Skip to main content

127.0.0.1 - few Questions

More
17 years 3 months ago #22703 by TheBishop
My comments about hardware/software were general really, all I was saying was that whatever it is that you're interested in then rather than doing loads of off-line conceptual research do enough to overcome the 'getting started' barrier then start having a play with it. Youll learn more thoroughly that way.
Regarding the registry, think of it as a database that contains all the configuration settings for your PC. Inside it is arranged in a tree structure to give you some sort of chance of figuring out what is what, and as you've noted there are keys and values. There are loads of keys, subkeys and values just associated with Windows itself and how it runs. Almost all the configuration settings you might change or set through a Windows GUI (in Control Panel for example) will be changing the values in these keys for you behind the scenes. In addition any software you install on your PC is also free to create its own keys and values to record whatever settings it needs to work properly, and the software installation will also modify some of the Windows native keys (to create an association with an new file type for example). As to what goes where in the registry there are set conventions about this and also about how the data gets used both by Windows and the applications. Have a search on the MS website and also on Google and you'll find loads of info.
DLLs (you might know this already) are a convenient way for the writers of Windows software to call in bits of re-usable code as and when required while the program is running. Rather than code it all into the application they include routines to fulfil specific tasks and functions in a .DLL file and then the main program calls it into memory when it needs to. The DLLs you're intested in sound as if they are being called up either at start-up or when you log in, and the key question is to identify (as we've discussed earlier) the physical location of the DLL file on your machine. Once you know that you can look at the DLL file properties and google for information about it to decide whether it is okay or not. For example, if it is a DLL supplied as standard with Windows and it lives in C:\Windows\System32 then you'll be less worried than some esoteric unidentified one that is sitting in an odd location somewhere. That's not to say, of course, that some piece of malware might not have replaced an apparently innocent Windows DLL with an evil one - hence the internet searches as these will tell you that
More
17 years 3 months ago #22708 by Neomax
Thanks again TheBishop,
You explained everything pretty well there.
And I will certainly use the link to verify that the system dlls are genuine.

Ive now done a bit more research into the registry, and this is what I would like to contribute for the time being..

How the Registry works

From what I now gather, the Registry is a Hierarchy database containing all the configuration settings for the PC..
Almost any configuration/ alteration made to either the hardware, programs or the OS will in turn change or add values to this Hierarchy Registry Database.

Bit of History if anyones interested…
The registry first appeared in Windows 3.1. But unlike modern pc’s, it was all stored within a single file called Reg.Dat. Most other config data was held in various INI files, of which Win.INI and System.INI were the most important.
The Modern Registry now brings together all these separate files, and has a number of advantages in doing so. Because the info is now all centralized, it is much easier of applications to access and now also better suited for storing large amounts of structured data. INI files were also restricted in the size in which they could be, unlike the registry which has less limitations.
In saying this however, I am lead to believe that even the registry database has a maximum size limit, but at present, I am unsure what this size is.


I now understand that the entire Registry is split into 6 broad sections, (5 in NT).
These sections all begin with “HKey_” and are also known as Root Keys or Top Level Keys.
Each root key contains Subkeys, and these Subkeys can contain even more Subkeys.
The lowest level keys then contain values.
Keys & Values both hold data which can either be as ASCII or Binary input.


Now…This is where it gets a bit confusing as I try and understand how the Root Keys are structured and which each one is actually for!
It will take me a short while to get my head round all this as well, but now that I’ve written it down in a way for me to comprehend, I can then go back and read over my notes for it all to finally sink in.

These are the main Root Keys held within a NTFS. (New Techology Filing System)

HKey_CLASSES_ROOT
HKey_CURRENT_USER
HKey_LOCAL_MACHINE
HKey_USERS
HKey_CURRENT_CONFIG

And you also get…
HKey_DYN_DATA that is not on XP and I will talk about this at the end after the more immediate and relevant keys are discussed first.

Oh Boy! This is where it is beginning to get confusing so I will more than likely edit this post a bit later to try and clear things up some more.

Trying to piece all these Keys together is starting to get a bit confusing as it now begins to talk about Aliases!

Ill try and give a brief example of an alias for the time being. But when I get my head around it all, Im sure I will be able to explain a bit better.
Oh Boy!!

Out of all the main 5 ROOT KEYS,
1 is actually just an Alias of other parts within the other RootKeys.

HKEY_CLASSES_ROOT is also known as an Alias for HKEY_LOCAL_MACHINE\Software\Classes.


From what Ive gathered about Aliases so far, they are not copies of the same info, just a different view point of this same info.
If you edit the data within the “Alias” the change is immediately reflected in the part of the tree where the “alias” is located.


Its hard for me to explain at present, but from what I also gather, aliases only exist while windows is running. They will not get backed up if you create your backup copies from DOS. But this is not a problem as the information in the alias is also held within another ROOTKEY.

But why there are such a thing as aliases, Im still trying to figure this out and get my head around it all. What is the point of them exactly?
I know, no spoonfeeding, lol, I’m trying to find some more examples for me to understand it all fully.

Something I did find out about aliases. You can create them! Which I’ve now gone and done. Playing about, I’ve now created a “Program” alias which when executed, loads up the real program.
This creation of alias programs, is also starting to make me think about how viruses and rogue dll files may in fact get executed. Am I on the right direction here with this example of an alias program??

To create this alias, I found a link –
www.pctools.com/guides/registry/detail/111/

I created a new key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths and called it CHAT.exe
The value, I set this to msnmsgr so when I now goto SEARCH & RUN, type in “Chat” it loads up msn 
…Interesting!

Anyway, I need to take a break from all this for a short while. I need to look into more examples of Aliases to understand this all better. It is a bit confusing to be honest.
I have a basic idea, but I don’t understand it fully, but I will update as I go along.

I have now just aquired the CBT Nuggets set of videos which contain info on all of the following. I m gonna take some time out from my googling and watch some of the vids, gain a bit of basic info on some of the following topics.
Has anyone else seen them? Any opinions?

Thanks again though Bishop, its helped me get off to a start in understanding the registry.

CBT NUGGETS

- Network Topologies (Part 1)
- Network Topologies (Part 2)
- Media Connectors and Cabling
- Network Devices and Components (Part 1)
- Network Devices and Components (Part 2)
- OSI (Open Systems Interconnect) Model
- Media Access Control
- IP Addressing
- Network Layer Protocols
- TCP/IP Suite of Protocols and Services
- TCP/UDP Protocols and Services
- Additional Network Protocols and Services
- WAN Technologies
- Wireless Technologies
- Internet Access Technologies
- Remote Access Protocols and Services
- Server Remote Connectivity Configuration
- Security Protocols
- Authentication Protocols
- Network Operating Systems
- Client Workstation Connectivity
- Firewalls and Proxy Services
- VLAN's
- Intranets and Extranets
- Antivirus Protection
- Fault Tolerance and Disaster Recovery
- Troubleshooting Strategies
- Troubleshooting Utilities
- Physical Network Troubleshooting
- Shooting Trouble in Client/Server Environments
Time to create page: 0.117 seconds