Issuu on Google+

Registry Editor    !"#$%& Registry Editor 



!''%() ‌‌‌Mysteryzillion$/0'%1$$#2$% 34 2"'&5$%0 5 6/ 7 $#0 286 7 '73$90 34 Registry ! :0& .. ? :020& !5 ... 7/6= &5 //26 2!'>& 5 4 7/6= &5 Hardware &B Information 7F Network Information 7F User 7&B wallpaper, Screen Saver 7  registry  2> 34 Registry 7 2> Windows 98/Me ! System.dat /&5 User.dat !&5 Binary ) File $%U9F Windows NT/2000/XP !5 6$05& Registry 7 Hives 05#1 U9 \Windows\System32\Config Folder 2> 34 Registry 7$#63F $#63! Start  Run  U9 regedit 05 U9 OK  4 Registry Editor 10 34 Registry  Editor /&5&$05 34 Win.ini 5 System.ini 50 Notepad, Text Editor 5/&5$05  :84 Registry b 7/6=&B  7 Setting 7 Regedit.exe 2"U9 Windows Registry  c  Setting 0 $% 3 4 Registry  d (f)  34 h4 HKEY-CLASSES-ROOT m4 HKEY-CURRENT-USER n4 HKEY-LOCAL-MACHINE o4 HKEY-USERS p4 HKEY-CURRENT-CONFIG f4 HKEY-DYN-DATA

+/- $' "25

HKEY-CLASSES-ROOT


28 window 9x  2"$t&5 Standard Class Objects 7 2 4 Class Object ! 6t8 Function 7&B/' & 4 HKEY-CURRENT-USER 7/6= 0">& 2"$t287b 3wt&5 User Perference(wallpaper,screen saver,etc.) /&5 3#6 35wt 2"$t) 34 &9 User 3#69 2>&5 Perference 7 HKEY-CURRENT-USER >& 2>U9 0 2"$t/&5 User &B Personalized Setting 7 9 2 34 HKEY-LOCAL-MACHINE 28 #/ User Setting 7/&5 0"2!&5 System ! #6 07 2> 34 28 7/6=&5 x'&B  7F 026F $%t026  2> 34 HKEY-USERS 3y6  )# Setting $%/3! 0 2"$t/&5   2>$% 34 z- #{67/6= 8&5 Monitor )0">3{64  35 #0 2"/ )0">& 0"F 9 #0 2"/&5 Monitor /&5 2&5 Values 7 2> 34 HKEY-DYN-DATA 285 7/6= 0$/$/ 0)%5 System Configuration 7 RAM 1U9 00 534 28b Boot 0 System Configuration 7$0& Update 0 34 (#64 4Regedit 3 Regedit 32 3!U9 Windows 2000 /&5 XP  )6t 34 Regedition 2"/60'$% 34  70' %7&5 /0' Regedit 32.exe >$/!/5 Regedit & 2"6 4 Windows XP  HKEY-DYN-DATA 75b :8 window registry   (h) Windows Registry  Windows &B Setting 7 66 }7/5b Control Pannel /!5


$! 34  b User 6 7 0738/ 34  55 Windows b 285 7 >#)&B $!(6t Control Pannel /$!#75$t :84 37$! &B 7 Windows O.S 7  &B$!(7 Registry /2 $!#75$t 34 Windows O.S &B Registry ! O.S /&B &B Application, Hardware, Software, Device Driver & Network Portocol 7/&B 2!&B 2 #6 0   4 Registry >& d  (75 -Device & Application 6&B Setup Progarm 6 -User Profile 6 -NTLDR (Windows  load &5 Progarm) -Device Driver -Hardware Profile -Application Progarms Registry  '!" )6t #7&)34 (1) Logical Organization (2) Physical Organization (1) Logical Organization 2855 Branch (5) #34 &B9  # High level key(or) Sub key(or) Main key 05 #134 28B  0' /> Sub key 7 U95  !" !5  Value 734 Value 70' Value name 7 U95 Assign 0>&B Data & Data Type 734 &B9 High level key(or) Sub key(or) Main key 7 5-HKEY_CURRENT_USER - 0 logon /&B user /&B2!&B #67%$34 - 0 User &B #6 07 2>34 -HKEY_CLASSES_ROOT - Software )5 o Software 7 '25 %7&B'>2'%$34


- -HKEY_LOCAL_MACHINE ƒ Sub key #$%34 -HKEY_CURRENT_CONFIG - 0 Active $%/&B Hardware Configuration  %$34 - o2' -HKEY_LOCAL_MACHINE ƒ Sub key )#$%2 Software & System Data 6 >)(%$34 -HKEY_USERS - 0 Logon /2 User &B ID & Logon Screeen  '!/ 0 &B #6 07$34 - User 0"&B Profile 7 234 - -HKEY_CURRENT_USER 2' -HKEY_USERS ƒ Sub key #$%2'4 -HKEY_LOCAL_MACHINE - O.S / 0 2 Device 6F Device Driver 6/&B2!2 Data 6   7/6=/&B2!2 Data Configuration 6$34 - 8'92 User 6 Logon /z7 o &B #6 07 $ 4 ( > Sub Key  #'$# $%5 Registry  d Sub key  )#& $7B) 34 -HKEY_USERS   -HKEY_CURRENT_USER , HKEY_LOCAL_MACHINE   -HKEY_CURRENT_CONFIG & -HKEY_CLASSES_ROOT / 34) (2) Physical Organization Registry  Hive 05#1&B %   #>& 2>34 &B 75 1.Default 2.SAM 3.SECURITY 4.SOFTWARE 5.SYSTEM 5$% 34


-HKEY_LOCAL_MACHINE SAM SECURITY SOFTWARE [-HKEY_CLASSES_ROOT] , [-HKEY_CURRENT_CONFIG] SYSTEM [-HKEY_CURRENT_CONFIG] -HKEY_USERS Default [-HKEY_CURRENT_USER] 0750!( 5 }7/5b Logical & 2"$tU95 Physical 5 /0'3"! !$ 34 62 $%55 }7/5b Registery ! Run / regedit U9 #1' 34 28:3/3F 285 #6 07 :32>3 ! 2$t :84 28/&B 05 %System Root%\System32\Config >&/ 34 %System Root% !5 System File 7&B C:\Windows !0 4 0  6$3!5 Windows XP 7 C:\Windows\System32\Config >&75)  34 Windows OS b Registry  Automatic Backup 0U95 Backup File 7 %System%\Repair >&2> 34 &}7/5 Registry 2U94 /0'U9....... 285 !9 27 4 Start Menu> Run (Win+R) 27 F /U9 Run dialog box 10 regedit 05 U9 Enter # 0 Registry Editor 10 0534 Registry Editor Dialogbox ! :3% Nevigation Aera  High level key(or) Sub key(or) Main key 05#1&B Registry &B d Branches  #75 $%U95F '% Topic Area 5 2! Registry Value   Data 7 $235 Data Name, Data Type /&B Data 6t 7 $2$% 34 > $$>20 Value #&B Data #%$&B/ Data type 6t  (f)6t / ##/&B%$) 34 &B9 (f) 6t5 ........... 1.REG_BINARY Raw Binary Data, Hardware 27 7/6= binary $%235F


Registery editor  6z$#"t/ Hexa Decimal /&B$34 2.REG_DWORD 4 byte '&B /Š‹//&B2F Device Driver 6F Service )52!2 /52#6(parameter) 6%$34 3.REG_EXPAND_SZ / (variable) 6 4.REG_MULTI_SZ multiple type, user 62)2 Char )5 Š‹/6)"F /07F /&B $# 7 4 5.REG_SZ 26 U9 062#62 Â?z// #4 6.REG_FULL_RESOCE_DESCRIPTOR Hardware # (Dirver #) Resource List 2!'/ 9Â?>>2 Nested Array #4 ( 2"6&B data type 7 /9/&B $> 34) Registry  050&B/ 2(7$t0$%05 >z97 //&B Windows &B Registry  Backup 0>#6 34 Registry b Windows &B z9) $%5 "# 69 #6tB3727#&B Windows &B > $2/ 34 & # Windows  25 0&B Backup or Restore Wizard  2"$tU9 Registry  backup & restore 0 .............. Start Menu> Run (Run >& ntbackup 05>' ) Backup & Restore Wizard Dialogbox 60 053...... &B9 Welcome Page 1 &B Advance Mode !&B $ 2 )0 Backup Utility Box >60 34 &B9 >& Backup Tab 70U9 :3: $# My Computer   System State Checkbox  /$#0 $#U9  !" Backup Media or File Name box  Backup 035 % 235 //&B % ')%5 7 Browse ) 4 Save as Dialog box 60&B # Backup %  20&B /(Folder)  7F 'U95 Save 0 4 /U95 Start Backup #0 )0 Backup Job Information Dialogbox


