1 JMH Associates © 2004, All rights reserved Chapter 2-3 Supplement Registry Programming.

Slides:



Advertisements
Similar presentations
Working with the Windows Registry Computer Club of the Sandhills November 12, 2012.
Advertisements

NT Net Lib Roteiro da apresentação: diagrama de fluxo de chamadas da API Win32 explicação das chamadas apresentação da classe Uma mini-biblioteca com as.
Utilizing the GDB debugger to analyze programs Background and application.
1 Module 7 Configuring the Windows NT Environment.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 3 Configuring the Windows Server 2008 Environment.
Configuration Files CGS2564. DOS Config.sys Device drivers Memory configuration Autoexec.bat Run programs, DOS commands, etc. Environment settings File.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Mastering Windows Network Forensics and Investigation Chapter 8: The Registry Structure.
The Windows Registry Adapted from
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Exploring the UNIX File System and File Security
1 Web Server Administration Chapter 3 Installing the Server.
1 JMH Associates © 2004, All rights reserved Chapter 15 Windows System Security.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Guide To UNIX Using Linux Third Edition
Guide to Linux Installation and Administration, 2e1 Chapter 6 Using the Shell and Text Files.
1 JMH Associates © 2004, All rights reserved Chapter 1 Getting Started with Win32/64.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
Application Repackaging - Naushad Ali T Doddamani.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Module 2: Planning to Install SQL Server. Overview Hardware Installation Considerations SQL Server 2000 Editions Software Installation Considerations.
Operating System & Application Files BACS 371 Computer Forensics.
Working with the Windows XP Registry
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Virtual Machine Management
OS and Application Files BACS 371 Computer Forensics.
Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.
1 SAMBA. 2 Module - SAMBA ♦ Overview The presence of diverse machines in the network environment is natural. So their interoperability is critical. This.
Chapter Seven Advanced Shell Programming. 2 Lesson A Developing a Fully Featured Program.
Linux Operations and Administration
Advanced Shell Programming. 2 Objectives Use techniques to ensure a script is employing the correct shell Set the default shell Configure Bash login and.
1 Microsoft Windows Internals, 4 ed Chapter 4. Management Mechanisms The Registry 謝承璋 2008 年 05 月 07 日.
Lesson 7-Creating and Changing Directories. Overview Using directories to create order. Managing files in directories. Using pathnames to manage files.
Ch 11. Services A service is a specialized program that performs a function to support other programs Many services operate at a very low level – Interacting.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.
计算机系 信息处理实验室 Lecture 6 Management Mechanisms
Chapter Three The UNIX Editors. 2 Lesson A The vi Editor.
FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
Windows NT Chapter 13 Key Terms By Bill Ward NT Versions NT Workstation n A desktop PC that both accesses a network and works as a stand alone PC NT.
Chapter Two Exploring the UNIX File System and File Security.
Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.
Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 23 – The Registry.
Supporting Windows 9x Chapter 12 Key Terms By Bill Ward.
Cody, Brian, and Jerry. Contains configuration options for a boot menu. The file is hidden and read-only to protect it from user configuration. Microsoft’s.
Chapter 10: Rights, User, and Group Administration.
8-2 What is a program? What is a “Window Manager” ? What is a “GUI” ? How do you navigate the Unix directory tree? What is a wildcard? Readings: See CCSO’s.
Lecture 12. Windows registry Structure of the registry Loading and storing data in registry.
Chapter Three The UNIX Editors.
Linux+ Guide to Linux Certification, Third Edition
Linux+ Guide to Linux Certification, Third Edition
IT Essentials 1 Chapter 5 Windows 9x Operating Systems.
Chapter 1 Computers, Compilers, & Unix. Overview u Computer hardware u Unix u Computer Languages u Compilers.
Managing Services and Registry Chapter 16 powered by dj.
Lecture 6 File, Folder and Share Security. Objectives Managing file and folder security.
Lesson 3-Touring Utilities and System Features. Overview Employing fundamental utilities. Linux terminal sessions. Managing input and output. Using special.
Understand Permissions LESSON Security Fundamentals.
Linux Operations and Administration
FTP COMMANDS OBJECTIVES. General overview. Introduction to FTP server. Types of FTP users. FTP commands examples. FTP commands in action (example of use).
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 File Systems September 22, 2008.
Chapter 8 Server Management: Directories & Software Directory Structure Creating A Directory Directory Properties Setup Wizard Registry Installing/Uninstalling.
26 장. 레지스트리 26-1 INI 파일 26-2 레지스트리 Windows API INI 파일 정보의 저장.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
Mario Tayah and Jim Fawcett CSE 775 – Distributed Objects Spring 2007
UNIX System Overview.
Exploring the UNIX File System and File Security
Windows Internals Brown-Bag Seminar Chapter 1 – Concepts and Tools
Chapter 2: System Structures
Windows Registry: Introduction
Presentation transcript:

1 JMH Associates © 2004, All rights reserved Chapter 2-3 Supplement Registry Programming

2 JMH Associates © 2004, All rights reserved OBJECTIVESOBJECTIVES Upon completion of this chapter, you will be able to:  Describe the Windows NT registry and its use  Understand registry contents and how to interpret them  Describe the registry management API  Use the registry API to examine and modify registry contents and structure

3 JMH Associates © 2004, All rights reserved OVERVIEW (1 of 2) System management requires the ability to utilize and modify system information  Hardware configuration  Amount of memory, processor types, …  Installed software  Versions, vendors, install directories, …  User information  Account names, passwords, home directories, …

4 JMH Associates © 2004, All rights reserved OVERVIEW (2 of 2) UNIX’s solution – examples  /etc/passwd for user accounts  /etc/hosts for network names and addresses  User home directories for user preferences  Editors, … Windows 3.1 solution .INI files  Do not scale well, not centralized, …

5 JMH Associates © 2004, All rights reserved REGISTRY OVERVIEW (1 of 3)  Centralized, hierarchical, securable database for application and system configuration information  Access is through “registry keys”  A key can contain other keys or name/value pairs  The user or administrator can view and edit the registry contents through the “registry editor”  Accessed by the REGEDIT command from the command prompt  Programs can manage the registry through the registry API functions

6 JMH Associates © 2004, All rights reserved REGISTRY OVERVIEW (2 of 3) The registry name/value pairs contain information such as:  Operating system version number, build number, and registered user  Similar information for every properly installed application  Computer’s processor type, system memory, …  User-specific information:  Home directory, application preferences, …

7 JMH Associates © 2004, All rights reserved REGISTRY OVERVIEW (3 of 3)  Security information — user account names, …  Mappings from file name extensions to executable programs  Used by the user interface shell when the user clicks on a file name icon  Mappings from network addresses to host machine names

8 JMH Associates © 2004, All rights reserved REGISTRY KEYS Key: Similar to a files system directory Each key can contain:  Other keys  A sequence of name/value pairs Registry is accessed through keys  Four predefined keys

9 JMH Associates © 2004, All rights reserved PREDEFINED KEYS (1 of 2) HKEY_LOCAL_MACHINE  Information about the machine, installed software, …  Installed software information is created in subkeys of the form SOFTWARE\CompanyName\ProductName\Version HKEY_USERS  User configuration information

10 JMH Associates © 2004, All rights reserved PREDEFINED KEYS (2 of 2) HKEY_CLASSES_ROOT  Subordinate entries of this key define mappings from file extension names to classes and to applications used by the shell to access objects with the specified extension HKEY_CURRENT_USER  User-specific information (environment variables, printers, and application preferences) is subordinate to this key  Actually a subkey of HKEY_USERS

11 JMH Associates © 2004, All rights reserved REGISTRY MANAGEMENT Key “handles” of type HKEY are used  Both to specify a key and to obtain new keys Values are typed; there are several types to select from:  Strings  Double words  Expandable strings with parameters that can be replaced with environment variables  Many more

12 JMH Associates © 2004, All rights reserved KEY MANAGEMENT (1 of 9) RegOpenKeyEx opens a subkey  Starting from a predefined reserved key handle  Traverses the registry and obtains a handle to any subordinate key

13 JMH Associates © 2004, All rights reserved KEY MANAGEMENT (2 of 9) LONG RegOpenKeyEx (HKEY hKey, LPCTSTR lpSubKey, DWORD ulOptions, REGSAM SAMDesired, PHKEY phkResult) The return value is normally ERROR_SUCCESS  Any other value indicates an error

14 JMH Associates © 2004, All rights reserved KEY MANAGEMENT (3 of 9) hKey  Currently open key or one of the four predefined reserved key handle values *phkResult  Variable of type HKEY to receive the handle of the newly opened key lpSubKey — name of the subkey  Can be a path, such as Microsoft\WindowsNT\CurrentVersion  A NULL value causes a new, duplicate, key for hKey to be opened

15 JMH Associates © 2004, All rights reserved KEY MANAGEMENT (4 of 9) ulOptions must be zero samDesired  Access mask describing new key’s security/rights: KEY_ALL_ACCESS KEY_WRITE, KEY_QUERY_VALUE, and KEY_ENUMERATE_SUBKEYS

16 JMH Associates © 2004, All rights reserved KEY MANAGEMENT (5 of 9) Close an open key handle with RegCloseKey  Takes the handle as its single parameter You can obtain names of subkeys  By specifying an index to RegEnumKeyEx  By specifying a name to RegQueryInfoKey

17 JMH Associates © 2004, All rights reserved KEY MANAGEMENT (6 of 9) Key enumeration LONG RegEnumKeyEx (HKEY hKey, DWORD dwIndex, LPTSTR lpName, LPDWORD lpcbName, LPDWORD lpReserved, LPTSTR lpClass, LPDWORD lpcbClass PFILETIME lpftLastWriteTime)

18 JMH Associates © 2004, All rights reserved KEY MANAGEMENT (7 of 9) Include Ex suffix as shown  Omit if not shown Enumerates subkeys  Start dwIndex at 0  Increment until NULL Alternative: RegQueryInfoKey to access from known name

19 JMH Associates © 2004, All rights reserved KEY MANAGEMENT (8 of 9) Create new keys  They can have security attributes LONG RegCreateKeyEx (HKEY hKey, LPCTSTR lpSubKey, DWORD Reserved, LPTSTR lpClass, DWORD dwOptions, REGSAM samDesired, LPSECURITY_ATTRIBUTES lpSecurityAttributes, PHKEY phkResult)

20 JMH Associates © 2004, All rights reserved KEY MANAGEMENT (9 of 9) Class  Key class (object type)  Beyond scope DwOptions  REG_OPTION_[NON]VOLATILE RegDeleteKey to remove key  Key handle and subkey name

21 JMH Associates © 2004, All rights reserved VALUE MANAGEMENT (1 of 5) Similar to key management: LONG RegEnumValue (HEKY hKey, DWORD dwIndex, LPTSTR lpValueName, LPDWORD lpcbValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData)

22 JMH Associates © 2004, All rights reserved VALUE MANAGEMENT (2 of 5) LONG RegSetValueEx (HKEY lpValueName, DWORD Reserved, DWORD dwType, CONST BYTE * lpData, CONST cbData)

23 JMH Associates © 2004, All rights reserved VALUE MANAGEMENT (3 of 5) You can enumerate the values for a specified open key using RegEnumValue  Specify an index, originally zero, which is incremented in subsequent calls  On return, you get the string with the value name as well as its size  You also get the value and its type The actual value is returned in the buffer indicated by lpData  The size of the result can be found from lpcbData

24 JMH Associates © 2004, All rights reserved VALUE MANAGEMENT (4 of 5) The data type, pointed to by lpType, has numerous possibilities, including:  REG_BINARY  REG_DWORD, REG_SZ (a string)  REG_EXPAND_SZ (an expandable string with parameters replaced by environment variables)  See the on-line help for a full list of all the value types Return value: ERROR_SUCCESS if you have found a valid key

25 JMH Associates © 2004, All rights reserved VALUE MANAGEMENT (5 of 5) RegQueryValueEx is similar  Specify a value name rather than an index  If you know the value names, you can use this function  If you do not know the names, you can scan with RegEnumValueEx Set a value within an open key using RegSetValueEx  Supply the value name, value type, and actual value data Delete named values using the function RegDeleteValue

26 JMH Associates © 2004, All rights reserved REGISTRY PROCESSING (1 of 2) Pseudocode to scan a registry key  Assume that we first open a key that is known to have numerous subkeys  Each of those subkeys only has name/value pairs  Enumerate and list all these pairs  Or use recursion, as in ls

27 JMH Associates © 2004, All rights reserved REGISTRY PROCESSING (2 of 2) RegOpenKeyEx (hKeyKnown, "MyKey", …, &hMyKey); for (i = 0; RegEnumKeyEx (hMyKey, i, SubName, …) == ERROR_SUCCESS; i++) { RegOpenKeyEx (hMyKey, SubName, …, &hSubK); for (j = 0; RegEnumValue (hSubK, j, VName, Data, &Count) == ERROR_SUCCESS; j++) printf (… j, Vname, Data); RegCloseKey (hSubK); } RegCloseKey (hMyKey);

28 JMH Associates © 2004, All rights reserved LAB C–1 (Part 1) Modify the ls program from the Module 2 labs so that it scans and lists the registry rather than the file system  Retain the -l (long) and -R (recursive) options  The -l option will list the value  You will need to format each value type appropriately

29 JMH Associates © 2004, All rights reserved LAB C–1 (Part 2) Extend lsFP and chmod so as to set and list registry security attributes Replace the GENERIC_READ [ WRITE, EXECUTE ] rights with the ones that are appropriate

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.