Adding your Own Items to Context Menu - Hacking Windows XP

Adding an entry to a context menu is very simple. The most difficult part of solving my little puzzle was figuring out how to launch Outlook so it would automatically create a message and attach the desired file to it. After a few minutes on Google researching, I came across Outlook-Tips.net which is a great resource for just the information that I was looking for. According to outlooktips.net, I just had to launch Outlook with the /a switch and the name of the file. Once I had this information, I had all of the pieces of the puzzle and was ready to start putting it together. Perform the following steps to learn how to add your own item to any File Types context menu:

1. First, open up My Computer.
   
2. Click on the Tools menu bar item and select Folder Options.
3. Click on the File Types tab to expose all of the different file types on your computer.
4. Because I usually send Word documents, I scrolled down the list of file types and selected the .doc file extension. Pick any other file extension for which you would like to add an entry.
   
5. Once you have the entry selected, click the Advanced button to bring up the Edit File type window.
6. Click the New button to add an entry.
7. In the Action box, type in the name that you want to appear on the menu. I typed in Send Attached to Message.
8. In the Application Used to Perform Action box, you will want to specify the application and any switches that you will want to use for this new entry. Click on the Browse button to easily browse to an executable file. I navigated until I found OUTLOOK.EXE inside the OFFICE11 folder.
9. When you click OK, the path to the executable file will fill the box. Now you will want to add any application flags at the end of the line. To tell Outlook to create a new message and attach a file to it, I had to add /a after the path followed by %L. The %L is a system variable that holds the name of the file that you are right-clicking on. When I was finished, my box looked like the following (including the quotes): "C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE" /a "%L".
   
10. When you are finished editing your new entry, click OK to save it.

You are now finished adding an entry to a specific File Types context menu. If you followed all of the previous steps to add the "Send Attached to message" entry, every time you right-click on a Word document, you will now see the new entry, as shown in Figure

CHANGING WINDOWS PHYSICAL(MAC) ADDRESS

This is depending on the type of Network Interface Card (NIC) you have. If you have a card that doesn’t support Clone MAC address, then try method 2

METHOD 1

a. Start > Run > devmgmt.msc or Open "Device Manager"
b. Choose your desired NIC under the "Network Adapters" category.

c. Right Click on the selected NIC and choose "Properties".
d. Click on “Advanced” tab.
e. Under “Property section”, you should see an item called “Network Address” or "Locally Administered Address", click on it.

f. On the right side, under “Value”, type in the New MAC address you want to assign to your NIC. Usually this value is entered without the “-“ between the MAC address numbers.

g. Goto command prompt and type in “ipconfig /all” or “net config rdr” to verify the changes.

h. If successful, reboot your systems.

METHOD 2

As you can see the above method is very convenient but not all network cards offer such an option. For example, Broadcom 440x 10/100 ( used in Dell Inspiron 1501 laptops ) does not allow to change its MAC address through the Properties window. In such cases the following method will solve the problem.

1. Go to Start > Run and type regedt32 [NOT regedit] in the box to start the registry editor.

2. Go to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318} and double click on it to expand the tree.

3. Now you can see the subkeys starting with 0000, then 0001, 0002, 0003, 0004 and so on. Each of them represents particular network adapter.

4. Go through each subkey and look for DriverDesc keyword, that matches the network card you want to change the MAC address.

5. Look for a string value named “NetworkAddress”, right click on it and select Modify. Then enter a new MAC address in its value data box. If the value “NetworkAddress” does not exist, then create one with right click on the subkey ( for example 0008 ), then select New > String Value, name the new value as NetworkAddress and repeat the above step.

6. You must restart your computer for the change to take effect.

HKEY_CURRENT_CONFIG [HKCC]

HKEY_CURRENT_CONFIG [HKCC] :

The information contained in this key is to configure settings such as the software and device drivers to load or the display resolution to use. This key has a software and system subkeys, which keep track of configuration information.

HKCC contains information gathered at runtime; information stored in this key is not permanently stored on the hard disk, but rather regenerated at boot time. It is a handle to the key "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current", which is initially empty but populated at boot time by loading one of the other subkeys stored in "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles".

RELATED POST : FIVE KEYS OF WINDOWS REGISTRY EXPLAINED

HKEY_CLASSES_ROOT [HKCR]

HKEY_CLASSES_ROOT [HKCR]

The information stored here is used to open the correct application when a file is opened by using Explorer and for Object Linking and Embedding. It is a root key that merges HKLM\SOFTWARE\Classes, and HKCU\Software\Classes.

HKCR contains two types of settings. The first type is file associations that associate different file types with the programs that can open, print, and edit them. The second type is class registrations for Component Object Model (COM) objects.

This root key is one of the most interesting in the registry to customize, because it enables you to change a lot of the operating system's behavior. This root key is also the largest in the registry, accounting for the vast majority of the space that the registry consumes.

COM CLASS KEYS

The key HKCR\CLSID contains COM class registrations. HKCR\CLSID\ clsid is an individual class registration, where clsid is the class's class ID, which is a GUID.

Object	Class identifier
Shell folders
ActiveX Cache	{88C6C381-2E85-11D0-94DE-444553540000}
Computer Search Results	{1F4DE370-D627-11D1-BA4F-00A0C91EEDBA}
History	{FF393560-C2A7-11CF-BFF4-444553540000}
Internet Explorer	{871C5380-42A0-1069-A2EA-08002B30309D}
My Computer	{20D04FE0-3AEA-1069-A2D8-08002B30309D}
My Documents	{450D8FBA-AD25-11D0-98A8-0800361B1103}
My Network Places	{208D2C60-3AEA-1069-A2D7-08002B30309D}
Offline Files	{AFDB1F70-2A4C-11D2-9039-00C04F8EEB3E}
Programs	{7BE9D83C-A729-4D97-B5A7-1B7313C39E0A}
Recycle Bin	{645FF040-5081-101B-9F08-00AA002F954E}
Search Results	{E17D4FC0-5564-11D1-83F2-00A0C90DC849}
Shared Documents	{59031A47-3F72-44A7-89C5-5595FE6B30EE}
Start Menu	{48E7CAAB-B918-4E58-A94D-505519C795DC}
Temporary Internet Files	{7BD29E00-76C1-11CF-9DD0-00A0C9034933}
Web	{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
Control Panel folders
Administrative Tools	{D20EA4E1-3957-11D2-A40B-0C5020524153}
Fonts	{D20EA4E1-3957-11D2-A40B-0C5020524152}
Network Connections	{7007ACC7-3202-11D1-AAD2-00805FC1270E}
Printers And Faxes	{2227A280-3AEA-1069-A2DE-08002B30309D}
Scanners And Cameras	{E211B736-43FD-11D1-9EFB-0000F8757FCD}
Scheduled Tasks	{D6277990-4C6A-11CF-8D87-00AA0060F5BF}
Control Panel icons
Folder Options	{6DFD7C5C-2451-11D3-A299-00C04F8EF6AF}
Taskbar And Start Menu	{0DF44EAA-FF21-4412-828E-260A8728E7F1}
User Accounts	{7A9D77BD-5403-11D2-8785-2E0420524153}
Other
Add Network Places	{D4480A50-BA28-11D1-8E75-00C04FA31A86}
Briefcase	{85BBD920-42A0-1069-A2E4-08002B30309D}
E-mail	{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}
Help And Support	{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}
Internet	{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}
Network Setup Wizard	{2728520D-1EC8-4C68-A551-316B684C4EA7}
Run	{2559A1F3-21D7-11D4-BDAF-00C04F60B9F0}
Search	{2559A1F0-21D7-11D4-BDAF-00C04F60B9F0}
Windows Security	{2559A1F2-21D7-11D4-BDAF-00C04F60B9F0}

HKEY_LOCAL_MACHINE [HKLM]

HKEY_LOCAL_MACHINE [HKLM] :

This key contains configuration information particular to the computer. This information is stored in the systemroot\system32\config directory as persistent operating system files, with the exception of the volatile hardware key. Settings range from device driver configurations to Windows settings. HKEY_LOCAL_MACHINE is probably the most important key in the registry and it contains five subkeys:

• HARDWARE.

  Database that describes the physical hardware in the computer, the way device drivers use that hardware, and mappings and related data that link kernel-mode drivers with various user-mode code. The operating system creates this key each time it starts, and it includes information about devices and the device drivers and resources associated with them.
  

• SAM.

  Contains the Windows local security database, the Security Accounts Manager (SAM). Windows stores local users and groups in SAM. This key's access control list (ACL) prevents even administrators from viewing it. SAM is a link to the key HKLM\SECURITY\SAM.

• SECURITY.

  Contains the Windows local security database in the subkey SAM, as well as other security settings. This key's ACL prevents even administrators from viewing it, unless they take ownership of it.

• SOFTWARE.

  Pre-computer software database. Contains per-computer application settings. Microsoft standardized this key's organization so that programs store settings in HKLM\SOFTWARE\Vendor\Program\Version\. Vendor is the name of the program's publisher, Program is the name of the program, and Version is the program's version number.
  

• SYSTEM.

  Database that controls system start-up, device driver loading, NT 4 services and OS behavior. Contains control sets, one of which is current. The remaining sets are available for use by Windows. Each subkey is a control set named ControlSetnnn, where nnn is an incremental number beginning with 001. The operating system maintains at least two control sets to ensure that it can always start properly. These sets contain device driver and service configurations. HKLM\SYSTEM\CurrentControlSet is a link to ControlSetnnn, and the key HKLM\SYSTEM\Select indicates which ControlSetnnn is in use.

Security Identifiers (SIDs)

Computer accounts, user accounts, groups, and other security-related objects are security principles. Security Identifiers (SIDs) uniquely identify security principles. Each time Windows and Active Directory create a security principle, they generate a SID for it. The Windows Local Security Authority (LSA) generates SIDs for local security principles and then stores them in the local security database.

An example of a SID is S-1-5-21-2857422465-1465058494-1690550294-500. A SID always begins with S-. The next number identifies the SID's version—in this case, version 1. The next number indicates the identifier authority and is usually 5, which is NT Authority. The string of numbers up to 500 is the domain identifier, and the rest of the SID is a relative identifier, which is the account or group. This is a very rough overview of the SID format, which is much more complex than this brief example characterizes. If you want to learn more about SIDs, see http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_identifiers.asp.

HKEY_USERS [HKU]

HKEY_USERS [HKU]:
Windows 95 uses this key to store the user profiles, which were previously stored in systemroot\system32\config or systemroot\profiles directory.

SUBKEYS of HKEY_USERS

HKU contains at least three subkeys:

• .DEFAULT contains the per-user settings that Windows uses to display the desktop before any user logs on to the computer. This isn't the same thing as a default user profile, which Windows uses to create settings for users the first time they log on to the computer.

• SID, where SID is the security identifier of the console user (the user sitting at the keyboard), contains per-user settings. HKCU is linked to this key. This key contains settings such as the user's desktop preferences and Control Panel settings.

• SID_Classes, where SID is the security identifier of the console user, contains per-user class registrations and file associations. Windows merges the contents of keys HKLM\SOFTWARE\Classes and HKU\SID_Classes into HKCR.

Other subkeys you may find are :

• S-1-5-18 is the well-known SID for the LocalSystem account. Windows loads this account's profile when a program or service runs in the LocalSystem account.

• S-1-5-19 is the well-known SID for the LocalService account. Service Control Manager uses this account to run local services that don't need to run as the LocalSystem account.

• S-1-5-20 is the well-known SID for the NetworkService account. Service Control Manager uses this account to run network services that don't need to run as the LocalSystem account.

HKEY_CURRENT_USER [HKCU]

HKEY_CURRENT_USER [HKCU] :

This registry key contains the configuration information for the user that is currently logged in. The users folders, environment variables, desktop settings, network connections, printers, application preferences, screen colors, and control panel settings are stored here. This information is known as a User Profile.

SUBKEYS of HKEY_CURRENT_USER

• AppEvents

Associates sounds with events. For example, it associates sounds with opening menus, minimizing windows, and logging off of Windows.

• Console

Stores data for the console subsystem, which hosts all character-mode applications, including the MS-DOS command prompt. In addition, the Console key can contain subkeys for custom command windows.

• Control Panel

Contains accessibility, regional, and desktop appearance settings. You configure most of these settings in Control Panel. However, this key contains a handful of useful settings that have no user interface; you can configure them only through the registry.

• Environment

Stores environment variables that users have set. Each value associates an environment variable with the string that Windows substitutes for the variable. The default values for these entries are in the user's profile.

• Identities

Contains one subkey for each identity in Microsoft Outlook Express. Outlook Express uses identities to allow multiple users to share a single mail client. With the Windows support for user profiles, one user's settings are separate from other users' settings, so this key is seldom necessary to use.

• Keyboard Layout

Contains information about the installed keyboard layouts.

• Network

Stores information about mapped network drives. Each subkey in Network is a mapped drive to which Windows connects each time the user logs on to the computer. The subkeys' names are the drive letters to which the drives are mapped. Each drive's key contains settings used to reconnect the drive.

• Printers

Stores user preferences for printers.

• Software

Contains per-user application settings. Windows stores much of its own configuration in this key, too. Microsoft has standardized its organization so that programs store settings in HKCU\Software\Vendor\ Program\ Version\. The variable Vendor is the name of the program's publisher, the variable Program is the name of the program, and the variable Version is the program's version number. Often, as is the case with Windows, Version is simply CurrentVersion.

• Volatile Environment

Contains environment variables that were defined when the user logged on to Windows.


Other subkeys you see in HKCU are usually legacy leftovers or uninteresting. They include UNICODE Program Groups, SessionInformation, and Windows 3.1 Migration Status.

Brief History of Windows Registry

MS-DOS

• MS-DOS got its configuration data from Config.sys and Autoexec.bat.
  
• Config.sys loads device drivers
• Autoexec.bat used to run programs, set environment variables, and prepare MS-DOS for use.

Windows 3.0

• Windows 3.0 provided INI files for storing settings.
  
• INI files are text files that contain one or more sections with one or more settings in each section.
  
• The main problems with INI files are that they provide no hierarchy, storing binary values in them is cumbersome, and they provide no standard for storing similar types of settings.
  
• INI files also cause other subtle problems, all related to the configuration file's inability to build complex relationships between applications and the operating system.
  
• One big problem for early versions of Windows was the sheer number of INI files that floated around on the average computer. Every application had its own INI files.

Windows 3.1
Windows 3.1 introduced the registry as a tool for storing OLE (object linking and embedding) settings.

Windows 95

• Windows 95 expanded the registry into the configuration database that Windows XP and Windows Server 2003 use now.
  
• Even though INI files are no longer necessary, you'll always find INI files, including Win.ini, on any computer, at location : C:\WINDOWS\win.ini
  
• No more plain text .INI files splattered all over your system.
• In today's environment, the registry replaces these .INI files. Each key in the registry is similar to bracketed headings in an .INI file.

RELATED POST : FIVE KEYS OF WINDOWS REGISTRY EXPLAINED

FIVE KEYS - Windows Registry [Detailed Explanation]

The five keys in Registry Editor are :

• HKEY_CURRENT_USER [HKCU]
• HKEY_USERS [HKU]
• HKEY_LOCAL_MACHINE [HKLM]
• HKEY_CLASSES_ROOT [HKCR]
• HKEY_CURRENT_CONFIG [HKCC]
  

Related Post : BRIEF HISTORY OF WINDOWS REGISTRY

Backing up Windows Registry

This tutorial works only with Windows XP or newer.
Windows 98 and ME uses an inbuilt utility 'scanreg' that back-ups the system.

Backing up the Windows XP registry

Microsoft Windows XP includes a new feature known as system restore. This great new feature enables a user to backup and restore their important system files from an earlier day. By default this feature automatically creates a backup of the system each day. If you wish to create a restore point of your system follow the below steps.

1. Click Start, Programs, Accessories, System Tools, System Restore

2. Select the option to Create a restore point

3. Click next and follow the remainder steps.

Restoring the Windows XP registry

To restore the system back to an earlier point follow the below steps.

1. Click Start, Programs, Accessories, System Tools, System Restore

2. Select the Restore my computer to an earlier time option and click next

3. Select the day and the restore point you wish to restore and click next.

DEMO [Click to Enlarge]




In Windows VISTA, the following dialog comes up!!

Windows Registry Elaborated

If you donot understand the first paragraph, read about BRIEF HISTORY OF WINDOWS REGISTRY!!

One of the hot new features introduced with Windows 95 was the Windows Registry. The Windows Registry offered a centralized database-like location to store application and system settings. No more plain text .INI files splattered all over your system. Instead, issue a few easy API calls and your application settings are safely nestled away deep inside the registry hive.

Windows stores configuration data in the registry. The registry is a hierarchical database, which can be described as a central repository for configuration data.

The registry contains extended information, settings, and various other values for the the Microsoft Operating Systems. Within the registry you can control, modify and hack a great majority of the operating system features and tools.

Before going into the Registry and changing or deleting anything, we ALWAYS recommend that you backup the registry.

To view the registry of a Windows Operating System, one would use the Registry Editor tool. Type Start>Run>regedit, or just type in regedit in Windows 7's Start Menu search box. There are two versions of Registry Editor.

Regedt32.exe has the most menu items and more choices for the menu items. You can search for keys and subkeys in the registry.

Regedit.exe enables you to search for strings, values, keys, and subkeys and export keys to .reg files. This feature is useful if you want to find specific data.

For ease of use, the Registry is divided into five separate structures that represent the Registry database in its entirety. These five groups are known as KEYS.
Read this Post on Windows Registry Keys to be able to know about how to hack them.