60U9 Start Backup >)0 4 Backup 0U927&B # 5 "The Backup is complete" !&B210$%U95 Progress Box %5 7 Close ) 4 U9 Backup Utility Box  > 4  ! Registry #0" Backup 0&B !5U9!"27 U94 Registry  $t$(0!5)U9!"2705 /Š $/$%#63!5 Backup 0>&B File  $/U9 Restore 0 34 Restore 0#65 #‹ Backup 0>&B file  double click )0 4 Backup & Restore Wizard Dialogbox 60 053...... &B9 Welcome Page 1 &B Advance Mode !&B $ 2 )0 Backup Utility Box >60 34 &B9 >& Restore and Menage Media Tab 70  4 '% file $%/5#6>U9 System State  /$#> 75 4 Backup % 80/& $/U9 Restore 0505 Start Restore ) 4 80U92 %6U9 305 2&B Warning Box 60$%U9 OK )0   Confirm Box 60$% 34 (  $/>83/.............) Ok &>)0 4 Restore Progress Box >60U9 Restore 0 0534 U9275 "The restore is complete" !&B/10 close 2)0 4 #6tB setting 7b restart #6 $'"505 Restart #6005&B dialog box 60 0534 !"5 Yes )0 4 Windows Restart 627U95 /Š80  ($!#6/ $# /6t) $/0'27 0534 $# $#2 Registery Software 7 2"$tU9 Backup & Restroe 0050' 34 z- CCleaner, Power, Blue 2'$%5 5................... window registry  (m) Windows Registry  Manual $t$$# 9 #/ 9 >z97 $t0>255 Registry Backup 0 &4 >%$>&5/'/&B $%$% 3wt&B /'/&B $%$% Registry  Backup 0$%  0>0 4 /# (short-cuts) 7 /0'  >25 34 SUB KEY SHORT-CUTS HKEY_CURRENT_USER [- HKCU] HKEY_CLASSES_ROOT [- HKCR]


HKEY_CURRENT_CONFIG [- HKCC] HKEY_USERS [- HKU] HKEY_LOCAL_MACHINE [ - HKLM] (Registry $!&B/ HKCU /&B$ 0 2"$t/2 User 3206 6t2U9 HKLM /&B$!$# User 0" 6t2 34) Registry $t$3!b 35 30#6&B 0 27U9 Value # >'F U92 Value &B Data $t$!0 4 }7/5 >z9!" Registry >& Value # 2>' ' F 9# 5 $' "$03F /! ( Short-cuts ) 7& 2"27 34 # >'35 Registry Value &B 0!(5 TaskBar  Properties  00)  >&B Value # 4 >z97 Registry Editor %75U95 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\policies\Explorer 27U9 R-Click >0 F &B910&B New /!5 >'#6&B Data Type #70 (9/5 DWORD Value 70 )4 &B ! '% Topic Area >& DWORD Value 2#10 U94 285&B /'5 NoSetTaskbar 050 4( &B9/ ' w9 3F /'/ Registry  00 :8)4 #! Value # U94 &B9 Value   2"#7B) 34 &B9> & Value Name (#‹ }7/5 NoSetTaskbar 050&B/) /&B Data Type (}7/5 New /70&B DWORD Value)  57#63&B 10 4 /!"&B Data 5 802>&B  (Default) 10 4 285&B Default  2' (zero) $% 34 9 >3!5 Taskbar 1'2' 6t2(  b :84 95 Taskbar &B Properties  08$)  Data  Default /% Zero / 1 $ 34 NoSetTaskbar  R-Click ) 60&B box >& Modify )0 Edit DWORD Value Dialogbox 010 34 &B9>& Value Data  zero / 1  $0 34 U9 OK )4 Registry Editor &B'% Topic Area >& Data  1 $%27 U94 Computer  Refresh(F5) 00/&B Effect $%U9 Taskbar  R-Click ) 60&B SubMenu >& Properties  70 Dialogbox 605:& Restrictions Box 2 10$% 34


1 Value #>'%5 7 }7/5b 0 !5 27#&B 34 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\policies\Explorer 3056 0 27&B/ Sub Key ( >7 Explorer) #0/  Sub Key (Explorer) > Sub Key (policies)  R-Click )U9 60&B>& New &B Key  )03! Sub Key 2#0$% 34 &B9 # 6 0#62 /' rename /&B $/$05 34 Sub Key 7 Value 7 %6#65 R-Click )U9 60&B>& Delete )U9 %605 34 %6&B # 5 2#6 %60 34 2%6 w9&B Registry #6 07 6/) 34 Key #&B2 '06/05 // >'27 0" 7$% R-Click )U9 60&B box >& Copy Key Name /!5 838) 34 #6&B Key Name  R-Click )U9 Paste #60B 34 Registry 0' Bookmarks  34 wt28 6 7 54 27/6F 0/6 0 2>05 34 # }7/5 CPU Name $&B 00 2> 4 HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\Cen tralProcessor\0 270 4 '% Topic Area >& ProcessorNameString !&B Data Name  75 4 &B b CPU Name  $0&0535 /# &4 9//# 0738005  }7/5 2>#&B 34 Registry Editor &B File Menu Bar  Favorite )0 4 &B9>& Add to Favorite )U9 10&B Dialogbox >& Favorite Name  CPU Change Name 050 4 / 0" 80 / $/>0 4 &B9 /(CPU Name Change ) 27#6 Favorite &B  !"1/&B CPU Name Change ! )0/&B 06$/727$% 34 & # Registry $!%5 7 }7/$35 Short-cuts 07   '> ‌‌‌‌

PATH SHORT-CUTS (07  F 2"6&B07 ) HKCU\Software\Microsoft\Windows\CurrentVersion\  1 05 34 HKLM\Software\Microsoft\Windows\CurrentVersion\  2 05 34


HKLM\Software\Microsoft\Windows\CurrentVersion\pol icies\Explorer  2>P\E HKLM\Software\Microsoft\Windows\CurrentVersion\pol icies\System  2>P\S THE REGISTRY NAME DISPLAY NAME (Registry &B 2Â’ '7 ) {20D04FE0-3AEA-1069-A2D8-08002B30309D} ! MY COMPUTER  4 {450D8FBA-AD25-11D0-98A8-0800361B1103} ! MY DOCUMENTS  4 {645FF040-5081-101B-9F08-00AA002F954E} ! RECYCLE BIN  4 Start Menu  Function 6 manage 0$# # 2#6 $ 34 /b75 32 2' 4  0738 34 > //&B }7/5 Run Command   4 Run /!5 : 0 005 05 54 05 1 (or) 2 >P\E  5/‌. 1 0!5 Computer &B0 User 3& 6t2 3 2 05 Computer &B User 0" 6t2 34 (#6tB Admin & Guess Account #7&>05 )4 1 (or) 2 > P\E 27U9 Explorer  R-Click > Value 2#38 Value &B Type  DWORD Value, Name 65 NoRun 05U9F Data  Default 0 / 1  $0 4 /U9 Refresh(F5) 00&B Run  005 :84 (Run 6275 b U9F Registry  0287 7 Run $/#1%5 Registry Editor  Run / regedit /&B2 2"%8287 #}7$/27 34 z}7/ 54  /&B#{64 C:\Windows\regedit  Registry Editor  234)   2'%5 Items, Value Name, Data Type, Value, Path 7> 34 ' F $' 4

Items [Value] [Name] [Data] [Type] [Value] [Path] Logon Name [ NoUserNameInStartMenu ] [ DWORD ] [0\1] [ 1-2>P\E] (Tasksbar  Start )0 >1/&B /' %6 4)


Document [ NoSMMyDocs DWORD ] [ 0\1 ] [ 1-2>P\E ] (Start Menu  My Documents %6 4) My Picture [ NoSMMyPictures ] [ DWORD ] [ 0\1 ] [ 1-2>P\E ] (Start Menu  My Pictures %6 4) Control Panel [ NoControlPanel ] [ DWORD ] [ 0\1 ] [ 1-2>P\E ] (Start Menu  Control Panel %6 4) Recent Document [ NoRecentDocsMenu ] [ DWORD ] [ 0\1 ] [ 1-2>P\E ] (Start Menu  Recent Document %6 4}7/5   %6 34"08w9  9:7%0&! /005  05 4 J ) Help [ NoSMHelp ] [ DWORD ] [ 0\1 ] [ 1-2>P\E ] Search [ NoFind DWORD ] [ 0\1 ] [ 1-2>P\E ] AllProgram [ NoStartMenuMorePrograms ] [ DWORD ] [ 0\1 ] [ 1-2>P\E ] ShutDownBox [ NoClose ] [ DWORD ] [ 0\1 ] [ 1-2>P\E ] C.P,Pr,N.C [ NoSetFolders ] [ DWORD ] [ 0\1 ] [ 1-2>P\E ] (C.P=ControlPanel,Pr=Printer,N.C=NetworkConnection ) (Value 7 1=Default, 0=Remove)

Display Properties  manage 0$# Items [ Value ] [ Name ] [ Data ] [ Type ] [ Value ] [ Path ] Theme & Appear; [ NoDispAppearancePage ] [ DWORD ] [ 0\1 ] [ 1-2>P\S ] ( 5"700$wt:8!286 7 ) Desktop [ NoDispBackgroundPage ] [ DWORD ] [ 0\1 ] [ 1-2>P\S ] ( 5"700$wt:8!286 7 ) ScreenSaver [ NoDispScrSavPage ] [ DWORD ] [ 0\1 ] [ 1-2>P\S ] ( 5"700$wt:8!286 7 ) Setting [ NoDispSettingPage ] [ DWORD ] [ 0\1] [ 1-2>P\S ] __________________


window registry  (n) Desktop 1 Function 6$t$3 Items [ Value Name ] [ Data Type ] [ Value ] [ Path ] NoR-Click [ NoViewContextMenu ] [ DWORD ] [ 0\1 ] [ 1-2>P\E ] (Desktop 1 R-Click )05 0>) TooTip [ ShowInfoTip ] [ DWORD ] [ 1\0 ] [ 1>P\Advanced ] (}7/5 %#>0 6t F 7&/&B ! 7 $2&B#// :0 %6#6) (28 Default 1 {6F 0!"0' /'/'73) -9#5 Desktop &B Wall Paper  0#6&B/>&B/' F Display Properties >&5 Positon  Stretch, Center, Tile 2"6t&35 '% Icon 7/&B(/05 #628" 5 :3%2 $0286 7 4 For –X Wallpaperoriginx SZ from 0 to 1000 HKCU\Control Panel\Desktop (value  0 / 1000 7wt20 ) 34) For –Y Wallpaperoriginy SZ from 0 to 800 HKCU\Control Panel\Desktop (value  0 / 800 7wt20 ) 34) 2%5#/  (400 x 300) >U9 2' 4 '%  1/ 0534 Desktop 1 My Computer &B Popup Menu  $!3 (9/ Default ! U92 Value Name  & 2" 4 Value 5 0 4 Path  0 7) 34  5 0 7 :2 $%'7 34) Items [ Value Name ] [ Data Type ] [ Value ] [ Path ] Manage [ NoManageMyComputerVerb ] [ DWORD ] [ 0\1 ] [ 1-2>P\E ] (Desktop 1/&B My Computer  R-Click )0 60&BPopup Menu >& Manage $%t>%5 4) NetWorkDirve [ NoNetConnectDisconnect ] [ DWORD ] [ 0\1 ] [ 1-2>P\E ] Properties [ NoPropertiesMyComputer ] [ DWORD ] [ 0\1 ] [ 1-2>P\E ] CMD [ Default ] [ SZ ] [ C:\Windows\System32\cmd.exe ]


[HKEY_CLASS_ROOT\CLISD\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\Shell\ CommandPrompt\Command] 905/'/''34   Popup Menu >& cmd >'> 4 DeviceMgr [ Default ] [ SZ ] [ C:\Windows\System32\Devmgnt.exe ] [HKEY_CLASS_ROOT\CLISD\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\Shell\ Device Manager\Command] Device Manager >'> 4 }7/5>'> 34 ##2#6F '#60738 34 Defreg [ Default ] [ SZ ] [ C:\Windows\System32\Dfrg.exe ] [HKEY_CLASS_ROOT\CLISD\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\Shell\Disk Menagement\Command] Defreg 0&B Shortcut  4 Taskbar 1 Function 6 Manage 03 Items [ Value Name ] [ Data Type ] [ Value ] [ Path ] TaskPrties [ NoSetTaskbar ] [ DWORD ] [ 0\1 ] [ 1-2>P\E ] (TaskBar  R-Click )U9 10&B Popup Menu >& Taskbar and Start Menu Porperties Dialog Box  2"05  > ) TootTip sLongDate SZ “02&BB  >'02 2>' 4 F0F #)$#6:8!5 /%6U9 >' â€? 1-2>P\E ( 5 Task Bar &B '% 7/!"&B Time  >0 $&B (/5F0 F#)) Tooltip  $ 4) Windows Media Player  Manage 03 Items [ Value Name ] [ Data Type ] [ Value ] [ Path ] [HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\P layer\RecentFileList]  Delet 0 4 (Windows Media Player  '>&B Video File 7 /0) 05) CloseDvd [ EnableDVDUI ] [ REG SZ ] [ Yes(or)No ] [HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\P layer\Settings] ( 5 Windows Media Player /&B DVD '05 > 4)


Logon Screen  Manage 03 Items [ Value Name ] [ Data Type ] [ Value ] [ Path ] LogonTitle [ LegalNoticeCaption ] [ REG ]_[ SZ ] [ Eg. Warning Notic ] LogonText [ LegalNoticeText ] [ REG_SX ] [ Eg. Hacker Yathar, YaungSein & Princeakarit are very Dangerous For IT World. ] [HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Cu rrentVersion\WinLogon] ( 5 Windows &B Logon Screen # 3 20&B2%$ 4  20>&B /7 5) LogonText [ LogonPrompt ] [ REG_SZ ] [ EG. Sai Kyaw Swar Wai is Handsome Man. ] [HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Cu rrentVersion\WinLogon] KeyBoard & Mouse ƒ Function 6 Manage 0$# Items [ Value Name ] [ Data Type ] [ Value ] [ Path ] NoWinKey [ NoWinKeys ] [ REG_DWORD ] [ 0\1 ] [ 1-2>P\E ] (Keyboard &B Windows Key (ctrl /&B alt &5#0) 2"$t05  > 4 285 WinodwsKey+R ! Run Dialogbox 10 34) 06/ 0$#"t6/'6 Items [ Value Name ] [ Data Type ] [ Value ] [ Path ] ChangeWinVersion [ Version ] [ REG_SZ ] [Eg. Winodws 8 ] [ 2>C ] (Windows 6t  $0&> 4) ChangeCPU [ ProcessNameString ] [ REG_SZ ] [ Eg. Core i7 ] [HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\Cen tralProcessor\0] ( 5 CPU 6t $> 4 My Computer  R-Click >U960&B Properties &B System Properties F DirectX Diagnostic Tool Dialogbox  2) :84 $>&B & 1/ 4 run /273 systeminfo 2 / 2) ) 2>U9!$#05 05 4 >82$%5/50 34 DisableAdd/Remove [ NoAddRemovePrograms ] [ REG_DWORD ] [ 0\1 ] [ 12>P\Uninstall ]


(Control Pannel >&&B Add or Remove Program  2"$t05 0>  4) Registry [ DisableRegistryTools ] [ DWORD ] [ 0\1 ] [ 1-2>P\S ] (9#5 /#/(Script $%5 $t$$#) U9 2#6 34 Registry 0" 27505 4) NoAutoRun [ Autorun ] [ REG_DWORD ] [ 0\1 ] [HKEY_LOCAL_MACHINE\SYSTEM\CurrnetControlSet\Servic es\CDRom] (CD\DVD Rom  Auto Run )  > 4 25 2"05:84 :050&! autorun killer 71/) Flashy Virus 7 $%12 ""6 Items [ Value Name ] [ Data Type ] [ Value ] [ Path ] TaskManager [ DisableTaskMgr ] [ DWORD ] [ 0\1 ] [ 1-2>P\S ] (TaskManager %7505  $t0$#F Background Process 7 $ 05) FolderOption [ NoFolderOptions ] [ DWORD ] [ 0\1 ] [ 1-2>P\E ] (Folder Option %6>$#F Hidden File 7 050) Run [ NoRun ] [ DWORD ] [ 0\1 ] [ 1-2>P\E ] Registry [ DisableRegistryTools ] [ DWORD ] [ 0\1 ] [ 1-2>P\S ] (9#5 /#/(Script $%5 $t$$#) U9 2#6 34 Registry 0" 27505 4)

w9  h4 Registry  $t$9 BackUp 0> 4(2!&0 5‌‌‌‌) m4 Registry $t$&B/2>255 Path 1 /&B$t$0 User 3 & 6t234 Path 2 /&B$t$3!5 User 0" 6t234 n4 Registry $t$U927&B #  #6tB Setting 7b Refresh 0"/&B Effect 2U9 #6tB Setting 75  Restart #62 Effect 2(7 34 __________________


Windows Registry  Script 6U9 $t$$# 9 #/ }7/5 Windows Registry  Script U9$t$ ‌.. Script 3!U9 0' 0/527 /&BF /0'U92 0870' 073305 > /&B4 2:/0' 073 34 }7/5 Windows &B Operation System   &B Command Propt (cmd)  2"U9 $t$ 27$% 34 Script %55 >""  Note Pad & 2"$t 5{64 Script 9 22507/&B 2$t2507 > $$#6 34 Script 3528b 0&B Registry Setting #6 07 2> 34 d //&B5 Registry Editor >& 27&B 0 !5 !5 54 /#5 0#&B !" &B Subkey   Value Name, Data Type, Data 70' 2/ 34  /'3 # #&)35 Script  )27 Manual  $#65 :84 Script /&B$!$#b  0738F $/!/ 34 # Script >&  35 Parameter 7$$ 534 2#607 54 1. @echo off  5 Script &B 2&B 0" 4 }7/5 Win+R )0 Run Dialogbox 60 34 &B9 >& cmd 05>'0U9 Enter # 0 Windows Command Prompt 10 34 &B9 Cmd &B Dos Mode ! C:\Documents and Settings\Admin &B/w91/ 0534 }7/5 Script 7/&B 00&B #6/ $0/&B 0005  @echo off !>'0$#$%5 > C:\Documents and Settings\Admin / 6/ 34 2. echo  5  %$0 2 Dos Mode  Output($ ) $35 /&B B2" 34 $20&B / echo &B / :#6U9  34 z4 Sai Kyaw Swar Wai is handsome boy. #63! 5‌ b9b echo Sai Kyaw Swar Wai is handsome boy.


 5‌‌‌.. 3. echo. echo / %85(.)  05 $#0 4 /7 '05   #6&0&B 2: &4 4. :_ Full Column & Under Score 2Â’)# &B Keyword 5 Script #&B  #! 2 4 # z3 5{64 5. color color !5  5{6‌‌. Background Color /&B 0" Color 7 4 z //&B 0A ! B 0  /#" Background, / A  0"  $ 4 3056 0  & A 0">&>3!5 Background b Default  $%&B /& $%/ 0534 7/&B  205 keyword 7 2#63! cmd >& color/? !U9>'U9 '05) 34 6. set val=  5 $/'/'(34 0/&B5 /0'27 4 $$3! user  Input #270&B # &B9 Input  Val !&B /# //&B 2305$ 4 Variable 6t6t&B / String 6t &$%305$ 4 9/ set !&B keyword  2$%35 val 5 wt05 34 7. set /p val= > /'8 &4  5 User  Input # >'%5  4 /p  &B 7 2>&B input b program  00 :84 val 5  4 8. if  5 /# 2U905 user  input 270&B #  2>/ :0 F 2>b :0 ! if


/&B 34 25:8{6‌. 0(0$%270534 /0'2&B087 %5 54 /0'&B287 %55  ! 5/‌‌.. (285&B/ /I  0( if /I ) ! Input  A = a , w9w9F 22 00 3F 2:5 737:8 5{6F MZ  Â?/' (Â?8Â?8) 0 5) 9. cls  5 2/5 4 Screen  (/ cls 2"0F /U92&4 10. pause  5 ##0U905 /&B #6/ $2%5 &B0" &4 90"0>'0 “Press any key to continueâ€? ! 10 0534 11. goto  5 :3270& #&  54 27#6&B # z#& 7  $ 34 #‹ >>&B “ :_ â€? # z#7&27&B0 4 12. call  !5 #1 5/4 0 program / #6!>&B / Program # 0#1 4 call Hide 1.cmd ! Hide 1.cmd !B& % run  0534 ( $# (call) &Bx75 2F 5 5/&B !23 7 ) 34 ) 13. exit 0 program />7305$ 4 (MZ  exiter /&B0"(0") 2! 4 $& >7/&B >7 b Mafia /&B >7 $%/ 34 14. reg add  05 w9 34 d  0'b 34 add !5  F >'   5/4 reg 7  >'&B # 2" 34 2850' !5&( 0#7& ) Parameter 07F 2#6 07 34 2"6 /v, /ve, /t, /d, /f 5$% 34 /v - 5 Value #/'#6&B # 2" 34 reg add &B / :#6U9  34 /U9 285/& :#6  U9 >'#6&B reg &B Value >' 34


/ve - 5 Value Name  User   4 &B Default & 2" 3 !&B # 2" 34 /t - 5 Value &B Data Type  $ 4 Data Type (p) 6t>& :3 Data type  2"3! /t #"U9$ 34 z - REG_DWORD  $3! /t reg-dword !U9 /t / :#6U9 $ 34 /t !&B 2 0:8!5  285&B Default Data Type $%B& REG_SZ 05& 227$% 34 /d - 5 DATA $ 4 >""  285/ :#6U9  34 /f - 5 data #>'&$%$%F %6&$%$% $t0&B # 3# 2>&B /% ##/ 0534 &B9 /% %6005 program  user  $/ 34 /f >'>5 /&B /%60 05 $ &4 15. reg delete  34 %6 5 reg %6 4 reg add  ## >'3! Value name /v, Data type /t, /d 5 $%/>' reg /%>'05 4 reg delete 5 /v # %6/&B  0"0 34 /% %6005 #65 0' /f  >'04  ! &‌‌‌‌‌‌‌.  7 0"b Script 35 Parameter 07 &4 #20F 0' 0738 :84  7%U95 :/0& 2z93 > :84 2"0& 2 4 #2$t :w  8'9 34 b Script  00 :84 }7/5 Script (Program) #  # Program #/&B  205 /'3$$#6 34 Program # Input , Process , Output !U92"6t 34 Input = User  >' Process = 7/6= 0! Output = 0!#67 $2 92"6t 06z25  z 34 U9#' 54 0027&B /'075 92"6t 0' &4 R  5{6‌.. Input ------------Ă  Process -------------Ă  Output 92:5  34 3- 03 - $%2734


Output-----------Ă  Input----------Ă  Process------------Ă  Output  5 $%)7 #6$34 User  7#63#7534 User 7#630&B (Input)  7/6= 0034 $!&B $%2734 95 335 Script  :300 270&F $/5& >'  7>'F %67 %604 2'$%5 Script # w!7&>25 34 Psuedo Code & Flow Chart 75 !7& /&B4  7 !7&#63!5 9 %0 4 ( b $ 0 )4 & U9 0'0 {6‌‌‌‌. >z9!" //&B Run Command %6'34 # '$! %6:8{64 'U9 %6 54   27 Note Pad >& 8>'0 4 @echo off color 0a :-main echo. echo. set /p val= Do you want to hide Run Dialogbox(y/n)? if /I "%val%"=="y" goto -Hide if /I "%val%"=="n" goto -Quit goto:-main :-Hide echo. echo. reg add hkcu\software\microsoft\windows\currentversion\pol icies\explorer /v NoRun /t reg_dword /d 1 echo. echo. pause exit


:-Quit exit  08U9 notepad >&>'F /U9 wt&B/'U9 .cmd /&B204 z norun.cmd  54 20&B %0 '0 27"0/&B 1/0534  0)#6 )0 Do you want to hide Run Dialogbox(y/n)? !0100534 //#"1  //&B4 Run  #63 ! y 050U9 Enter # 0 4  !5 The operation completed successfully Press any key to continue‌ !10U9 9 ## )0/&B cmd 0& 0 0627 0534 n )U9 Enter # 03!5 # ' cmd 27$% 34 y , n b&B $#0" ##>'3!5 &B9 22 > 0&0& 1/$% 34 __________________ Script  2#6&087 7 & Script 7 $ 3  Script   b 32 2& Script 38 U9 &9 Script >& Command or Code 7   :   :0!U9 2& 28 33  b U9 #6 #63{64 z 1/ @echo off 2/ color 0a


3/ :-main 4/ echo. 5/ echo. 6/ set/p val = Do you want to hide Run Dialogbox (y/n)? 7/ if/I"%val%"=="y" goto -Hide 8/ if/I"%val%"=="y" goto -Quit 9/ goto :-main 10/ :-Hide 11/ echo. 12/ echo. 13/ reg add hkcu\software\microsoft\windows\currentversion\pol icies\ explorer /v Norun /t reg_dword /d 1 14/ echo. 15/ echo. 16/ pause 17/ exit 18/ :-Quit 19/ exit ---End ---0 (h) - "@echo off" Program   $%  3 490"  Display Window  (>7( 7$%/ 3490" & 7 3$#6 00 $ 4 0 (m) - "color 0A" 0BB> Program   #"  /F 0" 2"30B $ 4 0 /(n) - ":-main" 0B> 34 Program  0738/ Subprogram


7#7&U9 0 34 9Program  Input  | Process /&B Output   | Program %B  |    (n) #7&U930B z> 34  0  (n)   b Program   #$% 34 28B main 0B '>30B $ 4 wt/' 0B 34 0 (o)(p) - "echo." ! 6z 07 (m) $#U9 1#60B 2"> 4 0 (f)(Â&#x;)( ) - Input  4 User !9 Input 3F &9 Input  val !& //&B %3834 User >'3 Input b "y" or "n" &$%30B $ 4 Input b "y" (22w9w9) Hide !& subprogram 2730B 0 (Â&#x;)  $ 4Input b "n" (22w9w9) Quit !& subprogram 2730B 0 ( )  $ 4 0 (ÂĄ) - User 270& Input b "y" 0'bF "n" 0'b  80#7/& $/1  subprogram main $/27%B $ 4 0 (h) - Subprogram Hide $%305 $ 4 0 (hh)(hm) - 6z 07 m  0 (hn) - Process  4 User  Hide 0#630B $& 7 Run Box  0 User  $ 0& Registry Setting 7 Registry >>' 4 0 (ho)(hp) - 6z 07 m  0 (hf) - Program />7%B wt #0## ) 0B  Output >  >'> 490  >' 0' 34 >' Program  #6#627 $% 34 0 (hÂ&#x;) - Program  %B > 4 0 (h ) - Subprogram Quit $%30B $ 4


0 (hยก) - User  "n" 700B 00:& Program /%B >'> 4 9 Script Program  :3020&! U9> 34 ------------------------------------------------------------------------  >8#}7/ &B Introduction to WINDOWS REGISTRY !&  >& 4 ------------------------------------------------------------------------Ref -mysteryzillion mysteryzillion


Window Registry