contains computer-specific information about the hardware installed, software settings, and other information. The information is used for all users who log on to that computer and is one of the more commonly accessed areas in the Registry.
HKEY_USERS (HKU)
HKEY_CURRENT_CONFIG (HKCC) The details about the current configuration of hardware attached to the computer.
HKEY_DYN_DATA (HKDD) Only used in Windows 95, 98, and NT, the key contained the dynamic status information and Plug-and-Play information. The information may change as devices are added to or removed from the computer. The information for each device includes the related hardware key and the device’s current status, including problems.

Source- computerhope.com

What can be done by registry?

Your all settings of windows are saved in these root keys. You can change everything that you see in windows. Some common examples are as below.

  • remove options from the right click

You can remove options from the right click. For example, you can remove open with option, properties etc.

  • add a legal notice on windows startup

This is very interesting setting. You can add any legal funny notice on windows startup. For example, “Your PC is hacked“.

  • remove the clock from system notification area

You can remove clock also.

  • remove control panel

You can remove the control panel from the start menu.

 

Registry paths for above settings

1.To remove options from right click

HKEY_CLASSES_ROOT\*\shallex\ContextMenuHandlers

2.To add legal notice

HKLM\SOFT\MICRO\WIN\CV\POLICIES\SYSTEM

3.To remove clock from system notification area

HKCU\Soft\Micro\Win\cvpolici\Explorer!HideClock

4.To remove control panel

HKCU\Soft\Micro\Win\CV\Poli\Explorer!NoControlPanel

5.To remove search from the system

HKCU\software\mic\windows\currenversion\policies\Explorer!NoFind

6. To remove run from system

HKCU\software\mic\windows\currenversion\policies\Explorer!NoRun

 

IMPORTANT NOTE

The registry is a very sensitive database. Before making any change please make a backup file of each root key. By right click on any root key, there is an option called export. Save this registry file in a safe location. Then if you made any wrong change then you can recover it by right click on saved files.

 

Gaurav singla

Founder of Techyunk.com. I write blogs about android tutorials, blogging tips, programming etc.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

18 + 2 =