0

A lot of windows hacks and tweaks involve fiddling with the registry. Quite often, it involves adding a new key/value. However, there are times when I'd like to do a tweak and there is no online tutorial.

Given a setting or behavior I want to change, how would I go about discovering the relevant key/values? Should I use a third-party registry editor or a de-compiler?

Caleb Jares
  • 2,649
  • 3
  • 19
  • 29
  • 1
    For the ones provided by MS, they read the documentation, see this SU question: [Windows 7 Registry Settings Documentation](http://superuser.com/questions/118238/windows-7-registry-settings-documentation), if they are adding their own, they know what they are. – Ƭᴇcʜιᴇ007 Jun 03 '12 at 21:04
  • 1
    Also there's snapshotting see: [What's the easiest and fastest way to compare 2 registry files?](http://superuser.com/questions/79566/whats-the-easiest-and-fastest-way-to-compare-2-registry-files). Really though questions like "How do people do X?" is not really on-topic for SU (IMO anyway). – Ƭᴇcʜιᴇ007 Jun 03 '12 at 21:11
  • @techie007 Duly noted and edited accordingly. – Caleb Jares Jun 03 '12 at 21:25
  • *> There are times when I'd like to do a tweak and there is no online tutorial. How would I go about discovering what these key/values are? Should I use a third-party registry editor or a de-compiler?*   The short answer is that you can’t. You need to know specifically what you are trying to accomplish first; there are no generic lists of tweak-ish registry settings. MSDN does list numerous Windows registry entires and what they do, but it is not complete, and besides, it’s an incredibly wide swath. Again, you need to be specific about what you want to do. – Synetech Jun 03 '12 at 22:05
  • In regards to you [current goal](http://superuser.com/questions/431673/windows-8-never-combine-hide-labels), the MSDN library may not (likely not?) contain the settings because Windows 8 is still in beta, so publish technical details is effectively pointless since things can/will change. For example, that setting may be reverted/fixed in a later update. – Synetech Jun 03 '12 at 22:07
  • Oops. The solution I just wrote up for your other question evaporated into the æther when you deleted your question. – Synetech Jun 03 '12 at 22:16
  • Yeah, I saw. If you didn't see my comment, I actually messed up the old method. The old method still works. Thanks, though :) – Caleb Jares Jun 03 '12 at 22:36

2 Answers2

3

Just start reading Microsoft Technet and you will find many and more "hidden" registry keys / values. I don't know if there's any list about keys that are not here after clean installation but you will find them after started hacking Windows.

What I do when I need some special functionality/behavior with Windows (or just want to learn more about some well known functionality):

  • Try to find about it from google & stackexchange, maybe someone already did that job.
  • Try to find alternate ways to do it, if found any then I try to learn from them.
  • Find out if any Windows OS can do it, find out how.
  • Search registry with regedit, use your imagination here.
  • Try to disassemble part of OS that you want to modify/understant better. If failed/stuck, find another route and start over.
  • Remember, if it seems that it can't be done you still have many options:
    1. Write your own program that a) manipulates existing UI or b) creates new UI or c) extends OS part that you don't like or d) replaces OS part that you dont like.
    2. Forgot about it.

Already noted in comments, you should read more about windows internals and ask more specific question after you have some real problems with finding some special values. I think that if you really need full list of reg keys/values then you should make one (at least partially) yourself, as learning exercise.

And as last part, here is few easy lines from logagent.exe:

0000:1188 |                 CryptUnprotectData..CryptPro
0000:11B4 | tectData....c.r.y.p.t.3.2...d.l.l...E.n.a.b.
0000:11E0 | l.e.N.e.g.o.t.i.a.t.e...S.o.f.t.w.a.r.e.\.M.
0000:120C | i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.C.u.r.r.e.
0000:1238 | n.t.V.e.r.s.i.o.n.\.I.n.t.e.r.n.e.t. .S.e.t.
0000:1264 | t.i.n.g.s...=.".....r.e.a.l.m... ...,.;.....
0000:1290 |  .......N.e.g.o.t.i.a.t.e...B.a.s.i.c. .....
0000:12BC | https://....D.e.l.e.t.e.....N.o.R.e.m.o.v.e.
0000:12E8 | ....F.o.r.c.e.R.e.m.o.v.e...V.a.l...B...D...
0000:1314 | S...................ì...Ø...È...ê¶..¯·..bü..
0000:1340 | I·..d·...·..à·...·..¦·...¹..bü...º..O¾..¶Ü..
0000:136C | .Ý..cÝ..!º..8º..`[..Dº..ú...º..O¾..¶Ü...Ý..
0000:1398 | cÝ...Ï..8º..VÏ..Dº..  [proxy]...:././...1.2.
0000:13C4 | 7...0...0...1...d.o.o.G.....d.r.o.w.s.s.a.P.
0000:13F0 | ....r.e.s.U.....h.t.a.P.....\...SOFTWARE\Mic
0000:141C | rosoft\Windows Media\WMSDK\etacsufbO.... .:.
0000:1448 |  ... .?. ...?. .....L.o.a.d.C.r.e.d.e.n.t.i.
0000:1474 | a.l.s...................ì...Ø...È...^..n..5N
0000:14A0 | ·.jC/.ËôWNetRemoveCachedPassword....WNetCach
0000:14CC | ePassword...WNetGetCachedPassword...mpr.dll.
0000:14F8 | PStoreCreateInstance....pstorec.dll.DisableP
0000:1524 | asswordCaching..SOFTWARE\Microsoft\Windows M
0000:1550 | edia\WMSDK..A.c.c.e.s.s.P.e.r.m.i.s.s.i.o.n.
0000:157C | ....A.P.P.I.D.\.{.%.s.}.....A.P.P.I.D.\.%.s.
0000:15A8 | ....L.a.u.n.c.h.P.e.r.m.i.s.s.i.o.n.........
0000:15D4 | ............Ðñ..Áñ...ò...ñ..1ì......Zé..?é..
0000:1600 | ßñ...é..Kê..ßé...í..Xê..iê..Ïò..sê...ê...ë..
0000:162C | 9ë..'ì...(..hò..................ì...Ø...È...
0000:1658 | +...._..÷....ø..3ô..J...a...............¢...
0000:1684 | ....K.......Ý.......à...¹...Z.......äô..#ö..
0000:16B0 | .õ...÷..{ü...ü...ü..ïû..bü..Wü..Wü...ü...ü..
0000:16DC | °û..WSAJoinLeaf.WSARecvFrom.WSARecv.WSAConne
0000:1708 | ct..WSASocketA..WSASendTo...WSASend.WSAIoctl
0000:1734 | ....WSAEnumProtocolsA...ws2_32..U.s.e. .T.r.
0000:1760 | a.n.s.m.i.t.P.a.c.k.e.t.s.......S.o.f.t.w.a.
0000:178C | r.e.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .M.
0000:17B8 | e.d.i.a.\.P.l.a.t.f.o.r.m...Æô..._..Õô..Þ...
0000:17E4 | ....+...._..÷...........J...a...............
0000:1810 | ¢.......K.......Ý.......à...¹...Z.......;...
0000:183C | ........................ì...Ø...È...w>.ÍÖfdF
0000:1868 | .Ç6Û¶AÐñS.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.
0000:1894 | \.W.i.n.d.o.w.s. .M.e.d.i.a.\.W.M.S.D.K.\.N.
0000:18C0 | A.T.P.o.r.t.M.a.p.p.i.n.g.s.....U.D.P...T.C.
0000:18EC | P...%.x. .%.s. .%.u.....FreeAddrInfoW...GetA
0000:1918 | ddrInfoW....w.s.2._.3.2...d.l.l.....W.i.n.d.
0000:1944 | o.w.s. .M.e.d.i.a. .F.o.r.m.a.t. .S.D.K. .(.
0000:1970 | %.s.)...:.:.....:.:.1...0...0...0...0...?.#.
0000:199C | ....................ì...Ø...È...l...h...d...
0000:19C8 | `[email protected]

Now you got few lines, what to do? If you are lucky values are hardcoded with keys and they can be retrieved from above by looking for record byte sequences and then finding right values. Also you can try to find error messages and their addresses to track down what part of program throws them out (some assembly skills needed but it's not too hard if full reverse engineering/program modification is not requirement).

Sampo Sarrala - codidact.org
  • 2,488
  • 1
  • 18
  • 28
  • 1
    I've previously read that, and while it doesn't answer the question, it does give good information about the registry and where one would search if they wanted to fiddle with things. Also, I previously asked [this question](http://superuser.com/questions/431673/windows-8-never-combine-hide-labels), and never got an answer, so decided to look into it further. – Caleb Jares Jun 03 '12 at 21:31
1

I found the best way to do this is to use Process Monitor.

Caleb Jares
  • 2,649
  • 3
  • 19
  • 29