Edu19-Win32RegistryTutorial

7/29/2019 Edu19-Win32RegistryTutorial

1/17

Windows Registry Editor

%By Edu%

Introduction

The registry is a database that stores all the Operational System configuration and

informations. The Registry Editor Tool is located by default in the System folder. The 16-bits Windows95,98,ME Registry Tool (application) is called Regedit.exe while 32-bits

Windows NT4,2000,XP,2003 have both Regedit.exe and Regedt32.exe applications.

The files that composes the registry in Windows 95/98/ME are system.dat and user.dat.On Windows NT/2000/XP/2003 the files are SOFTWARE, SYSTEM, SECURITY ,

SAM.

Main

To open your Registry Editor Tool go to Start Run and type regedit without the

quotes. The Regedit window will appear and you will see a main element that is Mycomputer . When you double click it you will see the Registry ROOT KEYS They have a

'folder icon' and they are like directories. There are 5 RootKeys. PS: Windows 95 and 98

have a 6th RootKey called HKEY_DYN_DATA A table is available below with theRootKeys names and a basic description for each of them.

ROOT KEY Description

HKEY_LOCAL_MACHINEContains specific configuration information

of the computer. (Valid for any user)

HKEY_CURRENT_USER Contains the base of configuration

information for the current logged-on User.Screen, colors, Control Panel and folders

configurations are stored here. These

informations are called User Profile

HKEY_USERS Contains the bases of all users profile on the

computer. HKEY_CURRENT_USER is asub-key of HKEY_USERS

HKEY_CLASSES_ROOT It is a sub-key ofHKEY_LOCAL_MACHINE\SOFTWARE.

The informations stored here guarantees that

the correct program will be executed when


2/17

you open a file using the Windows Explorer

HKEY_CURRENT_CONFIG Contains information about the hardware

profile used by the local computer in thesystem startup

HKEY_DYN_DATA (Windows 95,98,98SE Only)

Contains configuration informations that are

stored in RAM and statistics gathered for

many network components currently in useon the computer. The information in this key

is newly created on every Windows startup.

Those RootKeys above have some keys with sub-keys (left side of the Registry Panel).The keys and sub-keys contains values of a valid type and with some data (right side of the

Registry Panel). These values contains information such as strings and numbers. Some

numbers have a specific meaning that will affect the Windows configuration depending onwhat it was set to. The Windows 9x/ME Registry editor seems to only fully read REG_SZ ,

REG_DWORD and REG_BINARY value types. It doesnt display the type in the Regedit

window, only the value names and its respective datas. The following table provides aquick description of the value types and their properties.

Type Description

REG_BINARY Usually hardware-specific data

stored in hexadecimal format, as

viewed from regedt32.exe. Bydefault, it will be displayed in

hex, but the editor can use either

binary or hex display.

REG_DWORD Usually service- or device-related data. The value is

numeric, four bytes long, and

viewed as hex data, but can beedited as binary, decimal, or

hex. To avoid headaches, I also

edit it as hex lest I confuse

myself.

REG_DWORD_BIG_ENDIAN This data is stored as a 32-bit

value. The data is weighted with

the highest-ordered byte first.

REG_SZ Terminated fixed-length text

(Unicode) string. These and


3/17

other SZ datatypes are given

String editors by the registry

editor to administer the values.

REG_MULTI_SZ Multiple data listings,

represented by text. Thesevalues can be separated by

spaces, commas, or otherdelimiters.

REG_EXPAND_SZ A data string whose data length

may change. An example is thefolder path to a file or directory

for application and

environmental variable support.

REG_LINK Linked data stored in Unicodeformat.

REG_FULL_RESOURCE_DESCRIPTOR When viewed, gives information

such as hardware DMA, IRQ,and memory address length.

Data is displayed in hex and can

be edited using byte, word, ordword format. Regedit.exe gives

only a binary editor with hex

representation of the data,

without regard to specific

application of the data.

REG_NONE When values are not given as to

datatype by an application, orthe data is encrypted so that

Server 2003 is unable to

determine the value type.

REG_RESOURCE_LIST regedt32.exe displays basic typehardware resourcesinterface

type and bus number

REG_RESOURCE_REQUIREMENTS_LIST Related to Hardware or Driver.The value data is represented inhex format. It displays a

requirements list that contains

elements such as AlternativeList , Resource List ,

Descriptor, Device Type


4/17

REG_QWORD Just like REG_DWORD value

type. The only difference is that

REG_DWORD is a 32-bitnumber and REG_QWORD is a

64-bit number.

You can edit Registry values to fit your needs, or modify some configuration but it is

extremely important that you know what exactly you are doing, what will be the effects on

the Operating System. It is highly recommended that before editing the registry you do acomplete backup of it. To do this right click on the first element, that is 'My Computer', and

then click on 'Export'. All the information existent on your Registry will be saved in a .REG

file that can be edited with notepad and executed by double-clicking on it. Notice that .REGfiles are Registry scripts that edits the registry. Editing the registry means that it can add,

rename or delete keys, modify, add or delete a value. To delete a key on the registry, right

click on the desired key and click 'delete' To add a new subkey, right click on the main keyyou want to create it on and click 'new key'. You can set up a name for this key. eg: create a

key called 'abc' on the 'Software' key of HKEY_CURRENT_USER root key. Double click

on my computer, then double click the Root key HKEY_CURRENT_USER, then double

click the key Software and you will see its subkeys and values on the right side of theRegistry Panel. Now right click on 'Software', click 'new' then click 'key' and rename it to

ABC . Suppose now you want to add a string value type of REG_SZ called '123' and value

data as 'windows' Right click on the 'ABC' key, click on 'new', then click on value of thesequence. a REG_SZ value type will appear on the right side of the Registry screen.

Rename it to '123' and press enter. Now double click this value and type 'windows' on the

"value data" field . Press enter and you are done. Now lets add a REG_BINARY valuetype called 'Bin' to the 'ABC' key and value data 43; Right click the 'ABC' key, click 'New',

then click 'Binary value'. Rename this value to 'BIN' Now double click the 'BIN' value and

type '43' on the "value data" field. Notice this field is big and when you type something it is

automatically converted to hexadecimal, appearing as a decimal value on the center of the"value data" field and appearing as a hexadecimal value on the right side. at the left side

there is 4 numbers. These 4 numbers appears on each line, depending on the numbers of

lines took to write the value data. It begins with '0000' in the first line; 0008 in the secondline; '0010' on the third and so on. REG_BINARY values can be in Hexadecimal or in

bytes. It is possible to add a Registry key to Favorites so that you can open it very fast

without having to open the RootKey, then the sub-key, the the other sub-key and so on. Todo this, on your Regedit window, go to they desired key and click it once; Now , on the

top of the Regedit window, click Favorites and click Add to Favorites. A small

window will show up displaying the name of the key on the white field. You can rename itto whatever you want and click OK. For example you can add

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services to Favorites and name

it NT_SERVICES. When you need to quickly access this key, you click Favorites then

select NT_SERVICES. You will be instantly brought to the Services key. It is possibleto delete these Favorites as well.

REGEDIT.EXE and REGEDT32.EXE Applications . Whats the


5/17

difference???

REGEDIT.EXE application when run can view and edit keys and values on the registry of

NT based systems but only partially cause it is intended for 16-bit Windows. Only

REGDT32.exe application can fully edit the registry and it is intended to 32-bit Windows.

On Windows NT and 2000 if you use REGEDIT.EXE to edit REG_EXPAND_SZ andREG_MULTI_SZ value types you will have problems cause the value will become a

normal REG_SZ type and therefore will not perform the expected action. Also it is not

possible to edit Security in the registry keys.On Windows XP and 2003 REGEDT32.EXE is only a small tool to open REGEDIT.EXE

application. Fortunately REGEDIT.EXE application on XP and 2003 can fully edit the

registry.

Permissions & Restrictions

Its also possible to set up access permissions on Windows 2000,XP,2003 for Rootkeys

and sub-keys. To do this, right click on a registry root key or sub key and click on

"Permissions". A new window will appear. There you can select what users can access ormodify on an specific root key or sub-key and their access rights. Users with administrator

privileges have, by default, full access; That means, read, write, delete any key or value.

Restricted users can only read. They can write or delete some specific keys or values,

generally related only to that user itself. Some keys in the registry cannot be even read byrestricted users. You can customize those settings: A list of existing groups and users of the

local computer will be available. You can customize what users can have full access to, or

restrict access, depending on your needs, by selecting what kind of access a specific userwill have to the selected key to set the permissions. You can select, for example, only the

read right on that key. Supposing this user is called 1, and you have users 1,2,3 everyone

with admin privileges, when you set up this restriction, only User 1 will be able to only

read . users 2,3 will have full access. You can also do this to a registry sub-key. Theprocedure is the same. Also you can restrict specifc user(s) to view a root key or a sub key.

This means that the user wont be able even to open that selected key. if that user tries toopen that key, an 'Access denied' error message will show up. Registry

Permissions/Restrictions in general are important when you have more than one person

accessing the computer, or when the computer is inside a LAN that has many users

accessing it and the computer has important data.

Remote Registry

There is a service in Windows 2000,XP,2003 called Remote Registry. By default this

service is enabled and automatically starts on every Windows boot. Its like a Registry

server intended to receive remote connections of computers of the same network. Toconnect to a computer running

The Remote Registry service, in your Regedit window click File , then click Connect

Network Registry. A small window titled Select Computer will show up. You will have3 basic fields:

First one is titled Select this kind of object. Below this it is written Computer. The

second field is titled From this location. Below it is written GROUP. The third field istitled Type the object name to be selected. Below this there is an empty field where you


6/17

are supposed to type a valid Computer Name or IP address. Supposing inside your network

you have a computer called Comp1 and IP address = 192.168.5.5 . You can type Comp1or 192.168.5.5 in this field. Click OK. If all was right you should get a Logon Prompt.

As this service by default is designed for a main security user (Windows XP and maybe

2003, I didnt test on 2000 but should be identical) you can type there the

Name of this user that is NT AUTHORITY\NetworkService, click OK and after fewseconds be connected to the remote computer. (NT AUTHORITY is the domain name and

NetworkService is the user name; Domain Name was specified since NT AUTHORITY is

not the default domain name.) You can also login with any other valid User Name existentin the target computer.

After connected to the remote computers Registry you will see the computer name or IP

address depending on which of them you have specified. 2 Root Keys will be available foredition :

HKEY_LOCAL_MACHINE and HKEY_USERS\s-1-5-xx where xx is the number related

to the Username you logged on to the remote computer. To disconnect click on File then

click Disconnect Network Registry.

Importing to the Registry

Besides those things you can do, it is also possible to edit the Registry using scripts, and

applications written in most programming language such as C++, Java, Fortran, Visual

Basic, Delphi, Asm, etc The scripts could be the default Registry script file (.REG files),VBScript, Javascript, etc In this tutorial we will only discuss the default Registry Script

(.REG files) .

With the .REG scripting you can basically add values to the Registry, delete values, deletekeys, add keys and modify values data. This type of Script begins with a title being the

Version of the Windows Registry . For Newer Windows, it is usually Windows Registry

Editor Version 5.00. But if you want a script that is compatible with ANY Windowsversion, including 95,98,ME,NT4 you can change this title to REGEDIT4 .Notice that it is very important that you write the title exactly as it appears. If you, for

example, type regedit4 it wont be recognized by Windows and errors will happen. Same

thing goes to version 5. If you type windows registry editor version 5.00 you will run intoerrors as well. The structure of this script is the following:

----------------------------------REG Script -------------------------------------------------------------Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\MySoft1]

@=MySoft1 default valueValue1=3

Type=dword:00000001

Environment Variable=hex(0):40,01,00,00,0f,00Key=hex: 20,04,00,00,0f,00,70,00,50,00

RelativePath=hex(2):63,00,3a,00,5c,00,6d,00,79,00,73,00,6f,00,66,00,\

74,00,31,00,5c,00,73,00,6f,00,66,00,74,00,2e,00,65,00,78,00,65,00,00,00Applications=hex(7):61,00,62,00,63,00,20,00,64,00,65,00,66,00,20,00,\


7/17

67,00,68,00,69,00,20,00,6a,00,6b,00,6c,00,00,00,00,00

MainType=hex(5):40,01,00

[HKEY_LOCAL_MACHINE\SOFTWARE\MySoft1\Preferences]

AlwaysRunMaximized=dword:00000001

-----------------------------End of REG Script----------------------------------------------------------

Notice that REG scripts begin with the Version information of the Registry Editor.If you try to import REG scripts that begins with Windows Registry Editor Version 5.00

to a Windows 95,98,ME or NT4 Registry, you will get an error. In order to overcome this

you can start the script with REGEDIT4 instead. This one is intended to any Windowsversion, including recent ones like XP Service Pack2 and Windows2003. The second line

of the script is in blank, just to let it more organized. Next line you have the Registry path

between brackets [ ]. Notice that if you forget those brackets the script wont do what it

was supposed to. In the line below it there is a @ (with no quotes), an equal signalafter it, and MySoft1 default value (between quotes). The @ means the default value.

Every key that you create will contain this default value, and usually contains no data. If no

data specified you will see this: (Value not defined). The equal signal must exist to separatevalues and its datas. The value name in this case is Default , type REG_SZ with data

being MySoft1 default value. The same thing goes to the line below:

The value name is Value1, type is REG_SZ and value data is 3. Notice that any valueexcept the Default Value ( @) must appear between quotes. When you have value types

different from REG_SZ, the respective data will appear without the quotes. Notice that the

other values data (REG_DWORD,REG_BINARY,REG_EXPAND_SZ,etc) appear withoutthe quotes. Notice that the other values datas, except the REG_DWORD and REG_SZ

types, begins with hex: or hex(z): , Where z is a number between 5 and 9, and this will be

the determinant of the value type. z could also be 0 or 2, or could have no value between

the brackets (eg: hex:00,12,00 or hex(2):00,01,00) and also could be a or b. Below thereis a table with these values for z and the resulting value type.

HEX(z): Resulting Value TypeHex: REG_BINARY PS: this is the same as Hex(3):Hex(0): REG_NONE

Hex(1): REG_SZ PS: Not recommend to use this specific hexdue to generate data that is not correctly interpreted by th

Registry and therefore will appear as weird symbols.

Hex(2): REG_EXPAND_SZ

Hex(3): REG_BINARY PS: this is the same as Hex:Hex(4): REG_DWORD PS: Not recommend to use this specif

hex(4): due to generate data that is not correctly interpretby the Registry and therefore will appear as invalid dwo

value. Simply use dword: instead

Hex(5): REG_DWORD_BIG_ENDIANHex(6): REG_LINK

Hex(7): REG_MULTI_SZ


8/17

Hex(8): REG_RESOURCE_LIST

Hex(9): REG_FULL_RESOURCE_DESCRIPTOR Hex(a): REG_RESOURCE_REQUIREMENTS_LIST

Hex(b): REG_QWORDThe 14th line as you can see is in blank (for organization purposes) and just below there is

another Registry path that is just the same as the 1st

one in line3, but there is a subkey forMysoft1 called Preferences, and a value type of REG_DWORD calledAlwaysRunMaximized with data as 1 (in dword 0x00000001). This is not just an

information, this has a meaning. The meaning is 1. And 1 means True. 0 means false.

Well so we can figure out that MySoft1 program Window is configured to run always in

always maximized. Some programs also stores configuration such as User password in theregistry, but encrypted and it is usually a REG_BINARY value type.

The REG script below will delete a value from the registry and then, an entire key,

including subkeys and values.

-----------------------------------------REG Script-------------------------------------------------------

REGEDIT4

[HKEY_CURRENT_USER\Software\Soft123]

type=-

[-HKEY_CURRENT_USER\Software\Soft123456]

-------------------------------------End of REG Script--------------------------------------------------

Notice the above script is able to run in any Windows version, not only in 2000/XP/2003.

(due to beginning with REGEDIT4). The firs script will only be able to run on2000/XP/2003, unless you change the title (Windows Registry Edition Version 5.00)

to REGEDIT4 . To delete a value it is used a minus signal after the equal signal of an

specific value, in our case the value is type. To delete a key in the registry, we simplyhave to put a minus signal before the key path. This will delete the last key specified in

the path (in the case Soft123456) and all its sub-keys and values.

None of the 2 scripts described above contained value types of REG_LINK,

REG_RESOURCE_REQUIREMENTS_LIST, REG_RESOURCE_LIST,REG_FULL_RESOURCE_DESCRIPTOR, because these are related to Hardware

information and configuration , very few used, except by the Hardwares itself by the time

they are installed. REG_NONE and REG_QWORD types are also very few used. The firstone happens when the Registry cannot interpret the data (sometimes because it is

encrypted) and therefore cannot establish the value type. The second one is a 64-bit value

generally used to store information about hardware stuff.

