Reg Cleaner
in [Freeware]
|
Prev: PhraseExpress ?
Next: Astro-related freeware
From: VanguardLH on 6 Apr 2010 15:04 John Corliss wrote: > http://www.gentlesecurity.com/blog/index.php/2006/11/12/reghide) > > says that including a null character in a name string only renders it > un-editable but that it's still visible in Regedit and Regedit32. I > wouldn't know for sure. In a way that is correct. Since text editors don't show unprintable ASCII characters, you see the printable ASCII characters and the null character is missing from the rendered display. Alas, there is no hex editor view to regedit.exe to see if a string contains a non-printable character. There are some definite limitations to the regedit.exe that Microsoft gave use over a decade ago and has not yet updated. > Hey, that looks like a great utility. However, do you know if changing a > "/0" to a "*" in a registry entry will cause any problems? Is the change > permanent or just long enough to expose the string for possible deletion? Actually I haven't bothered to change the null character to a different character. Every time, and I mean *EVERY* time that I've found a null character anywhere in a registry key or data item name, it has been for some copy protection scheme for a game (I think SecuROM uses the null), a corrupted entry (so it isn't usable even with the null removed because the key or data item name is still unusable), or something malware-like (I've rarely been hit by malware but have seen legit programs that have decided to employ malware schemes to protect their registry entries). In most cases, the location of the null-containing string gave away to what software it belonged. When I got done playing the games that used SecuROM (and after uninstalling the games while also using Zsoft's Uninstaller to monitor the install so I could do a more thorough cleanup for the later uninstall), I used SecuROM's own uninstaller to cleanup the registry which got rid of those null-containing entries (but I was prepared to do more searching to find anything mentioning how to completely erase SecuROM from my host). Other than that, all null-containing key names were remnants (orphans) from a malware removal. I haven't yet found a null-containing key name that I wanted to keep. I suppose if there was one that you wanted to keep that you would simply delete the "*" that had replaced the null character. You won't have the null character anymore but the program accessing that registry key wouldn't be specifying the null character, anyway. They add it to deliberately thwart editing using regedit.exe, not because it is actually used as part of the key name they use when accessing the registry. > Well, this is good to know. It certainly accounts for some of the > apparent bloat in the exported version. I, too, don't yet have a text editor that will yet handle the 110MB for the exported version of my registry; however, the ntuser.dat and system32\config files are less than half that size. So I suspect that the export from regedit.exe includes the 2 real hives and all the pseudo-hives. It's a waste of time for the export and a waste of disk space. I had assumed that ERUNT actually copied the disk files for the registry as the backup, not export the registry. This seems to be the case when I read the detailed info on ERUNT, which said: Next, select the backup options: - System registry: The current system registry, usually consisting of the files DEFAULT, SAM, SECURITY, SOFTWARE, and SYSTEM. - Current user registy: The registry files for the currently logged-on user, usually NTUSER.DAT and USRCLASS.DAT. - Other open user registries: Sometimes Windows has a few other user registries in memory. Examples for this are "generic" registries, e.g. for user "EVERYONE", or registries of other users if you use Fast Task Switching in Windows XP. Check this option to backup all these additional user registries (if found) as well. So I would think the backup created by ERUNT would be the same size as all the actual registry's files, not like regedit.exe's export. > >> That's why I mentioned looking the actual >> registry files on the hard disk (ntuser.dat and under system32\config) >> rather than relying on an exported copy. Because of the duplicated data, >> the exported version is 110MB while the sum total of ntuser.dat and the >> system32\config files was 53.6MB. The exported copy is twice the size of >> the real registry's size. I haven't used ERUNT to know if it omits the >> pseudo-hives from its exported copy. > > Here's a Catfish export of the catalog for the most current ERUNT backup > folder on my computer (slightly modified to make it clearer): > > C:\WINDOWS\ERDNT\2010-0~1\ > 3,551,232 10-03-31 default > 673 10-03-31 Erdnt.con > 163,328 05-10-20 Erdnt.exe > 1,010 10-03-31 Erdnt.inf > 2,815 02-09-25 Erdntdos.loc > 3,275 02-09-25 Erdntwin.loc > 20,480 10-03-31 Sam > 49,152 10-03-31 Security > 20,537,344 10-03-31 software > 8,515,584 10-03-31 system > C:\WINDOWS\ERDNT\2010-0~1\Users\ > C:\WINDOWS\ERDNT\2010-0~1\Users\00000001\ > 204,800 10-03-31 Ntuser.dat > C:\WINDOWS\ERDNT\2010-0~1\Users\00000002\ > 8,192 10-03-31 UsrClass.dat > C:\WINDOWS\ERDNT\2010-0~1\Users\00000003\ > 13,750,272 10-03-31 ntuser.dat > C:\WINDOWS\ERDNT\2010-0~1\Users\00000004\ > 45,056 10-03-31 UsrClass.dat Yep, so ERUNT is saving the registry's binary database files (and its own executables for use in Recovery Console mode) rather than exporting a bunch of text lines for the real and pseudo-hives. My guess is that Users\00000003 is for your user profile for your Windows account. I don't know why ERUNT isn't tracking them by the account SID to make sure it matches up with the SAM database. >> PDF file (compressed): 3.3MB >> DOC file: 19.6MB > > Most people know that at this point, a Microsoft Word document has far > too much formatting bloat in it. Convert such a document to an .rtf or > .txt file and you'll see what I mean. Damn, I knew there was a conversion that I forgot. After conversion of