{"id":643,"date":"2010-03-11T14:46:00","date_gmt":"2010-03-11T06:46:00","guid":{"rendered":"http:\/\/note.systw.net\/note\/?p=643"},"modified":"2023-11-04T14:49:05","modified_gmt":"2023-11-04T06:49:05","slug":"regedit","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/643","title":{"rendered":"Regedit"},"content":{"rendered":"\n

\u767b\u9304\u6a94
\u4e8c\u9032\u4f4d\u8cc7\u6599\u5eab
\u4ee5\u5c64\u72c0\u7d50\u69cb\u7d44\u7e54\u6240\u6709\u7684\u7cfb\u7d71\u8a2d\u5b9a
\u7cfb\u7d71\u8a2d\u5b9a\u7684\u96c6\u4e2d\u5b58\u653e\u5340
\u61c9\u7528\u7a0b\u5f0f,\u7cfb\u7d71\u5143\u4ef6,\u88dd\u7f6e\u9a45\u52d5\u7a0b\u5f0f,\u7cfb\u7d71\u6838\u5fc3\u90fd\u6703\u4f7f\u7528<\/p>\n\n\n\n

\u5e38\u898b\u5de5\u5177
regedit \u7cfb\u7d71\u5167\u5efa\u7684\u767b\u9304\u6a94\u7de8\u8f2f\u5668
RegCompact.NET\u91cd\u6574\u4e26\u512a\u5316Windows\u767b\u9304\u6a94
RegCleaner \u6e05\u9664\u7121\u7528\u7684\u767b\u9304\u6a94<\/p>\n\n\n\n

………..<\/p>\n\n\n\n

\u767b\u9304\u7d50\u69cb
root key(\u6839\u6a5f\u78bc):\u985e\u4f3c\u6a94\u6848\u7cfb\u7d71\u4e2d\u7684\u78c1\u789f
subkey(\u5b50\u6a5f\u78bc):\u985e\u4f3c\u8cc7\u6599\u593e,\u88ab\u5305\u542b\u5728root key\u4e2d
value(\u503c):\u985e\u4f3c\u6a94\u6848, \u88ab\u5305\u542b\u5728subkey\u4e2d<\/p>\n\n\n\n

\u6a5f\u78bc\u985e\u578b
\u5132\u5b58\u5728\u8a18\u61b6\u9ad4\u4e2d,\u555f\u52d5\u6642\u5efa\u7acb,\u95dc\u6a5f\u6642\u6d88\u5931
\u5132\u5b58\u5728\u78c1\u789f\u4e0a,\u5927\u591a\u6578\u6a5f\u78bc\u5c6c\u65bc\u6b64\u985e\u578b<\/p>\n\n\n\n

\u4e3b\u8981\u7684root key
HKEY_LOCAL_MACHINE \u5b58\u653e\u5c6c\u65bc\u672c\u6a5f\u96fb\u8166\u7684\u6240\u6709\u8a2d\u5b9a
HKEY_USERS \u8207\u4f7f\u7528\u8005\u6709\u95dc\u7684\u8a2d\u5b9a
HKEY_CURRENT_CONFIG \u5132\u5b58\u7cfb\u7d71\u76ee\u524d\u958b\u6a5f\u8a2d\u5b9a\u7684\u8cc7\u8a0a
HKEY_CURRENT_USER \u76ee\u524d\u767b\u5165\u7684\u4f7f\u7528\u8005\u8a2d\u5b9a\u6a94
HKEY_CLASSES_ROOT \u8ca0\u8cac\u5c07\u526f\u6a94\u540d\u548cOLE\u985e\u5225\u8b58\u5225\u78bc\u9023\u5728\u4e00\u8d77<\/p>\n\n\n\n

HKEY_LOCAL_MACHINE\u7684\u4e3b\u8981subkey
HARDWARE \u5132\u5b58\u6709\u95dc\u5728\u7cfb\u7d71\u4e2d\u6240\u627e\u5230\u7684\u786c\u9ad4\u8cc7\u8a0a,\u5132\u5b58\u5728ram\u4e2d,\u4e3b\u8981\u6709\u4ee5\u4e0b
\u3000DESCRIPTION \u5305\u542bcpu,\u6d6e\u9ede\u8655\u7406\u5668,…\u7b49
\u3000DEVICEMAP \u5c07\u67d0\u500b\u7279\u5b9a\u88dd\u7f6e\u9023\u7dda\u5230\u53e6\u4e00\u500b\u7279\u5b9a\u88dd\u7f6e\u4e0a
\u3000RESOURCEMAP \u8ca0\u8cachal(\u786c\u9ad4\u62bd\u50cf\u5c64),\u96a8\u63d2\u5373\u7528,…\u7b49
SAM \u5b58\u653e\u672c\u6a5f\u5efa\u7acb\u7684\u5e33\u6236\u548c\u7fa4\u7d44
SECURITY \u5305\u542b\u5927\u91cf\u7684\u5b89\u5168\u8cc7\u8a0a
SOFTWARE \u61c9\u7528\u7a0b\u5f0f\u548c\u7cfb\u7d71\u5143\u4ef6\u5b58\u653e\u5b83\u5011\u6240\u6709\u7cfb\u7d71\u8a2d\u5b9a\u7684\u57fa\u790e
SYSTEMCurrentControlSet \u7528\u65bc\u555f\u52d5\u6642\u53cd\u6620\u662f\u5426\u6210\u529f
SYSTEMMountedDevices \u7528\u65bc\u52d5\u614b\u78c1\u5340\u6280\u8853<\/p>\n\n\n\n

value\u985e\u578b\u6709
REG_BINARY \u4ee5\u539f\u59cb\u683c\u5f0f\u5132\u5b582\u9032\u4f4d\u8cc7\u6599
REG_DWORD \u5b58\u653e\u4e00\u500b8bit\u6574\u6578\u6216\u96d9\u5b57\u7684\u503c
REG_SZ \u4efb\u610f\u9577\u5ea6\u7684unicode\u5b57\u4e32
REG_EXPAND_SZ \u53ef\u64f4\u5145\u9577\u5ea6\u5b57\u4e32\u503c
REG_MULTI_SZ \u4efb\u4e00\u6578\u91cf\u7684REG_SZ\u503c\u96c6\u5408
REG_FULL_RESOURCE_DESCRIPTOR
REG_NONE<\/p>\n\n\n\n

……………….<\/p>\n\n\n\n


\u81ea\u88fd.reg\u6a94
\u6a94\u6848\u683c\u5f0f\u5982\u4e0b
[subkey path] \/\/\u82e5\u5728\u958b\u982d\u6709-,\u8868\u793a\u522a\u9664\u7684\u610f\u601d
“REG_SZ”=””
“REG_BINARY”=hex:
“REG_DWORD”=dword:00000000
“REG_MULTI_SZ”=hex(7):00,00
“REG_EXPAND_SZ”=hex(2):00,00
ex:
\u65b0\u589e\u767b\u9304\u6a94
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]
“NoDriveTypeAutoRun”=dword:00000091
\u522a\u9664\u767b\u9304\u6a94
[-HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
“ctfmon.exe”=”C:WINDOWSsystem32CTFMON.EXE”<\/p>\n\n\n\n

………………<\/p>\n\n\n\n

\u5e38\u7528\u767b\u9304\u6a94<\/p>\n\n\n\n

\u95dc\u9589usb<\/strong>
[HKEY_LOCAL_MACHINE\/SYSTEM\/CurrentControlSet\/Services\/USBSTOR]
“Start”=dword:00000004
ps:dword:00000003 \u662f\u958b\u555f<\/p>\n\n\n\n

\u653e\u5165\u5149\u789f\u6642\u4e0d\u8981\u81ea\u52d5\u57f7\u884c<\/strong>
[HKEY_LOCAL_MACHINE\/SYSTEM\/ControlSet\/001Services\/Cdrom] 
“AutoRun”=dword:00000000
ps:dword:00000001\u662f\u81ea\u52d5\u57f7\u884c<\/p>\n\n\n\n

\u958b\u6a5f\u6642\u81ea\u52d5\u9032\u884c\u78c1\u789f\u91cd\u65b0\u6574\u7406<\/strong>
[HKEY_LOCAL_MACHINE\/SOFTWARE\/Microsoft\/DfrgBoot\/OptimizeFunction]
“Enable”=”Y”<\/p>\n\n\n\n

\u8a2d\u5b9a\u50b3\u9001\u7de9\u885d\u5340\u70ba16kb,\u53ef\u52a0\u901fhttp\u4e0a\u50b3\u901f\u5ea6<\/strong>
[HKEY_CURRENT_USER\/Software\/Microsoft\/Windows\/CurrentVersion\/Internet\/Settings]
“SocketSendBufferLength”=dword:00004000\u8abf\u6574tcp windows size\u70ba64K<\/strong>
[HKEY_LOCAL_MACHINE\/SYSTEM\/CurrentControlSet\/Services\/Tcpip\/Parameters]
“TCPWindowSize”=dword:0000FFFF<\/p>\n\n\n\n

\u8a2d\u5b9a\u958b\u6a5f\u6642\u57f7\u884c\u7a0b\u5f0f<\/strong>
[HKEY_LOCAL_MACHINE\/SOFTWARE\/Microsoft\/Windows\/CurrentVersion\/Run]
“commandname”=”commandpath”<\/p>\n","protected":false},"excerpt":{"rendered":"

\u767b\u9304\u6a94\u4e8c\u9032\u4f4d\u8cc7\u6599\u5eab\u4ee5\u5c64\u72c0\u7d50\u69cb\u7d44\u7e54\u6240\u6709\u7684\u7cfb\u7d71\u8a2d\u5b9a\u7cfb\u7d71\u8a2d\u5b9a\u7684\u96c6\u4e2d …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[18],"tags":[],"class_list":["post-643","post","type-post","status-publish","format-standard","hentry","category-windows"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/643","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=643"}],"version-history":[{"count":0,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/643\/revisions"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=643"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=643"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=643"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}