What is Registry (Registry Explanation)

Question:-How I can know more about Registry?
Answer:-About Registry

Hives
The Registry is split into a number of logical sections, or "hives".[3] Hives are generally named by their Windows API definitions, which all begin "HKEY". They are abbreviated to a three- or four-letter short name starting with "HK" (e.g. HKCU and HKLM).

The HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER nodes have a similar structure to each other; applications typically look up their settings by first checking for them in "HKEY_CURRENT_USER\Software\Vendor's name\Application's name\Version\Setting name", and if the setting is not found looking instead in the same location under the HKEY_LOCAL_MACHINE key. When writing settings back, the reverse approach is used — HKEY_LOCAL_MACHINE is written first, but if that cannot be written to (which is usually the case if the logged-in user is not an administrator), the setting is stored in HKEY_CURRENT_USER instead.

HKEY_CLASSES_ROOT
Abbreviated HKCR, HKEY_CLASSES_ROOT stores information about registered applications, such as Associations from File Extensions and OLE Object Class IDs tying them to the applications used to handle these items. On Windows 2000 and above, HKCR is a compilation of HKCU\Software\Classes and HKLM\Software\Classes. If a given value exists in both of the subkeys above, the one in HKCU\Software\Classes is used.[4]

HKEY_CURRENT_USER
Abbreviated HKCU, HKEY_CURRENT_USER stores settings that are specific to the currently logged-in user. The HKCU key is a link to the subkey of HKEY_USERS that corresponds to the user; the same information is reflected in both locations. On Windows-NT based systems, each user's settings are stored in their own files called NTUSER.DAT and USRCLASS.DAT inside their own documents and settings subfolder.

HKEY_LOCAL_MACHINE
Abbreviated HKLM, HKEY_LOCAL_MACHINE stores settings that are general to all users on the computer. On NT-based versions of Windows, HKLM contains four subkeys, SAM, SECURITY, SOFTWARE and SYSTEM, that are found within their respective files located in the %SystemRoot%\System32\Config folder. A fifth subkey, HARDWARE, is volatile and is created dynamically, and as such is not stored in a file. Information about system hardware drivers and services are located under the SYSTEM subkey, whilst the SOFTWARE subkey contains software and windows settings.

HKEY_USERS
Abbreviated HKU, HKEY_USERS contains subkeys corresponding to the HKEY_CURRENT_USER keys for each user registered on the machine.
[edit] HKEY_CURRENT_CONFIG
Abbreviated HKCC, HKEY_CURRENT_CONFIG contains information gathered at runtime; information stored in this key is not permanently stored on disk, but rather regenerated at boot time.

HKEY_PERFORMANCE_DATA
This key provides runtime information into performance data provided by either the NT kernel itself or other programs that provide performance data. This key is not displayed in the Registry Editor, but it is visible through the registry functions in the Windows API.

What is Registry- Introduction

Question:-What is Windows Registry?
Answer:-Windows Registry
The Windows registry is a directory which stores settings and options for the operating system for Microsoft Windows 32-bit versions, 64-bit versions and Windows Mobile. It contains information and settings for all the hardware, operating system software, most non-operating system software, users, preferences of the PC, etc. Whenever a user makes changes to Control Panel settings, file associations, system policies, or most installed software, the changes are reflected and stored in the registry. The registry also provides a window into the operation of the kernel, exposing runtime information such as performance counters and currently active hardware. This use of registry mechanism is conceptually similar to the way that Sysfs and procfs expose runtime information through the file system (traditionally viewed as a place for permanent storage), though the information made available by each of them differs tremendously.

The Windows registry was introduced to tidy up the profusion of per-program INI files that had previously been used to store configuration settings for Windows programs.[1] These files tended to be scattered all over the system, which made them difficult to track.


Structure
Keys and Values
The registry contains two basic kinds of elements: keys and values.
Registry Keys are similar to folders - in addition to values, each key can contain subkeys, which may contain further subkeys, and so on. Keys are referenced with a syntax similar to Windows' path names, using backslashes to indicate levels of hierarchy. E.g. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows refers to the subkey "Windows" of the subkey "Microsoft" of the subkey "Software" of the HKEY_LOCAL_MACHINE key.

Registry Values are name/data pairs stored within keys. Values are referenced separately from keys. Value names can contain backslashes which would lead to ambiguities were they referred to like paths. The Windows API functions that query and manipulate registry values take value names separately from the key path and/or handle that identifies the parent key.

The terminology is somewhat misleading, as the values are similar to an associative array, where standard terminology would refer to the name part of the value as a "key". The terms are a holdout from the 16-bit registry in Windows 3, in which keys could not contain arbitrary name/data pairs, but rather contained only one unnamed value (which had to be a string). In this sense, the entire registry was like an associative array where the keys (in both the registry sense and dictionary sense) formed a hierarchy, and the values were all strings. When the 32-bit registry was created, so was the additional capability of creating multiple named values per key, and the meanings of the names were somewhat distorted[2].

There are a number of different types of values:

List of Registry Value Types

0 REG_NONE No type
1 REG_SZ A constant string value
2 REG_EXPAND_SZ An "expandable" string value that can contain environment variables
3 REG_BINARY Binary data (any arbitrary data)
4 REG_DWORD/REG_DWORD_LITTLE_ENDIAN A DWORD value, a 32-bit unsigned integer (numbers between 0 and 4,294,967,295 [232 – 1]) (little-endian)

5 REG_DWORD_BIG_ENDIAN A DWORD value, a 32-bit unsigned integer (numbers between 0 and 4,294,967,295 [232 – 1]) (big-endian)

6 REG_LINK symbolic link (UNICODE)
7 REG_MULTI_SZ A multi-string value, which is an array of strings
8 REG_RESOURCE_LIST Resource list
9 REG_FULL_RESOURCE_DESCRIPTOR Resource descriptor
10 REG_RESOURCE_REQUIREMENTS_LIST Resource Requirements List
11 REG_QWORD/REG_QWORD_LITTLE_ENDIAN A QWORD value, a 64-bit integer (either big- or little-endian, or unspecified)

How to Organize the Links Toolbar with Folders

Question:-How I can Organize the Links Toolbar with Folders?
Answer:-Organizing the Links Toolbar with Folders

Normally, the only items that can be displayed in the Links toolbar are links to web sites.
For me, I have so many it stretches across the entire screen and adding more doesn't work too well.
But there is a way you can create folders for different categories of sites on the toolbar.
Then you can put many pages into each one.
Also, pages with long names don't take up all that extra room.
1. With Internet Explorer running press Ctrl-B
2. Scroll down to the Links folder
3. Click the Create Folder button
4. Give it whatever name you want for a particular category
5. You can drag any current pages into the appropriate directories at this time as well

What to do if Hyperlinks Not Working in Internet Explorer 7

Hyperlinks Not Working in Internet Explorer 7
Hyperlinks Not Working
If you click on a hyperlink in a web page and only a blank window appears,
1. Go to Start / Run
2. Then enter regsvr32 urlmon.dll
3. Click Ok when finished
4. If that single change does not resolve the problem, repeat the process by running the following additional entries:
• regsvr32 Shdocvw.dll
• regsvr32 Msjava.dll
• regsvr32 Actxprxy.dll
• regsvr32 Oleaut32.dll
• regsvr32 Mshtml.dll
• regsvr32 Browseui.dll
• regsvr32 Shell32.dll (Windows XP and Windows 2000 only)
There have been several instances where the previous tip using regsrv32 does not solve the problem with hyperlinks not working.
In this case try:
1. Open Internet Explorer
2. Go to Tools / Internet Options
3. Click on the Programs tab
4. Click on the Reset Web Settings button

How to Bring Back the Menu in Internet Explorer 7

Bringing Back the Menu in IE7
By default, after you upgrade to IE7, the Menu and Links don't show. To add them back in again:

1. Start the Internet Explorer
2. Right click on the toolbar
3. Uncheck Lock the Toolbars
4. Check Menu Bar
5. Check Links

How to Clear Previous Entries in Internet Explorer

Clearing Previous Entries from the Drop Down List
If you want to clear the list of entries that shows up in the drop down list of the address bar,

1. Go to Tools / Internet Options
2. Click on the Content tab
3. Click on the AutoComplete button
4. At least highlight Web Addresses
5. Click on Clear Forms

How To Steal Hard Disk's Data

Question:-How I can steal Data from A Hard Disk?
Answer:-Steal Data from Hard Disk

SAN FRANCISCO — A group led by a Princeton University computer security researcher has developed a simple method to steal encrypted information stored on computer hard disks.

The technique, which could undermine security software protecting critical data on computers, is as easy as chilling a computer memory chip with a blast of frigid air from a can of dust remover. Encryption software is widely used by companies and government agencies, notably in portable computers that are especially susceptible to theft.

The development, which was described on the group’s Web site Thursday, could also have implications for the protection of encrypted personal data from prosecutors.

The move, which cannot be carried out remotely, exploits a little-known vulnerability of the dynamic random access, or DRAM, chip. Those chips temporarily hold data, including the keys to modern data-scrambling algorithms. When the computer’s electrical power is shut off, the data, including the keys, is supposed to disappear.

In a technical paper that was published Thursday on the Web site of Princeton’s Center for Information Technology Policy, the group demonstrated that standard memory chips actually retain their data for seconds or even minutes after power is cut off.

When the chips were chilled using an inexpensive can of air, the data was frozen in place, permitting the researchers to easily read the keys — long strings of ones and zeros — out of the chip’s memory.

“Cool the chips in liquid nitrogen (-196 °C) and they hold their state for hours at least, without any power,” Edward W. Felten, a Princeton computer scientist, wrote in a Web posting. “Just put the chips back into a machine and you can read out their contents.”

The researchers used special pattern-recognition software of their own to identify security keys among the millions or even billions of pieces of data on the memory chip.

“We think this is pretty serious to the extent people are relying on file protection,” Mr. Felten said.

The team, which included five graduate students led by Mr. Felten and three independent technical experts, said they did not know if such an attack capability would compromise government computer information because details of how classified computer data is protected are not publicly available.

Officials at the Department of Homeland Security, which paid for a portion of the research, did not return repeated calls for comment.

The researchers also said they had not explored disk encryption protection systems as now built into some commercial disk drives.

But they said they had proved that so-called Trusted Computing hardware, an industry standard approach that has been heralded as significantly increasing the security of modern personal computers, does not appear to stop the potential attacks.

A number of computer security experts said the research results were an indication that assertions of robust computer security should be regarded with caution.

“This is just another example of how things aren’t quite what they seem when people tell you things are secure,” said Peter Neumann, a security researcher at SRI International in Menlo Park, Calif.

The Princeton researchers wrote that they were able to compromise encrypted information stored using special utilities in the Windows, Macintosh and Linux operating systems.

Apple has had a FileVault disk encryption feature as an option in its OS X operating system since 2003. Microsoft added file encryption last year with BitLocker features in its Windows Vista operating system. The programs both use the federal government’s certified Advanced Encryption System algorithm to scramble data as it is read from and written to a computer hard disk. But both programs leave the keys in computer memory in an unencrypted form.

“The software world tends not to think about these issues,” said Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania. “We tend to make assumptions about the hardware. When we find out that those assumptions are wrong, we’re in trouble.”

Both of the software publishers said they ship their operating systems with the file encryption turned off. It is then up to the customer to turn on the feature.

Executives of Microsoft said BitLocker has a range of protection options that they referred to as “good, better and best.”

Austin Wilson, director of Windows product management security at Microsoft, said the company recommended that BitLocker be used in some cases with additional hardware security. That might include either a special U.S.B. hardware key, or a secure identification card that generates an additional key string.

The Princeton researchers acknowledged that in these advanced modes, BitLocker encrypted data could not be accessed using the vulnerability they discovered.

An Apple spokeswoman said that the security of the FileVault system could also be enhanced by using a secure card to add to the strength of the key.

The researchers said they began exploring the utilities for vulnerabilities last fall after seeing a reference to the persistence of data in memory in a technical paper written by computer scientists at Stanford in 2005.

The Princeton group included Seth D. Schoen of the Electronic Frontier Foundation, William Paul of Wind River Systems and Jacob Appelbaum, an independent computer security researcher.

The issue of protecting information with disk encryption technology became prominent recently in a criminal case involving a Canadian citizen who late in 2006 was stopped by United States customs agents who said they had found child pornography on his computer.

When the agents tried to examine the machine later, they discovered that the data was protected by encryption. The suspect has refused to divulge his password. A federal agent testified in court that the only way to determine the password otherwise would be with a password guessing program, which could take years.

A federal magistrate ruled recently that forcing the suspect to disclose the password would be unconstitutional.