the PDF to RTF, that file was 4.8MB - a lot bigger than your half-meg e-book. Of course, that booklet is just to let the average Joe figure out how to do his taxes. The tax code on which it is based is H-U-G-E (and I don't mean the pamphlets the IRS agents are taught with which is not only incomplete but actually misleading and deliberately so). >> Your wish to make pocket marbles out of boulders ain't gonna happen and is >> not realistic. > > Maybe not, but I can still wish for it, realistic or not. Yeah, maybe one day Microsoft will decide to do better with the registry but my guess is that they will replace it with something different that is as night-and-day as was switching from .ini files to the registry. If we're really lucky, and perhaps following Apple's change, Microsoft might decide to dump their Windows kernel and replace the OS with a Linux distro. Of course, the GUI will still look like Windows. We can all wish. > >>> You misunderstand me. I'm not referring to deliberate malware attacks, >>> I'm referring to standard Registry inclusions which are not in my best >>> interests, and which may have originated from MS or the U.S. government. I'm pretty sure that anyone producing any goods are doing so in their own best interests. The interests of their consumers comes second. Altruism only goes so far before it becomes to expensive for survival of a business. > It's not paranoid in the least to believe that the government wants to > spy on us, or that MS and-or the U.S. government wants to monitor our > computing and stored data. > > Surely you've heard about a little thing egregiously named the "Patriot > Act"? I.e., the raping of our constitutional rights by a president who > also swore to defend the Constitution as part of his presidential oath > of office? The ongoing continuation of that breach of faith by the > current administration? As in, "He who would exchange even a little > freedom for safety, deserves neither freedom or safety"? Patriot I and II. Victory Act I and II. Laws that circumnavigate the Posse Comitatus Act (http://en.wikipedia.org/wiki/Posse_Comitatus_Act) that prohibits interference or intermingling of the military with the civilian police and further evidenced by Obama wanting to establish a civilian based military enforced by a draft and under control of the Exec branch along with arming our police with military weapons that are designed to quell the mass riots expected later. Random road checkpoints and stopping cars to get the populace used to the police committing any action without cause. Establishing NAFTA as a preliminary to the North American Union and contemplating replacing the US dollar with the aero as a further step towards federated statehood in a world gov't with the UN policing the non-federated 3rd-world countries by depressing their economies with the likes of the global warming scam and a Carbon Tax paid to a world bank fund (which will introduce over 50 more taxes to Americans who already pay double, triple, and quadruple taxes on goods to effect a current 52% tax rate on them). The US gov't gave up control over their money to foreigners by establishing the Federal Reserve (which is NOT part of the US gov't but a world bank operated by foreign investors and which cannot be audited) which prints our money for a fee and gives loans to the gov't for which we are taxed to pay (and ALL our taxes only pay the interest on these loans and none of it goes towards the services afforded by the gov't so the gov't has to get more loans to continue operating). That we went off the gold standard so our money is backed by nothing and its value will float, allow for the generation of fiat money, and let banks operate on a "reserve" rather than have full deposits on store. Google receives over 50 demands each day to hold records for "suspect" users. This is not a court order so the FBI cannot get at the records but they can demand Google to hold those records for up to 90 days. Your bank account can be frozen on just an order by the FBI as the banks will honor the *notice of intent* to freeze assets rather than wait until a court ordered writ is received. FEMA can't handle Katrina but manages to get funding to buy land and build concentration camps for expected riots and revolution when our money collapses and/or due to hyperinflaction caused by not controlling our own money, and FEMA builds half a million 3-person coffins for an internal war that hasn't started yet because of the complacency of citizens (by encroaching on their comfort level only a little at a time). Incrementalism works very well. The stupidity and loss of control continues to dissolve our country while collapse becomes ever more inevitable where everyone but a small elite are poor and powerless. It's for our own good, uh huh. I haven't seen a novel yet that came close to similarly describing the death of a republic. The country your grandfather knew doesn't exist anymore, and in another 30 years it won't be the country you know today. I hardly think solving anything in Windows is going to resolve the incrementalism that has worked so successfully in destroying the US Constitution, the rights of Americans in their own country, destroying the middle class through taxation to remove their ability to financially defend themselves, destroying small business that provides the most jobs, moving power to an elite that is worldwide and hence foreign to the USA, and so on. When the dam is breaking apart, chewing gum in the tiny holes isn't the solution. We need a new dam and get rid of the old one, or maybe destroy the new dam that been incrementally built to usurp the old dam and go back to the old dam. The "Great Firewall of China" is indicative of the abusive power that their gov't has. It is an effect. Fix the cause and the effect disappears. If Microsoft were doing covert operations within Windows, there are enough intelligent users around that are monitoring their network traffic using packet sniffers or router appliances to see what is in the traffic generated by Windows, as well as [hex] editors that can let us see anything put into a file. However, as to educating lazy users so they can actually be deemed adminstrators of their OS for which they are unwilling to pay an expert to administer, well, that's a whole other cause. Consumers don't want to pay for support either as an included cost in the purchase price or as a separate charge later. Alas, there are more and more experts that are not experts and you see them here trying to find help so they can pretend they are an expert to their paying customer ("I have some users with a problem", "I have a friend", "A workstation", and so on which exhibits they are using us to build their pretense as an expert to someone else). There are so many folks probing and monitoring Windows that Microsoft is constantly getting embarrased as to their shortcomings. They're busy trying to patch the holes with chewing gum than of fixing the root cause. They're a business so it's the dollars they're after. With incrementalism working so well over over the last hundred years, Microsoft will simply wait until citizens accept new commands from their federal gov't regarding further banishment of more of their rights. That might evolve from similar another coalition of private businesses lobbying the gov't to allow for more control, like how DRM punishes all while prosecuting few. "NSA helped with Windows 7 development - Uh oh!" http://www.redicecreations.com/article.php?id=8774 Right now, it's more like the NSA is trying to get Microsoft to produce an OS that is more stable for the needs of the gov't. Like any large[est] customer of a software vendor, they have an interest in getting the best product they can so they wield their wealth as a means of control in influencing the product maker. Right now it's not security that I'm worried about. It's that the gov't is the biggest customer of Microsoft. Obviously any company whose survival is focused on one customer is susceptible to influence exercised by that customer. The gov't is just too damn big and becoming more dangerous to its own citizens.
From: Johnw on 6 Apr 2010 16:51 VanguardLH laid this down on his screen : > I, too, don't yet have a text editor that will yet handle the 110MB for the > exported version of my registry; Have you looked at these. MadEdit http://www.softpedia.com/get/Office-tools/Text-editors/MadEdit.shtml http://www.softpedia.com/progScreenshots/MadEdit-Screenshot-76925.html http://madedit.sourceforge.net/ nPad2 Source Editor/Viewer http://www.softpedia.com/get/Programming/File-Editors/nPad2-Source-Editor-Viewer.shtml http://www.softpedia.com/progScreenshots/nPad2-Source-Editor-Viewer-Screenshot-52224.html http://www.zeraha.org/file.36.html
From: VanguardLH on 6 Apr 2010 18:09 Johnw wrote: > http://madedit.sourceforge.net/ In a virtual machine running Windows XP Pro SP-3 as the guest OS, the exported .reg file created by regedit.exe was 53MB in size and capable of viewing in Notepad. So I hunted around. The only registry keys that got exported were: HKEY_LOCAL_MACHINE HKEY_USERS Those are the real hives. The pseudo-hives were not included. So, at least, regedit.exe wasn't bloating the output by including duplicated hive data. It appears converting to text is what bloats the exported .reg file compared to the binary database files actually used for the registry. For example, rather than containing the binary data within the record structure for a database, the .reg file will have something like: [HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Battery\Presets\relativelycalm\PostShiftInfo\0] "dbl1"="45" "dbl2"="0" "dbl3"="0" "dbl4"="384" "dbl5"="0" "dbl6"="0" "dbl7"="0" "dbl8"="0" So you have delimiters in the text output that aren't there in the records in the database along with equal signs that aren't needed to show association between fields within a record. Some text tries to show hex strings but insert commas between each byte which aren't there in the field's actual value inside the registry. Also, the 2-character display using text uses more bits than the actual binary value being represented. There may be other compression within the binary database files themselves of which I'm not aware. In addition, there are entries that are merely used for navigation to show under where an entry is located. So unrolling the binary database into text results in doubling the size of the output. So the presentation shown in the text output generated by regedit.exe tries to show what is in the registry but necessarily has to bloat it with additional structure to make it human readable. A series of records with binary digits would mean nothing to us humans. Considering every tiny details of the OS, drivers, software, and the users use of the host, I'm really not surprised the registry is as big as it is (in the form of its disk files, not how regedit.exe exports that data). While Corliss wants to find entries with embedded or trailing null characters, I've never found any that I needed to keep. They were remnants of software uninstallations or malware-like behavior (by copy protection schemes, games, CD emulators). However, I will be interested in finding a registry utility that can expose or export registry keys or data names (but not data item values) that exceed the 256-character rendering limit in regedit.exe. Something more on which to waste my free time.
From: George Orwell on 6 Apr 2010 23:15
VanguardLH <V(a)nguard.LH> wrote in news:hpg0jp$pfu$1(a)news.albasani.net: > Establishing NAFTA as a preliminary to the North American Union and > contemplating replacing the US dollar with the aero... You mean 'amero', I think. Il mittente di questo messaggio|The sender address of this non corrisponde ad un utente |message is not related to a real reale ma all'indirizzo fittizio|person but to a fake address of an di un sistema anonimizzatore |anonymous system Per maggiori informazioni |For more info https://www.mixmaster.it |