Session Objectives
Summary: This Module will enable trainees to gain knowledge about Windows 7 Operating System architecture and to correlate it with application repackaging techniques used by the organization.
Duration: Day 1 - Windows architecture and file system Day 2 - Windows registry and control panel Day 3 - Computer management Target Audience: Trainee Engineers with Basic OS knowledge.
COMMERCIAL IN CONFIDENCE
Agenda
COMMERCIAL IN CONFIDENCE
Table of Contents
Windows Registry Introduction to registry editor Structure, common keys Importing/exporting/editing Registering a dll Security / Permissions
Control Panel ARP Environment variables Task Manager
COMMERCIAL IN CONFIDENCE
Table of Contents
Computer Management
Event Viewer Services User Profiles Windows 7 Command Prompt and basic DOS commands
COMMERCIAL IN CONFIDENCE
COMMERCIAL IN CONFIDENCE
Windows Explorer:
Windows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface for accessing the file systems
It is the component of the operating system that presents the user interface on the monitor and enables the user to control the computer. It is sometimes referred to as the Windows GUI shell, or simply "Explorer".
COMMERCIAL IN CONFIDENCE
COMMERCIAL IN CONFIDENCE
Filename is metadata about a file; a string used to uniquely identify a file stored on the file system There are many different types of files: data files, text files, program files, directory files, and so on Different types of files store different types of information. For example, program files store programs, whereas text files store text A filename extension is a suffix (separated from the basefilename by a dot) to the name of a computer file applied to indicate the encoding (file format) of its contents or usage. Example:
COMMERCIAL IN CONFIDENCE
Q&A
COMMERCIAL IN CONFIDENCE
Practical Exercise
Perform Settings for viewing hidden files and extensions Create a text file Test.txt on Desktop. Double click and open it
COMMERCIAL IN CONFIDENCE
These libraries usually have the file extension DLL, OCX (for libraries containing ActiveX controls), or DRV (for legacy system drivers). The file formats for DLLs are the same as for Windows EXE files that is, Portable Executable (PE) for 32-bit and 64-bit Windows
Examples of such DLLs include icon libraries, sometimes having the extension ICL, and font files, having the extensions FON and FOT
COMMERCIAL IN CONFIDENCE
INI Files
.INI files are plain-text files that contain configuration information. These files are used by Windows and Windows-based applications to save information about your preferences and operating environment. "INI" stands for initialization. "INI file is in form of Section, Key and Value
COMMERCIAL IN CONFIDENCE
INF file
An INF file (stands for information) or Setup Information file, is a plain text file used by Microsoft Windows for installation of software and drivers. INF files are most commonly used for installing device drivers for hardware components.
COMMERCIAL IN CONFIDENCE
COMMERCIAL IN CONFIDENCE
Services
A Windows service is an application that starts when the Microsoft Windows operating system is booted and runs in the background as long as Windows is running.
Windows provides an interface called the Service Control Manager that manages the creation, deletion, starting and stopping of services.
An application that wants to be a service needs to first be written in such a way that it can handle start|stop|pause|... messages from the Service Control Manager.
COMMERCIAL IN CONFIDENCE
Services
The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services registry key is used for storing this database.
COMMERCIAL IN CONFIDENCE
COMMERCIAL IN CONFIDENCE
Q&A
COMMERCIAL IN CONFIDENCE
Practical
Get KeyName of Windows Installer Service Query Windows Installer Service Start Windows Installer Service using Command line Stop Windows Installer Service using Command line
COMMERCIAL IN CONFIDENCE
Shortcut Files
Shortcuts are small files containing only the location of another file, and sometimes specific parameters to be passed to it when run. They are commonly placed on the desktop, start menu, and taskbar of various operating systems, and may only work from the GUI and not from the command line.
Shortcuts files are of two kinds: Normal Shortcuts (.lnk file) points to another file. URL Shortcuts (.url file) points to an intranet or internet site.
COMMERCIAL IN CONFIDENCE
COMMERCIAL IN CONFIDENCE
Other files
.hlp, .chm These files are used to provide application help. .mdb .htm, .html .bmp, jpg, gif .log, .tmp MS Access database HTML pages Image files
COMMERCIAL IN CONFIDENCE
COMMERCIAL IN CONFIDENCE
COMMERCIAL IN CONFIDENCE
Special Directories
USE OF STARTUP Startup is a location that allows you to run any program when your computer starts.
Startup (User) - The current user's Startup folder in the Start Menu. The program run only for the current user. Location :%UserProfile%\Start Menu\Programs\Startup Startup (AllUsers) - The common (all users) Startup folder in the Start Menu. The programs listed in this folder runs for All users. Location :%All UsersProfile%\Start Menu\Programs\Startup
COMMERCIAL IN CONFIDENCE
StartUp
COMMERCIAL IN CONFIDENCE
StartUp Exercise
Create a shortcut for Notepad.exe under Startup Folder Log off and Login the machine
COMMERCIAL IN CONFIDENCE
Quick Launch
Quick Launch, in Microsoft Windows, is a customizable toolbar that lets you display the Windows Desktop or start a program, such as Internet Explorer or the Windows Media Player, with a single click
COMMERCIAL IN CONFIDENCE
SYSTEM TRAY
The last part of the taskbar is called the notification area or system tray. It mainly contains status notifications, though some programs One Note use it for minimized windows Applications can put icons in the notification area to indicate the status of an operation or to notify the user about an event
COMMERCIAL IN CONFIDENCE
Q&A
COMMERCIAL IN CONFIDENCE
Windows Registry
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user interface and third party applications all make use of the registry. The registry editor that ships with Windows is regedit.exe The registry contains profiles for each user of the computer and information about system hardware, installed programs, and property settings.
COMMERCIAL IN CONFIDENCE
2 3 4
Thank You
Binary data (any arbitrary data)
An "expandable" string value that can contain environment variables, normally stored and exposed in UTF-16LE, usually terminated by a null character
A DWORD value, a 32-bit unsigned integer (numbers between 0 and 4,294,967,295 [232 1]) (little-endian) A DWORD value, a 32-bit unsigned integer (numbers between 0 and 4,294,967,295 [232 1]) (big-endian) A symbolic link (UNICODE) to another registry key, specifying a root key and the path to the target key A multi-string value, which is an ordered list of non-empty strings, normally stored and exposed in UTF-16LE, each one terminated by a null character, the list being normally terminated by a second null character. A resource list (used by the Plug-n-Play hardware enumeration and configuration) A resource descriptor (used by the Plug-n-Play hardware enumeration and configuration) A resource requirements list (used by the Plug-n-Play hardware enumeration and configuration)
5 6
REG_MULTI_SZ
8 9 10
COMMERCIAL IN CONFIDENCE
Registry Hives
HKEY_CURRENT_USER :
HKEY_CURRENT_USER stores settings that are specific to the currently logged-in user. The HKCU key is a link to the subkey of HKEY_USERS that corresponds to the user; the same information is reflected in both locations.
COMMERCIAL IN CONFIDENCE
Registry Hives
HKEY_USERS : contains subkeys corresponding to the HKEY_CURRENT_USER keys for each user registered on the machine.
COMMERCIAL IN CONFIDENCE
Registry Hives
HKEY_LOCAL_MACHINE :
Contains configuration information particular to the computer (for any user).
COMMERCIAL IN CONFIDENCE
Registry Hives
HKEY_CLASSES_ROOT :
HKEY_CLASSES_ROOT stores information about registered applications, including associations from file extensions and object class ids to the applications used to handle these items. On Windows 2000 and above, HKCR is a compilation of HKCU\Software\Classes and HKLM\Software\Classes. If a given value exists in both of the subkeys above, the one in HKCU\Software\Classes is used.
COMMERCIAL IN CONFIDENCE
Registry Hives
HKEY_CURRENT_CONFIG :
Contains information about the hardware profile used by the local computer at system startup.
COMMERCIAL IN CONFIDENCE
Save the registry with suitable filename and with .reg extension
COMMERCIAL IN CONFIDENCE
Click Yes
Click OK
COMMERCIAL IN CONFIDENCE Copyright 2011 ECS Europe Limited
COMMERCIAL IN CONFIDENCE
COMMERCIAL IN CONFIDENCE
RUN Keys
Location of Run Key:
COMMERCIAL IN CONFIDENCE
Active Setup
Active Setup is a process within Windows OS that runs automatically when a user logs in for the first time. Registry keys at HKLM\Software\Microsoft\Active Setup\Installed Components\%APPNAME% and HKCU\Software\Microsoft\Active Setup\Installed Components\%APPNAME% are compared, and if the HKCU registry entries don't exist, or the version number of HKCU is less than HKLM, then the specified application is executed for the current user. In case application is not having any advertised entry points and requires installation of components such as files or registry keys on a per-user basis then Active Setup is a possible solution
COMMERCIAL IN CONFIDENCE
Q&A
COMMERCIAL IN CONFIDENCE
Registry Exercise
Create Active Setup for Notepad.exe Give the Path of Notepad.exe Log off and Login check whether Notepad.exe is launched Create Run and RunOnce keys and perform above steps
COMMERCIAL IN CONFIDENCE
Parameters
/u : Unregisters server. /s : Specifies regsvr32 to run silently and to not display any message boxes.
/n : Specifies not to call DllRegisterServer. You must use this option with /i.
/i: cmdline : Calls DllInstall passing it an optional [cmdline]. When used with /u, it calls dll uninstall. dllname : Specifies the name of the dll file that will be registered.
COMMERCIAL IN CONFIDENCE
Computer Management
Computer Management is a collection of Windows administrative tools that you can use to manage a local or remote computer.
The computer management console has the following categories of tools: System Tools Storage Services and Applications
COMMERCIAL IN CONFIDENCE
Event Viewer
Event Viewer maintains logs about program, security, and system events on your computer.
The system defines three log sources, "System", "Application", and "Security". The System and Application log sources are intended for use by the Windows operating system and Windows applications respectively. The Security log source, however, is only directly writable by the Local Security Authority Subsystem Service (lsass.exe).
COMMERCIAL IN CONFIDENCE
Eventviewer
To open Event Viewer, click Start, click Control Panel, click Administrative Tools, and then double-click Event Viewer.
OR Start Menu -> Run -> Type Eventvwr and press enter key
COMMERCIAL IN CONFIDENCE
User Profiles
A User Profile (userprofile, or simply 'profile' when used in-context) is a feature of the Microsoft Windows operating system, comprising a given user's collection of personal documents and settings on that computer.
COMMERCIAL IN CONFIDENCE
User Profiles
Types of user profiles include: A local user profile, is created the first time you log on to a computer and is stored on the computer's local hard disk. Any changes made to your local user profile are specific to the computer on which the changes are made. A roaming user profile, is created by your system administrator and is stored on a server. This profile is available every time you log on to any computer on the network. Any changes made to your roaming user profile will be updated on the server. A mandatory user profile, is a roaming profile that can be used to specify particular settings for individuals or an entire group of users. Only system administrators can make changes to mandatory user profiles.
COMMERCIAL IN CONFIDENCE
User Profiles
Data on the computer is broadly divided into two types
1) Machine specific data 2) User specific data
Machine specific data can be accessed or modified by any no. of users who use that computer e.g. Files under ALLUSER Profile folder, c:\Program Files, registries under HKLM, System DSN etc.
User specific data can be accessed or modified by single user who logged in e.g. Files stored in My documents folder, HKCU registries, USER specific environment variables etc.
COMMERCIAL IN CONFIDENCE
Control Panel
Control Panel is a part of the Microsoft Windows graphical user interface which allows users to view and manipulate basic system settings and controls, such as adding hardware, adding and removing software, controlling user accounts, and changing accessibility options. Control panel is an independent program, not a folder as it appears, which is accessed from the start menu, and is stored in the system32 directory as control.exe
COMMERCIAL IN CONFIDENCE
Control Panel
COMMERCIAL IN CONFIDENCE
Environment Variable
Environment variables are strings that contain information such as drive, path, or file name. They control the behavior of various programs. For example, the TEMP environment variable specifies the location in which programs place temporary files. Any user can add, modify, or remove a user environment variable.
However, only an administrator can add, modify, or remove a system environment variable.
COMMERCIAL IN CONFIDENCE
Environment Variable
Using System in Control Panel, you can customize the following variables:
User environment variables for logged in user. The user environment variables are different for each user of a particular computer. The variables include any that are set by the user, as well as any variables defined by programs, such as the path to the location of the program files. System environment variables Administrators can change or add environment variables that apply to the system, and thus to all system users. During installation, Windows Setup configures the default system variables, such as the path to the Windows files.
COMMERCIAL IN CONFIDENCE
Environment Variable
Editing Environment Variable:
COMMERCIAL IN CONFIDENCE
%APPDATA%
%COMMONPROGRAMFILES% %COMMONPROGRAMFILES(x86)%
C:\Users\{username}\AppData\Roaming
C:\Program Files\Common Files C:\Program Files (x86)\Common Files C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;{ plus program paths} %SystemDrive%\Program Files %SystemDrive%\Program Files (x86) (only in 64-bit version) %SystemDrive%\Windows %SystemDrive%\Users\{username}\AppData\Local\Temp
%PATH%
%USERPROFILE%
%PUBLIC% %PROGRAMDATA%
%SystemDrive%\Users\{username}
%SystemDrive%\Users\Public %SystemDrive%\ProgramData
COMMERCIAL IN CONFIDENCE
Environment Variables
Create a Folder at : C:\Program Files\Test Append Path Environment Variable with above path Remove C:\Program Files\Test from Path Environment Variable
COMMERCIAL IN CONFIDENCE
Task Manager
A task manager is a program used to provide information about the processes and programs running on a computer, as well as the general status. It can be used to terminate processes and programs, as well as change the process priority.
COMMERCIAL IN CONFIDENCE
Add/Remove Programs
In Add/Remove Programs in Control Panel, a list of installed applications is displayed for the purpose of easy removal.
Registry : HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall
COMMERCIAL IN CONFIDENCE
Command Prompt
A command line interface or CLI is a method of interacting with an operating system or software using a command line interpreter. A command prompt (or just prompt) is a sequence of (one or more) characters used in a command line interface to indicate readiness to accept commands. Its intent is to literally prompt the user to take action. RunAs command Every executable when launched normally then it Runs with current logged in user token. When required to Run any program with token of different user then RunAs Utility is used. Syntax RUNAS [/profile] [/env] [/netonly] /user:<UserName> program /profile if the user's profile needs to be loaded /env to use current environment instead of user's. /netonly use if the credentials specified are for remote access only. /user <UserName> should be in form USER@DOMAIN or DOMAIN\USER program command line for EXE. See below for examples
COMMERCIAL IN CONFIDENCE
COMMERCIAL IN CONFIDENCE
XCOPY
Xcopy is a powerful version of the copy command with additional features; has the capability of moving files, directories, and even whole drives from one location to another.
SYNTAX XCOPY source [destination] [/A | /M] [/D[:date]] [/P] [/S [/E]] [/V] [/W] [/C] [/I] [/Q] [/F] [/L] [/H] [/R] [/T] [/U] [/K] [/N] [/O] [/X] [/Y] [/-Y] [/Z] [/EXCLUDE:file1[+file2][+file3]...]
COMMERCIAL IN CONFIDENCE
XCOPY Excercise
Use XCOPY Command to copy C:\Program Files\Common Files to C:\Users\<LoggedInUser>\Desktop\Test folder
COMMERCIAL IN CONFIDENCE
TASKKILL
Taskkill ends one or more tasks or processes. Processes can be killed by process ID or image name.
Syntax taskkill [/s Computer] [/u Domain\User [/p Password]]] [/fi FilterName] [/pid ProcessID]|[/im ImageName] [/f][/t]
COMMERCIAL IN CONFIDENCE
TASKKILL
Parameters
/s Computer : Specifies the name or IP address of a remote computer (do not use backslashes). The default is the local computer. /u Domain\User : Runs the command with the account permissions of the user specified by User or Domain\User. The default is the permissions of the current logged on user on the computer issuing the command. /p Password : Specifies the password of the user account that is specified in the /u parameter.
COMMERCIAL IN CONFIDENCE
IPCONFIG
Ipconfig in Windows is a command line utility that displays all current TCP/IP network configuration values
COMMERCIAL IN CONFIDENCE
Mapping Drives
Drive mapping is how System connects a local drive letter (A through Z) with a shared storage location of another computer over a network. Mapping of drives can be done through two different ways
Run a Batch file containing the command net use NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP | HELPMSG | LOCALGROUP | PAUSE | SESSION | SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ] Mapping of Drives can also be done through GUI
COMMERCIAL IN CONFIDENCE
Printers
A printer driver or a print processor is a piece of software that converts the data to be printed to the form specific to a printer. The purpose of printer drivers is to allow applications to do printing Software Printers These are convertors of Documents from one format to another. Ex Word to PDF convertor Hardware Printers These printers enable user to print Hard copies of Document Spooler Service needs to be stopped before installing a printer and that needs to be restarted after installation Location of Printers Control Panel\Hardware and Sound\Devices and Printers
COMMERCIAL IN CONFIDENCE
Q&A
COMMERCIAL IN CONFIDENCE