In this tutorial, we will see what is windows registry? If normal computer user wants to edit his windows OS. Then he would use control panel. We have some settings in control panel. But as an ethical hacker, you have two more ways to modify windows completely. One of the most powerful methods is by using the registry. This is so powerful method that Microsoft afraid to tell the people about the registry.
What is windows registry?
Why use registry?
Now you may have a question in your mind that why we want to use the registry. Suppose if you are an ethical hacker and if any how your PC got hacked. Now the hacker can delete your files, can install software, can access control panel and many more things. In this case, you can use the registry to change everything in the windows. You can hide control panel from the start menu, hide options from right click etc.
How to access the registry hierarchy?
To access windows registry, press windows key+ R. In text box enter regedit. Now click on yes to grant permissions. You will see a hierarchy like the following image.
There are 5 root keys. If you open any of them, you will see thousands of settings in each root key. Different root key contains the different type of settings.
Contains information about all the users who log on to the computer, including both generic and user-specific information.
|HKEY_CLASSES_ROOT (HKCR)||Describes file type, file extension, and OLE information.|
|HKEY_CURRENT_USER (HKCU)||Contains user who is currently logged into Windows and their settings.|
|HKEY_LOCAL_MACHINE (HKLM)||Contains computer-specific information about the hardware installed, software settings, and other information. The information is used for all users who log on to that computer and is one of the more commonly accessed areas in the Registry.|
|HKEY_CURRENT_CONFIG (HKCC)||The details about the current configuration of hardware attached to the computer.|
|HKEY_DYN_DATA (HKDD)||Only used in Windows 95, 98, and NT, the key contained the dynamic status information and Plug-and-Play information. The information may change as devices are added to or removed from the computer. The information for each device includes the related hardware key and the device’s current status, including problems.|
What can be done by registry?
Your all settings of windows are saved in these root keys. You can change everything that you see in windows. Some common example are as below.
- remove options from the right click
You can remove options from the right click. For example, you can remove open with option, properties etc.
- add a legal notice on windows startup
This is very interesting setting. You can add any legal funny notice on windows startup. For example, “Your PC is hacked“.
- remove the clock from system notification area
You can remove clock also.
- remove control panel
You can remove the control panel from the start menu.
Registry paths for above settings
1.To remove options from right click
2.To add legal notice
3.To remove clock from system notification area
4.To remove control panel
5.To remove search from the system
6. To remove run from system
The registry is very sensitive database. Before making any change please make a backup file of each root key. By right click on any root key, there is an option called export. Save this registry file in a safe location. Then if you made any wrong change then you can recover it by right click on saved files.