Exporting from the Registry

To export a desired key from the registry, you simply have to right-click that key and select

Export. A new window prompting where to save the key will show up. Where you see

filename, you type the name you want for the file to store the informations about the key.


9/17

In the Save as type field, you can select Registry Files (*.reg) , txt file, registry

ramification files or Win9x/ NT4 Registry files (*.reg) .Depending on what you will dowith the REG file, you will select one of those options. If its just for studying/analising

purposes, then you can save it as a normal txt file. Lets suppose this file will have

informations about NT Services (nt services are only intended for the nt systems and

therefore wont work in Windows 95,98,ME) then the best is saving it as Registry Files(*.reg) . But supposing the REG file contains informations about a software for example,

and this software is able to run in any Windows version. Then its better to save it as

Win9x/ NT4 Registry files (*.reg), because this way the file can be imported to theRegistry of any Windows. Just bellow this, in the bottom of the window, you can see the

Export Interval section, and below the complete registry path to the key you will be

exporting. If you double click a REG file you will be prompted with a message Are yousure you want to import the information contained in file.reg to the Registry?.

(Supposing file.reg is the file you want to import to the registry). If you click No the

operation will be canceled, if you click yes, and the REG file is valid and correct you will

get a message saying the information on the file.reg was successfully added to theregistry.

Editing the Registry via Command Line

We have already seen it is possible to edit the Registry manually and using scripts. It is also

possible to edit it using the Windows Command Prompt (COMMAND.COM in anyWindows version and CMD.EXE in Win NT4/2000/XP/2003).

The REGEDIT.EXE tool has a GUI part and a command line part.

REGEDIT.EXE command line syntax:

Command Effect

REGEDIT /E Exports keys and values from the Registry to a .REG fileREGEDIT /I Imports a .REG file to the Registry. Before writing to the registry

Confirmation prompt will appear asking if you really want to imp

to the registry

REGEDIT /S Imports a .REG file to the Registry in silent mode. No confirmatio

REGEDIT /D Deletes a key from the registry. (Win9x only)

REGEDIT /L:System Specify the location of System.dat to use (Win9x only)

REGEDIT /R:User Specify the location of User.dat to use. (Win9x only)

REGEDIT /C Compress the Registry. (Only works on Win98)

Below it will be shown usage examples for the above commands.

REGEDIT /E c:\file1.reg HKEY_LOCAL_MACHINE\SOFTWARE\Some ProgramThis will export the registry key Some Program located in

HKEY_LOCAL_MACHINE\SOFTWARE to a file called file1.reg in c:\

REGEDIT /I c:\file2.reg


10/17

This will import the informations in file2.reg to the Registry. A confirmation prompt will

show up.

REGEDIT /S c:\file3.regThis will silently import the informations in file3.reg to the Registry. No confirmations

prompts

The above commands are the most used ones and works on all Windows versions.

The /L:System and /R:User parameters are optionals, only works on Win9x andcomes before all the other parameters .

Example: REGEDIT [/L:System | /R:User] /S c:\file1.reg . This will silentlyimport the informations in file1.reg to the Registry, specifying the location of System.dat

and User.dat to use.

REGEDIT /D is few used and only works on Win9x . It is intended to remove a keyfrom the Registry. Example : REGEDIT /D

HKEY_LOCAL_MACHINE\SOFTWARE\Soft1This will delete the key Soft1 located in HKEY_LOCAL_MACHINE\SOFTWARE from

the Registry.

REGEDIT /C will compress the Registry. It is intended to work only on Win98. Theusage: REGEDIT /C [filename]

Windows XP and 2003 comes with a command line tool to edit the Registry and its calledREG.EXE .By default Windows NT4 and 2000 dont have this tool, but its available in

the Windows Resource Kit Tools package and can be freely downloaded from

Microsoft.com or simply copied, along the application Regini.exe, from Windows XP or

2003.Below there is a table with the REG.EXE commands and their effects.

Command EffectsREG QUERY Queries a Registry key or value by its given name.

REG ADD Adds a key or value to the Registry

REG DELETE Deletes a key or value from the Registry

REG COPY Copies subkeys and values from a key to another.

REG SAVE Saves a Registry section to a file.

REG RESTORE Restores a file to substitute a Registry key.

REG LOAD Loads a file in a Registry key.

REG UNLOAD Unloads a Registry Section

REG COMPARE Compares values and sub-keys from a key with the respectivevalues and sub-keys of another key

REG EXPORT Exports/Loads a file in a Registry key.

