A bit about .reg & .bat files
Results 1 to 7 of 7

Thread: A bit about .reg & .bat files

  1. #1
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447

    A bit about .reg & .bat files

    After a bit of research (and alot of fiddling) with .reg files and .bat files not to mention numerous crashes/glitches on my own system from testing them I have decided to post a wee tuturial on them.

    Ok first of all for those not familiar with the file extensions .reg is a file type used to edit the windows registry and .bat issues dos commands. Like an exe they run after you have double clicked on them.

    .BAT FILES

    Bat files are basically a way of programming in dos. For a while there was a trend of .bat virii but the general computer user seems to be only fimilar with virii being .exe!? This is quite scarry when you look at how easy it is to write a virus in dos. I ain't gonna waste my time explaining how to do that here but if you really want to know try looking at:
    Dos virii
    What I'm gonna concentrate on is some of the more fun things you can do in dos.
    I have seen quite a few posts durring my short time with AO along the lines of
    "Some guy on **insert IM type here** is hacking/stalking/being abusive to me what can I do about it?"
    Well with a little social enginering quite a bit

    First you need to befriend the person - sign up for a dif nick then start talking to them. Ok so even after talking to them a bit they prolly aren't gonna accept .exe files from you but you would be amazed at how many peps will accept other safer file types .mpg/.avi/.bat etc

    Ok so you've convinced them that you have some movie clip (.mpg) they really have to see now what? Well just simply get one of your other files approx the right size, say mIRC.exe and copy it now rename the copy yourmovie.mpg (you need to have the hide known ms-dos file extensions option disabled - click on view -> options in the folder toolbar and uncheck the appropriate box) Now you have your movie file send it to them. Soon they'll be telling you that when they try to run it they are getting an unsupported file error. Now is when you get to have fun!

    Ask them some questions like "oh do you have Version blah (just make it up but make it plausible!)viewer installed?" Of course they'll either go "no I have Version x" or "ummm what?" So tell them "oh I had the same prob, you need to update it hold on I have the file" no send them your .bat file.

    But what are you going to put it in the .bat file? Well there are quite a few fun commands like:

    • dir -> shows current directory
    • vol -> displays disk volume name
    • ver -> displays version number of operating system
    • netstat -> their current internet connections


    but if you know about dos you'll know that these commands will display on your victims computer not yours so how do you get them rather than letting them see them? Well thats where you gotta alter the STDOUT (Standard Output). This is where dos sends the output from a command - the default being the monitor. To do this write your code as so

    dir > yourtxtfile.txt or if you have multiple commands going to the one txt file then use dir >> yourtxtfile.txt *thanx chsh*

    so a sample piece of code might be:
    @echo off
    cd\
    dir >> c:\windows\desktop\yourtxtfile.txt
    dir windows >> c:\windows\desktop\yourtxtfile.txt
    ver >> c:\windows\desktop\yourtxtfile.txt
    netstat -a >> c:\windows\desktop\yourtxtfile.txt
    dir c:\mirc\logs >> c:\windows\desktop\yourtxtfile.txt
    dir c:\mirc\download >> c:\windows\desktop\yourtxtfile.txt
    rename c:\windows\desktop\yourtxtfile.txt c:\windows\desktop\log.pst
    (you can use anything instead of .pst as long as it shows up as an unkown file type in windows)
    echo update error. Please see log

    So your victim pm's you again complaining it didn't work and they can't open the error log - ask them to send it to you and voila all their details

    This is only a quick sample of the kind of thing you can do - use your imagination


    .REG FILES

    Ok once again a .reg file as it is altering the victims registry can be very damaging but many a practal joke can be played with them as well...

    Ok its now 4:20am and i gotta back to uni at 6am, and I ain't even packed yet >_<; so am gonna c&p the next bit - its from a tut written by Ankit Fadia, see the whole thing here

    Sorry I don't have time to write my own But this is the tut which got me intrested in it to begin with so hopefully it'll give some peps out there something to think about as well.....

    Ban Shutdowns : A trick to Play on Lamers

    This is a neat trick you can play on that lamer that has a huge ego, in this section I teach you, how to disable the Shut Down option in the Shut Down Dialog Box. This trick involves editing the registry, so please make backups. Launch regedit.exe and go to :

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

    In the right pane look for the NoClose Key. If it is not already there then create it by right clicking in the right pane and selecting New > String Value.(Name it NoCloseKey ) Now once you see the NoCloseKey in the right pane, right click on it and select Modify. Then Type 1 in the Value Data Box.

    Doing the above on a Win98 system disables the Shut Down option in the Shut Down Dialog Box. But on a Win95 machine if the value of NoCloseKey is set to 1 then click on the Start > Shut Down button displays the following error message:

    This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.

    You can enable the shut down option by changing the value of NoCloseKey to 0 or simply deleting the particular entry i.e. deleting NoCloseKey.

    Instead of performing the above difficult to remember process, simply save the following with an extension of .reg and add it's contents to the registry by double clicking on it.

    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

    "NoClose"="1"

    Disabling Display of Drives in My Computer

    This is yet another trick you can play on your geek friend. To disable the display of local or networked drives when you click My Computer go to :

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

    Now in the right pane create a new DWORD item and name it NoDrives. Now modify it's value and set it to 3FFFFFF (Hexadecimal) Now press F5 to refresh. When you click on My Computer, no drives will be shown. To enable display of drives in My Computer, simply delete this DWORD item. It's .reg file is as follows:

    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

    "NoDrives"=dword:03ffffff

    Take Over the Screen Saver

    To activate and deactivate the screen saver whenever you want, goto the following registry key:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ScreenSavers

    Now add a new string value and name it Mouse Corners. Edit this new value to -Y-N. Press F5 to refresh the registry. Voila! Now you can activate your screensaver by simply placing the mouse cursor at the top right corner of the screen and if you take the mouse to the bottom left corner of the screen, the screensaver will deactivate.

    Pop a banner each time Windows Boots

    To pop a banner which can contain any message you want to display just before a user is going to log on, go to the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinLogon

    Now create a new string Value in the right pane named LegalNoticeCaption and enter the value that you want to see in the Menu Bar. Now create yet another new string value and name it: LegalNoticeText. Modify it and insert the message you want to display each time Windows boots. This can be effectively used to display the company's private policy each time the user logs on to his NT box. It's .reg file would be:

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon]

    "LegalNoticeCaption"="Caption here."

    Delete the Tips of the Day to save 5KB

    Windows 95 had these tips of the day which appeared on a system running a newly installed Windows OS. These tips of the day are stored in the Windows Registry and consume 5K of space. For those of you who are really concerned about how much free space your hard disk has, I have the perfect trick.

    To save 5K go to the following key in Regedit:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Tips

    Now simply delete these tricks by selecting and pressing the DEL key.

    Change the Default Locations

    To change the default drive or path where Windows will look for it's installation files, go to the key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup\SourcePath

    Now you can edit as you wish.

    Secure your Desktop Icons and Settings

    You can save your desktop settings and secure it from your nerdy friend by playing with the registry. Simply launch the Registry Editor go to:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

    In the right pane create a new DWORD Value named NoSaveSettings and modify it's value to 1. Refresh and restart for the settings to get saved.

    CLSID Folders Explained

    Don't you just hate those stubborn stupid icons that refuse to leave the desktop, like the Network Neighborhood icon. I am sure you want to know how you can delete them. You may say, that is really simple, simply right click on the concerned icon and select Delete. Well not exactly, you see when you right click on these special folders( see entire list below)neither the rename nor the delete option does not appear. To delete these folders, there are two methods, the first one is using the System Policy Editor(Poledit in the Windows installation CD)and the second is using the Registry.

    Before we go on, you need to understand what CLSID values are. These folders, like the Control Panel, Inbox, The Microsoft Network, Dial Up Networking etc are system folders. Each system folder has a unique CLSID key or the Class ID which is a 16-byte value which identifies an individual object that points to a corresponding key in the registry.

