.reg files have me stumped!

I've recently been struck with an interest in accessing computers that would be otherwise locked down and have managed my way around some basics, but I'm not familiar with how .reg files are written. I'm trying to disable a program called Drive Shield in order to make permenant changes without having an administrative password. What I've figured out so far is that I need to disable the value of HKEY_LOCAL_MACHINE/software/microsoft/windows/currentversion/run. Unfortunately I have no idea how that's related to Drive Shield or how to apply what I've already found out to writing a registry patch. From what I understand .reg files are written in vbscript, right? Before I go all gung-ho on these computers I want to have written two patches, one to disable Drive Shield and one to re-enable it when I'm finished. Can anyone help me out a bit? I would prefer instructions on how to write a registry patch of this style rather than just being given the scripts, but either would do, lol. I would also be very appreciative of anyone who could tell me the relationship between disabling the value of "HKEY_LOCAL_MACHINE/software/microsoft/windows/currentversion/run" and the activity of Drive Shield.

 

Sorry about the post! I just stumbled across what I *think* is the answer... I'm still curious though, is it possible to write registry patches to perform these tasks? I'm not sure if I have permission to run regedt32.exe on the computer I'm trying to get into.

 

.reg files arn't script files at all. They either remove or enter registry values.

As for the path "HKEY_LOCAL_MACHINE/software/microsoft/windows/currentversion/run" that deals with programs that are run when the machine is turned on. Removing something from that list would merely stop the program from launching when windows starts. It would have no impact on the computer unless you reset the system though. Also you can just make these changes in msconfig.

 

Well my issue is that Drive Shield wipes absolutely everything you do to the computer when you reboot, so I'm assuming I need to boot from a floppy and edit the registry. I'm extremely new to the world of hacking and have only regurgitated information I've found online so far. I have never actually had the need to boot from a floppy so I still have to monkey with that and figure out how it works. I'm assuming that it would be easiest to boot to DOS from a floppy, in which case I *think* it would be easiest to run a patch to set the value to nothing, but like I said, I'm still just learning, so I don't even know if going about it this way is possible...

 

I've never persoanlly done a registry edit from DOS. I've also never heard of it being done. I don't even believe there is a program to do it with. The eidts you want to make would pretty much have to be made from within windows.

You may actually require admin access to make the changes you want. It is possible to recover lost administrative passwords too. So maybe you should be looking at that.

 

You don't think I could just run a .reg file that would make the changes for me just the same as I could run an .exe from DOS? Perhaps I'm on the wrong path completely with the .reg patch and should just be trying to crack the password, like you said...

 

A reg file can't be run from DOS. The only place you'll be able to run a registry file from is within windows itself. I mean sure registry infromation is actually stored on the HD, which means if you looked really hard for some pretty weird app you might, find one that lets you edit the registry from DOS, but I sorta doubt anyone has made such an app.

BTW, just so we are clear, DOS and a command prompt in windows are two entirely diffrent things, you could in fact use a .reg file from a command prompt.

Of course making a .reg file isn't really important, if you have access to make the edits you need to make you can do it from simply running msconfig. If you don't have access to do it that way, you won't be able to do it with a reg file either.

 

Well I know I can run a .reg file, because I tested a small one that would allow me to rename the recycling bins (just for kicks...). I just discovered REGEDT32.exe this weekend and will see if I have access to it when I have time in front of the computer I'm working with. It seems that restrictions on everything have been lifted since they put Drive Shield on the computers. If I *can* access REGEDT32.exe then my next worry is: If I set the value of Drive Shield to nothing, it shouldn't load up the "temporary OS" that Drive Shield creates, but how do I know that my changes to the registry will be saved on reboot. It's sort of a catch 22 -- Turn Drive Shield off, then reboot... If only there were a way to catch it before it loaded up...

 

I'm not sure if you will be able to run regedit32.exe in a DOS bootup. If you ran it from a DOS window in whichever Windows version you are running then it would create an instance of the app in the windows environment, not in the DOS session. As the name of the exe suggests this is a 32 bit application and will only run in a 32 bit environment - booting straight into DOS will not be a 32 bit environment...

This is of course if this is still your plan...

 

So I'm on the computer that I'm trying to get into now, I can run regedt.exe from Windows and I can also choose to boot from a list of other devices other than the HD. My problem now is that the pile path "HKEY_LOCAL_MACHINE/software/microsoft/windows/currentversion/run" isn't connected to Drive Shield in any way. If I navigate to the Centurion folder (Centurion is the company that produces Drive Shield) I get a list of REG_DWORDs instead of REG_SZs, editing these seem to have no effect on the computer and are reset on reboot. There is another Centurion folder in "HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/services/Eventlog/Applications" that doesn't seem relevant to changing the value of Drive Shield, as it has nothing in it that's related to it (it consists of (Default), EventMessageFile, and Typessupported). Any suggestions? The tutorial I was looking at originally is completely off...

 

You're not going to get anywheres with making a reg file. As you said, the path "HKEY_LOCAL_MACHINE/software/microsoft/windows/currentversion/run" has nothing to do with driveshield. It's a default windows thing. Anything in there is run by windows as it starts up. So that would be the place you want to edit.

Of course your problem is you CANNOT run a reg file from dos and chances are driveshield reverts any changes you make to the registry when shutting down.

So basicly, what it boils down to is you'll need to go in as an admin so that you can disable driveshield without having to reset the computer. reg files have no use for you here. Even in the event a reg file could be used to do something you'd still figure it out by going in with regedit and doing it manually first. So you're really just wasting your time trying to write a reg file.

 

Alrighty, thanks for all the help folks! Anyone care to point me in the right direction to learn about cracking administrative passwords? I'll probably be doing a Google search later myself...