REG IMPORT Imports a file to the Registry.

REG.EXE makes it possible to write Registry RootKeys by its short name as showed below


11/17

HKEY_LOCAL_MACHINE = HKLM

HKEY_CURRENT_USER= HKCUHKEY_USERS = HKU

HKEY_CLASSES_ROOT = HKCR

HKEY_CURRENT_CONFIG = HKCC

Below it is available some examples of the usage of the commands listed in the above table.

REG QUERY HKLM\SOFTWARE\Soft1 /v Config This will display the registryvalue of Config

REG QUERY HKLM\SOFTWARE Displays all the values and sub-keys of the keySoftware

REG ADD HKCU\Software\Mysoft2 Adds a key called Mysoft2 to the Registry.

REG ADD HKLM\Software\War /v Types /t REG_DWORD /d 1 /f Adds a key calledWar (in case it doesnt exist yet) and a value called Types with type of REG_DWORD

to the Registry. If /t is omitted the value will be type REG_SZ. The /f parameter is toforce the action that is being taken with no confirmation prompts.

REG DELETE HKLM\SOFTWARE\MySoft1 /f Deletes the key Mysoft1 and all itssub-keys and values with no confirmation prompts.

REG DELETE HKLM\SOFTWARE\MySoft3 /v path /f Deletes the value pathlocated in Mysoft3 key with no confirmation prompts.

REG COPY HKCU\SOFTWARE\Soft1 HKCU\SOFTWARE\Soft1_Backup /f Copiesall the sub-keys and values of Soft1 key to the Soft1_Backup key without confirmation.

REG SAVE HKLM\System\CurrentControlSet\Services c:\Services_Backup.TXTSaves the Registry Section Services in the file Services_Backup.TXT located in C:\

REG RESTORE HKLM\System\CurrentControlSet\Services c:\Services_Backup.TXT Restores the file Services_Backup.TXT to substitute the Registry key Services.

REG LOAD HKLM\System c:\hklm_System.TXT Loads the file hklm_System.TXTin the registry key HKLM\System .

REG UNLOAD HKCU\Software Unloads the Software section in theRootKey HKCU .

REG COMPARE HKCU\Software\MySoft2\System1HKCU\Software\MySoft2\System2 Compares all the values under the key System1

with System2

REG COMPARE HKCU\Software\MySoft2\System1HKCU\Software\MySoft2\System2 /v Path Compares the the value of Path in the keys

System1 and System2.

REG COMPARE HKCU\Software\MySoft1 HKCU\Software\MySoft2\ /s Compares


12/17

all the values and sub-keys in the keys MySoft1 and MySoft2.

Return Codes: 1 = Success, the compared result is identical. 2 = Failure. 3 = Success, thecompared result is different.

REG EXPORT This is exactly the same as the REG LOAD command.

REG IMPORT c:\file.reg Imports the file.reg located in c:\ to the Registry.

Final Notes

Notice that 'REG.EXE' application is a command line tool that is intended for Windows

NT4,2000,XP,2003 but it is built-in only in XP and 2003. The 'REGEDIT.EXE' applicationhas a GUI (graphical user interface) and some command line parameters. The

REGEDT32.EXE application is only present on 32-bit Windows Operational Systems such

as Windows NT4,2000,XP,2003.

Remember to ALWAYS make a complete backup before editing the Registry as well asediting any other kind of configurations, files, important informations, etc.

This article will show, explain and detail some things related to the Windows Registry and

you will probably learn some cool things from it, but it will NOT , in any way make you

become an Expert; There is lots and lots of other tricky things you can do with this cutelittle tool called Regedit, such as editing information and configurations of softwares and

services, set up specific restrictions to the Registry itself or to any other Software, change

the OS look, visual effects and some graphical related stuff, among other things and you

will have to look deep inside and understand the meaning of some common used valuedatas. Tip: Look deep inside REG_DWORD values data and you will learn a lot and better

understand the options and configurations that were set up in your Windows.

Finally, I hope you have enjoyed

---------------*END*-----------------

Author: EduardoContact1: [email protected] (MSN)

Contact2: 147367087 (ICQ)
mailto:[email protected]:[email protected]


13/17


14/17


15/17


16/17


17/17

Documents

Edu19-Win32RegistryTutorial