goshy2007

How to: Find undocumented registry settings gosh tip #1 One thing that has always annoyed me is all those websites that list reghacks that are all the same. It's very rare to find any new reghacks because everyone just wants to copy someone elses work rather than learn how to find reghacks. There have always been undocumented reghacks for several reasons: New functionality in windows Everytime a new version of windows comes out some behavior is changed that people depend on. For example, a company uses a 3rd party app they spent $100,000 to develop that works fine in win2k but doesn't work in XP. The solution is for the company to pay microsoft for a fix, or pay another $100,000 to have someone rewrite the app to work on XP. A good example of this is NoStrCmpLogical. Future Functionality Usually the server is released after the client. So microsoft will put new functionality in the client, but won't expose the functionality until the server is released. A good example is RIS in XP. Ris in XP had new functionaly that wasn't "exposed" - that is, there was no UI to use the new functionality until server 2003 was released. In order to include new features in windows, they have to be slowly phased in. Core Files used in multiple OS Since microsoft uses the same core files throughout several OS's functionality for all OS's have to be built in. For example, Windows PE's functionality is already built into xp, it isn't "exposed" until you use 2 megs worth of inf's. These inf's Build winpe out of an ordinary XP cd. In the past the best way to find reghacks was sysinternals regmon. With the release of Office 2007, it got even easier. For the first time (at least according to my Office 2007 for dummies book), office comes with a kill dupes option. Office 2007 also supports more than 64,000 rows, meaning you can import more data. Step by Step Directions: 1 - Install any updates to make sure you have the most current version, such as service packs, etc. 2 - Download regmon from sysinternals.com (which redirects to ms download) 3 - When you run regmon, put apps that you dont want there settings in the Exclude field. For example, you could put regmon.exe;services.exe in the exlude field. 4 - Still at the Regmon Filter dialog box, uncheck the "log successes" box, leave the other boxes checked. We do this because we want UNDOCUMENTED reghacks. Unchecking this box causes regmon to only list registry keys that DONT EXIST on your box. If the registry key already exists on your box, it's already known isn't it? 5 - Click OK. Click the icon for auto scroll (the icon with the down arrow). This will disable scrolling, which will lag your computer 6 - Close any open windows as that will cause shell settings to be logged. Also disconnect from the inet if you dont want inet settings. Close unused programs. 7 - Click the clear icon, then open the app you want to get settings for. For example, if you want to find undocumented reghacks for my computer then double click my computer and through all the dialog boxes. Type in stuff, save stuff. Go through wizards. 8 - After about 5-10 mins of playing with the program, click the Save icon in regmon, and save regmon.log to your desktop, then close regmon (wait a couple seconds for it to flush to disk) 9 - Right click on regmon.log, click 'open with', select excel 10 - At this point i usually delete columes. Right click on column A and select delete. Delete column B (the time column), column D (queryvalue). The only columns i have left are A (process), B (reg key), and C (not found or buffer overflow) 11 - Under the Data menu in excel click 'remove duplicates' 12 - In the dialog box, only check the box that has the registry keys (in my case column B) and click ok. After 5 seconds it will remove all dupes. 13 - Still under Data menu, click sort. In first column where it says "sort by", select the column that says buffer overflow and not found (in my case column C) and click OK 14 - Now scroll through the list writing down any reg keys you don't recognize. Use a search engine to see if you can find anything on them. If you don't find anything you've found a diamond in the rought - an undocumented regkey. Now import the regkey and see what happens. If the regkey helps you then post it on sites so others know. If just a small amount of people did this you would have a lot of undocumented regkeys posted on the inet, instead of the same old crap reposted over and over. I might post my test.inf as an example of how to test reghacks. -gosh test.zip

These are inf's i recently wrote. Theyre far from complete but thought i would post anyway in case it helps anyone. -gosh INF.zip

you must mean that keuyoung guy? he had a site on canada isp rogers.net -gosh

when i left the inet i gave everytning i had to a friend who no longer talks to gosh...i gotta go, ill try to get my pw, if you ask aaronxp i told him i was leaving but he never took me serious then i just left. i remember my pw for activewin.com, for username gosh. thanks for the nice words -gosh

hey- to those old skool people here i used to post here 3 years ago. i havent been online in about 3 years and i only have a couple mins. I didnt write down my passwords soi cant seem to remember the password togosh. If you need proof im gosh just ask me a question. Im just posting to say hi, in case anyone wonders where gosh went. i should be online for a couple mins next thursday, ill read any posts. -gosh