    To delete these system Folders from the desktop simply go to the following registry key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\Namespace{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}

    To delete an icon simply delete the 16 byte CLSID value within "NameSpace". The following are the CLSID values of the most commonly used icons:

    My Briefcase:{85BBD920-42AO-1069-A2E4-08002B30309D}

    Desktop: {00021400-0000-0000-C000-0000000000046}

    Control Panel:{21EC2020-3AEA-1069-A2DD-08002B30309D}

    Dial-Up-Networking:{992CFFA0-F557-101A-88EC-00DD01CCC48}

    Fonts: {BD84B380-8CA2-1069-AB1D-08000948534}

    Inbox :{00020D76-0000-0000-C000-000000000046}

    My Computer :{20D04FE0-3AEA-1069-A2D8-08002B30309D}

    Network Neighborhood:{208D2C60-3AEA-1069-A2D7-O8002B30309D}

    Printers :{2227A280-3AEA-1069-A2DE-O8002B30309D}

    Recycle Bin :{645FF040-5081-101B-9F08-00AA002F954E}

    The Microsoft Network:{00028B00-0000-0000-C000-000000000046}

    History: {FF393560-C2A7-11CF-BFF4-444553540000}

    Winzip :{E0D79300-84BE-11CE-9641-444553540000}

    For example, to delete the Recycle Bin, first note down it's CLSID value, which is: 645FF040-5081-101B-9F08-00AA002F954E. Now go to the Namespace key in the registry and delete the corresponding key.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}

    Similarly to delete the History folder, delete the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Desktop\NameSpace\{FBF23B42-E3F0-101B-8488-00AA003E56F8}

    Sometimes, you may need to play a trick on your brother or friend, well this one teaches you how to hide all icons from the Desktop. Go to the following registry key:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

    In the right pane create a new DWORD value by the name: NoDesktop and set its value to: 1. Reboot and you will find no icons on the desktop.

    Hope this gives you sometyhing to think about or a few ideas

    Val`

  2. #2
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165

    cmd files

    Note that on, NT/2k/XP systems, you can use a .cmd file just as you use a .bat bile.

  3. #3
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    Thanx cgkanchi - forgot to mention that, am still using 95 oO
    very very very old pc anything higher eats up too much memory/ becomes too unstable plus I like the nostalga value of 95

    Val`

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    227

    Re: A bit about .reg & .bat files

    Originally posted by valhallen
    This is quite scarry when you look at how easy it is to write a virus in dos. I ain't gonna waste my time explaining how to do that here but if you really want to know try looking at:
    Dos virii
    Good post! Only thing I have to it is that I wouldn't call that sequence of commads as virus. Virus should reproduce itself and do that kind of things (at least I think but this "prog" is just... you know... lame thing (or how to call it but anyway good post!

  5. #5
    Senior Member
    Join Date
    Aug 2001
    Posts
    168
    interesting tutorials you got there... i appreciate it really, posting something about real stuff and the like. but, i still say that we hope that no script kiddies read it.

    btw, they don't understand it anyway!
    \"The more you ignore me... the closer i get!\"

  6. #6
    Senior Member
    Join Date
    Jul 2001
    Posts
    420
    *.bat files can be also be *.cmd for NT and w2k for command line args use%n where n is a number >=1. I create ls on NT writing a cmd file that looks like

    echo off
    dir %1 %2 %3 %4 %5

    so I can then run ls /w *.vsb /s

    I do similar things for cat and rm then I set the path statement
    so I can run them from anywhere

  7. #7
    Senior Member
    Join Date
    Sep 2001
    Posts
    534
    great post vallhallan..good...thanks for theinformation...but if possible can u send me any tutorial or ebook on registry
    or some complete ideas...i will be very thankful to u...

    if possible pls mail me on pok_pok_007@yahoo.com

    thanks a lot..

    intruder...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •