How do I find hidden registry entries?
Solution 1
I found the best way to do this is to use Process Monitor.
Solution 2
Just start reading Microsoft Technet and you will find many and more "hidden" registry keys / values. I don't know if there's any list about keys that are not here after clean installation but you will find them after started hacking Windows.
What I do when I need some special functionality/behavior with Windows (or just want to learn more about some well known functionality):
- Try to find about it from google & stackexchange, maybe someone already did that job.
- Try to find alternate ways to do it, if found any then I try to learn from them.
- Find out if any Windows OS can do it, find out how.
- Search registry with regedit, use your imagination here.
- Try to disassemble part of OS that you want to modify/understant better. If failed/stuck, find another route and start over.
- Remember, if it seems that it can't be done you still have many options:
1. Write your own program that a) manipulates existing UI or b) creates new UI or c) extends OS part that you don't like or d) replaces OS part that you dont like.
2. Forgot about it.
Already noted in comments, you should read more about windows internals and ask more specific question after you have some real problems with finding some special values. I think that if you really need full list of reg keys/values then you should make one (at least partially) yourself, as learning exercise.
And as last part, here is few easy lines from logagent.exe:
0000:1188 | CryptUnprotectData..CryptPro
0000:11B4 | tectData....c.r.y.p.t.3.2...d.l.l...E.n.a.b.
0000:11E0 | l.e.N.e.g.o.t.i.a.t.e...S.o.f.t.w.a.r.e.\.M.
0000:120C | i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.C.u.r.r.e.
0000:1238 | n.t.V.e.r.s.i.o.n.\.I.n.t.e.r.n.e.t. .S.e.t.
0000:1264 | t.i.n.g.s...=.".....r.e.a.l.m... ...,.;.....
0000:1290 | .......N.e.g.o.t.i.a.t.e...B.a.s.i.c. .....
0000:12BC | https://....D.e.l.e.t.e.....N.o.R.e.m.o.v.e.
0000:12E8 | ....F.o.r.c.e.R.e.m.o.v.e...V.a.l...B...D...
0000:1314 | S...................ì...Ø...È...ê¶..¯·..bü..
0000:1340 | I·..d·...·..à·...·..¦·...¹..bü...º..O¾..¶Ü..
0000:136C | .Ý..cÝ..!º..8º..`[..Dº..ú...º..O¾..¶Ü...Ý..
0000:1398 | cÝ...Ï..8º..VÏ..Dº.. [proxy]...:././...1.2.
0000:13C4 | 7...0...0...1...d.o.o.G.....d.r.o.w.s.s.a.P.
0000:13F0 | ....r.e.s.U.....h.t.a.P.....\...SOFTWARE\Mic
0000:141C | rosoft\Windows Media\WMSDK\etacsufbO.... .:.
0000:1448 | ... .?. ...?. .....L.o.a.d.C.r.e.d.e.n.t.i.
0000:1474 | a.l.s...................ì...Ø...È...^..n..5N
0000:14A0 | ·.jC/.ËôWNetRemoveCachedPassword....WNetCach
0000:14CC | ePassword...WNetGetCachedPassword...mpr.dll.
0000:14F8 | PStoreCreateInstance....pstorec.dll.DisableP
0000:1524 | asswordCaching..SOFTWARE\Microsoft\Windows M
0000:1550 | edia\WMSDK..A.c.c.e.s.s.P.e.r.m.i.s.s.i.o.n.
0000:157C | ....A.P.P.I.D.\.{.%.s.}.....A.P.P.I.D.\.%.s.
0000:15A8 | ....L.a.u.n.c.h.P.e.r.m.i.s.s.i.o.n.........
0000:15D4 | ............Ðñ..Áñ...ò...ñ..1ì......Zé..?é..
0000:1600 | ßñ...é..Kê..ßé...í..Xê..iê..Ïò..sê...ê...ë..
0000:162C | 9ë..'ì...(..hò..................ì...Ø...È...
0000:1658 | +...._..÷....ø..3ô..J...a...............¢...
0000:1684 | ....K.......Ý.......à...¹...Z.......äô..#ö..
0000:16B0 | .õ...÷..{ü...ü...ü..ïû..bü..Wü..Wü...ü...ü..
0000:16DC | °û..WSAJoinLeaf.WSARecvFrom.WSARecv.WSAConne
0000:1708 | ct..WSASocketA..WSASendTo...WSASend.WSAIoctl
0000:1734 | ....WSAEnumProtocolsA...ws2_32..U.s.e. .T.r.
0000:1760 | a.n.s.m.i.t.P.a.c.k.e.t.s.......S.o.f.t.w.a.
0000:178C | r.e.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .M.
0000:17B8 | e.d.i.a.\.P.l.a.t.f.o.r.m...Æô..._..Õô..Þ...
0000:17E4 | ....+...._..÷...........J...a...............
0000:1810 | ¢.......K.......Ý.......à...¹...Z.......;...
0000:183C | ........................ì...Ø...È...w>.ÍÖfdF
0000:1868 | .Ç6Û¶AÐñS.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.
0000:1894 | \.W.i.n.d.o.w.s. .M.e.d.i.a.\.W.M.S.D.K.\.N.
0000:18C0 | A.T.P.o.r.t.M.a.p.p.i.n.g.s.....U.D.P...T.C.
0000:18EC | P...%.x. .%.s. .%.u.....FreeAddrInfoW...GetA
0000:1918 | ddrInfoW....w.s.2._.3.2...d.l.l.....W.i.n.d.
0000:1944 | o.w.s. .M.e.d.i.a. .F.o.r.m.a.t. .S.D.K. .(.
0000:1970 | %.s.)...:.:.....:.:.1...0...0...0...0...?.#.
0000:199C | ....................ì...Ø...È...l...h...d...
0000:19C8 | `[email protected]
Now you got few lines, what to do? If you are lucky values are hardcoded with keys and they can be retrieved from above by looking for record byte sequences and then finding right values. Also you can try to find error messages and their addresses to track down what part of program throws them out (some assembly skills needed but it's not too hard if full reverse engineering/program modification is not requirement).
Related videos on Youtube
13 : 59
07 : 16
00 : 11
03 : 20
02 : 17
Caleb Jares
Updated on September 18, 2022Comments
-
Caleb Jares over 1 year
A lot of windows hacks and tweaks involve fiddling with the registry. Quite often, it involves adding a new key/value. However, there are times when I'd like to do a tweak and there is no online tutorial.
Given a setting or behavior I want to change, how would I go about discovering the relevant key/values? Should I use a third-party registry editor or a de-compiler?
-
Ƭᴇcʜιᴇ007 almost 12 yearsFor the ones provided by MS, they read the documentation, see this SU question: Windows 7 Registry Settings Documentation, if they are adding their own, they know what they are. -
Ƭᴇcʜιᴇ007 almost 12 yearsAlso there's snapshotting see: What's the easiest and fastest way to compare 2 registry files?. Really though questions like "How do people do X?" is not really on-topic for SU (IMO anyway).
-
Caleb Jares almost 12 years@techie007 Duly noted and edited accordingly.
-
Synetech almost 12 years> There are times when I'd like to do a tweak and there is no online tutorial. How would I go about discovering what these key/values are? Should I use a third-party registry editor or a de-compiler? The short answer is that you can’t. You need to know specifically what you are trying to accomplish first; there are no generic lists of tweak-ish registry settings. MSDN does list numerous Windows registry entires and what they do, but it is not complete, and besides, it’s an incredibly wide swath. Again, you need to be specific about what you want to do.
-
Synetech almost 12 yearsIn regards to you current goal, the MSDN library may not (likely not?) contain the settings because Windows 8 is still in beta, so publish technical details is effectively pointless since things can/will change. For example, that setting may be reverted/fixed in a later update.
-
Synetech almost 12 yearsOops. The solution I just wrote up for your other question evaporated into the æther when you deleted your question.
-
Caleb Jares almost 12 yearsYeah, I saw. If you didn't see my comment, I actually messed up the old method. The old method still works. Thanks, though :)
-
-
Caleb Jares almost 12 yearsI've previously read that, and while it doesn't answer the question, it does give good information about the registry and where one would search if they wanted to fiddle with things. Also, I previously asked this question, and never got an answer, so decided to look into it further.
