Registry Question - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24

Thread: Registry Question

  1. #11
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136

    groovicus

    groovicus I never said my registry kept track of the date, but I knew the date of the registry alteration in my own reference. I said I was looking for a program that did keep track of chronological alterations/additions.

  2. #12
    Member
    Join Date
    May 2002
    Posts
    68
    How are you searching your reg? What information do you have to go on about the key?
    [gloworange]
    find /home/$newbie -name *? | www.google.com 2>/dev/null
    [/gloworange]

  3. #13
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    on December 17, 2003 an alteration/addition was made to my registry
    Ok, I think they call that parallelism.... anyway...this isn't grammar class. Good luck with your problem.


  4. #14
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136

    basic methods

    I used basic search methods with regedit search for certain key words that I thought might be applicable, but that proved to be a futile search.

    The key basically prompted a certain dll file to act a certain way and feed back information to the program to act a certain way which was unoriginal from the initial install.

    I don't have much information on the key except a personal knowledge of the date that it was implemented. the key inhibits or prevents certain or normal behavior of the program itself.

  5. #15
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136

    the dll was actually altered

    the dll was actually altered by an unknown programmer to bypass the abnormal behavior and allow access to the program by fooling or ignoring the registry key. I have a copy of both dlls, the dll is knowns as dialogs.dll the original one is 54kb and is a normal file, the altered dll is 40 kb and is an altered version which helps bypass the reg key inhibitor.

    there's a program called BinaryWork DLL Viewer 1.0.7 which allows you to do a comparisoin view of the dll programming code, but I cannot seem to find a copy of this program any longer. I used to have it and I used to try to run a comparison view of each dll, but that too proved to be futile.

  6. #16
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    I went to a certain coffee shop and poured a certain type of coffee into this cup and transfered certain ingredients within and modified the mixture of love and sat down and agreed with Groovicus.

  7. #17
    Member
    Join Date
    May 2002
    Posts
    68

    Re: the dll was actually altered

    Originally posted here by isle_of_infamy
    the dll was actually altered by an unknown programmer to bypass the abnormal behavior and allow access to the program by fooling or ignoring the registry key. I have a copy of both dlls, the dll is knowns as dialogs.dll the original one is 54kb and is a normal file, the altered dll is 40 kb and is an altered version which helps bypass the reg key inhibitor.

    there's a program called BinaryWork DLL Viewer 1.0.7 which allows you to do a comparisoin view of the dll programming code, but I cannot seem to find a copy of this program any longer. I used to have it and I used to try to run a comparison view of each dll, but that too proved to be futile.
    Unless its some obsucre CLSID key, you should be able to find it manually, looking in places where the program modified keys, generally hkey/localmachine/software/*app*

    I'm having trouble following your train of thought here, but perhaps renaming the dll file the key is modifying will give you an error message that will give you more info??
    [gloworange]
    find /home/$newbie -name *? | www.google.com 2>/dev/null
    [/gloworange]

  8. #18
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136

    yes

    yes I'm led to believe it is an obsucre CLSID key, because deleting the software reg keys didn't seem to help.

  9. #19
    Senior Member isle_of_infamy's Avatar
    Join Date
    Dec 2003
    Posts
    136

    more info

    well see the program I am speaking about is a chat service that I go to. and the registry key that which is a 3rd party reg key is implemented in order to ban the user from the chat service, but it proved to be more of annoyance than an effective ban of the user. so that's why I wanna find this key so I will know exactly where it is for reference purposes. normally users would have to reformat as indicated in a previous post in this thread, but as i said the altered dll helped me bypass the ban.

    The principal matter is that I feel 3rd party alterations to the registry seemingly should be deemed a security breech, and I basically wanted to remove this breech.

  10. #20
    Member
    Join Date
    May 2002
    Posts
    68

    Re: more info

    Originally posted here by isle_of_infamy
    well see the program I am speaking about is a chat service that I go to. and the registry key that which is a 3rd party reg key is implemented in order to ban the user from the chat service, but it proved to be more of annoyance than an effective ban of the user. so that's why I wanna find this key so I will know exactly where it is for reference purposes. normally users would have to reformat as indicated in a previous post in this thread, but as i said the altered dll helped me bypass the ban.

    The principal matter is that I feel 3rd party alterations to the registry seemingly should be deemed a security breech, and I basically wanted to remove this breech.
    THen your only recourse is probably removing the software completely, or getting banned from another computer/OS/fresh install and install a monitoring software before hand. BTW windows 2k server cd comes with a handy tool that will take a snap shot before and after of your system and then show you every reg key and file thats been changed or added since that time.
    [gloworange]
    find /home/$newbie -name *? | www.google.com 2>/dev/null
    [/gloworange]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides