////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
******* WINDOWS XP EXPLAINED
******* by : Abhisek Datta [abhisek@programmer.net]
******* http://hackersclub.focusindia.com
******* http://abhisek.8m.net
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Please note that this tutorial is in BETA stage and will be updated soon.
Tutorial Name : Microsoft Windows XP [version 2002] Explained
Contents :
1.Core Kernel
2.Basic Working Structure
3.Important System Files and their workings.
4.Registry Hacking
5.Tips to improve performance.
Author : Abhisek Datta [sweetboycal@yahoo.com]
Date : 4.2.2002
1.Core Kernel
Windows XP uses the same kernel as used by Microsoft Windows 2000.Basically
there is not much prior difference between the basic workings of Windows
2000 and Windows XP.
The file kernel32.dll located in C:\windows\system32 folder (considering
Windows is installed on C drive) consists of the core kernel of Windows
XP operating system. Windows uses this file for any operation involving
hardware interaction. Windows XP supports NTFS (New type file system)
file system beside the old FAT32 and FAT file system. If you install Windows
XP on a newly formatted hard drive then installation of NTFS file system
is a part of the setup procedure if the user confirms.
2.Basic Working Structure
Code name : project whistler (theme taken from Mt Whistler, some mountain
in some country I don't know.)
so it is often referred as windows whistler
Microsoft has developed Windows XP operating system with the main motive
of bringing a revolutionary change in the world of Operating systems.
I don't know about others but from my point of view I can see only evolutionary
change in Windows XP operating system. Apart from interface improvement
which was mainly evaluated from the sleek looking interface of Macintosh
there are not many prior change in the working structure of this operating
system and works almost the same as its predecessors.
Previously Windows 9x series and the early releases of Windows NT used
to maintain separate user accounts and their individual settings using
the .pwl files. But finally Microsoft has realized that this method wont
work anymore cause even a kid with little knowledge of the working structure
of the ever popular windows OS series can crack out the password using
the .pwl file which is executed during the system startup for performing
required functions.
Please note : Passwords are not stored in .pwl files. These files are
encrypted file using MC-5 algorithm which is decrypted using the key from
the provided password and is executed during system startup for authenticating
valid user.
Windows XP maintains separate folders for separate users containing their
local settings. The user with system administrator rights can access all
the accessible features of windows XP and can also prevent other users
access rights.
Important System File and their Workings
1. Kernel32.dll ::: This file is the heart of windows XP operating system.This
file consists of the basic core kernel of Windows XP operating system.
Windows uses this file to interact directly with the hardware available
to the computer system and also obtaining the required operations from
the corresponding device.
Path : c:\windows\system32\kernel32.dll
2. explorer.exe ::: Windows OS is different from DOS or UNIX (command
base operating systems) because of its UI (user interface). The explorer.exe
file located in the c:\windows directory constitute the shell (user interface)
of Windows operating system. The kernel interects directly with hardware
the the shell interects with the user. The kernel and the shell are the
two most important part of any operating system
Note: If you ever get bored of the looks and styles of the user interface
of windows operating system ie. The explorer.exe file then you can edit
the system registry (for editing system registry see registry hacking
part in this article) to change the explorer.exe file with some other
software having the same functionality as explorer.exe but with different
and customizable look.
For example you can check out Talisman available at http://www.talisman.com
(Hey guys I prefer not to replace the explorer.exe file with these kinda
utility softwares as they consume much more memory than the original one
and further they slows down the system and also prevents many new functions
of windows XP OS.)
3. Utility Tools::
C:\WINDOWS\system32\shutdown-r [restart]
C:\WINDOWS\system32\shutdown-s [shutdown]
===============
All programs located in c:\windows\system32 folder
shutdown.exe (shutdown pro)
systeminfo.exe(systeminfo pro)
bootcfg.exe (boot loader info pro)
cipher.exe (NTFS encrypting pro)
4. Shutdown Shortcut::
Now its time for the good'ol ever popular shutdown shortcut trick used
widely in windows 98.But the same c:\windows\rundll.exe user.exe,exitwindows
trick doesn't work in Windows XP anymore. Well everything is same just
a little change in file execution and its mode of execution.
Right click on an empty space on the desktop and select New > Shortcut
In the command line box type that following :
[For shutdown]
C:\windows\system32\shutdown.exe -s -t 00
[For restart]
C:\windows\system32\shutdown.exe -r -t 00
Now click next and your shutdown/restart shortcut is ready to use.
REGISTRY HACKING
Shut Down without logon:
I am sure you have seen the new feature of Windows XP which offers shut
down option without being logged in to the system as a legal user. When
you are on the login screen then you can find a option to shut down the
computer.
Here's the registry key for it :
REGEDIT 4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"shutdownwithoutlogon"="DWORD:0"
Note: 0 means disabled 1 means enables
Display of last user name:
By default Windows XP displays the last user name. This may be a security
problem for some users who doest want to let others know about there login
details. Here's the registry trick to disable it :
REGEDIT 4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"="DWORD:0"
Note: 0 means disabled 1 means enables
Display legal notice on startup:
Wanna tell your friends about the do's and dont's in your computer when
they login in your absence. Well you can do it pretty easily by displaying
a legal notice at system start up.
REGEDIT 4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"legalnoticecaption"="enter your notice caption"
"legalnoticetext"="enter your legal notice text"
MSN login details:
By default Windows XP provides communication tool for communicating with
your friends over the net using MSN messenger, MSN explorer. But did you
ever wanted to know about the servers and protocols MSN uses for communicating
your computer so easily and smoothly to the highly crowded MSN servers.
Here you can search for info:
just browse to this location..select passport and on the right pane you
will see the details..
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Passport
Default program for files of different extensions:
Browse to this registry key..select extensions and on the right pane view
the options..
You can edit the default programe for different extensions simple double
clicking the key..
Note: note that there is a ^ sign in between the path and extension of
the programe.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Extensions
Automatic Administrator Login:
Well here's the trick which you can use to prove that Windows XP is not
at all secure as multi-user operating system. Hacking the system registry
from any account having access to system registry puts you in to the administrator
account.
REGEDIT 4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoAdminLogon"="1"
Not only this option but you will find many more option in this registry
path like changing default user name,auto start of windows shell (by default
explorer.exe),option to change the windows default shell.
No Shutdown:
Wanna play with your friends by removing the shutdown option from start
menu in their computer.
Just hack it down !!!
Regedit 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
"NoClose"="DWORD:1"
TIPS AND TRICKS
System Restore
System Restore is actually a very handy application that, unless you use
your PC expressly for high-performance tasks like gaming, you should probably
leave alone. It creates periodic snapshots of your critical system files
(like the registry files, COM+ database, user profiles, and such) and
stores them as a "restore point." Should you install an application
that hoses your system, or if something important gets corrupted, you
can revert the computer to the state it was in at a restore point and
go on happily using it.
Restore points are automatically created by the System Restore service
upon several events, such as when a new application is installed, a Windows
update is applied, an unsigned driver is installed, or some other event
occurs that could have a negative effect on the operating system. You
may create manual restore points through System Restore's main interface,
which you can access through Start\Programs\Accessories\System Tools\System
Restore.
System Restore does require a service to run in the background that has
a minimal performance impact, and its recorded backups take up hard drive
space. You can control how much space it's allowed (which affects how
many restore points it can create), and shut it down entirely, through
the System Restore tab in the System Properties tool.
The System Restore dialog lists each active drive partition. You can adjust
the percentage of space that System Restore is allowed to work with on
each one. There's also a checkbox that allows you to shut down System
Restore entirely for all drives.
System Restore can adversely affect application benchmark software, and
might operate during active test periods, so test labs routinely disable
System Restore under XP and Me before testing, and you should too when
running benchmarks.
Windows XP: Activate
What would a Microsoft release be without complaints and conspiracy theories?
Windows XP is no exception. The most notable controversy in the days leading
up to its release was undoubtedly the new Windows Product Activation (WPA),
which is designed to help Microsoft improve compliance with the Windows
license agreement. The agreement states that each copy of the operating
system can be installed on only one machine at a time. Such a restriction
is nothing new, but Microsoft has never been able to enforce it adequately.WPA
requires you to activate Windows XP (via the Internet or telephone) within
30 days of installation. If you wait too long, you'll be locked out of
the system. To activate Windows XP, WPA creates a nonunique value based
on up to ten pieces of information from your video card, network card,
SCSI controller, hard drive, CPU, and memory configuration. The tool then
uses a combination of the 25-digit product ID code and the nonunique value
to create a number, which Microsoft exchanges for a code that activates
your copy of the OS.Although discouraging illegal duplication of the OS
is reasonable, some believe WPA is invasive. It is not surprising that
Big Brother myths like "Microsoft knows who you are" have surfaced.
The reality-according to Microsoft-is that when you activate, the only
personal information required is your country. Registration-as opposed
to activation-requires your name and address, but it is optional.Once
your copy of Windows XP is activated, you must reactivate if you substantially
change your hardware or install Windows XP on another PC. And if you attempt
to activate your copy of the OS on more than one machine, you must call
Microsoft and explain. We installed and activated Windows XP, then changed
every component (including the motherboard) on our test PC to see what
would happen. We changed at least six components before we had to reactivate
the operating system. If you add or change only a few items, you shouldn't
have a problem. If you reinstall the OS on the same computer, you'll need
to reactivate. Since the hardware hasn't changed, you can reactivate through
the Internet.Activating through the Internet is surprisingly fast. If
you activate by phone, you'll probably have to wait (depending on call
volume), but during the beta period, the entire phone call, including
wait time, reading the 50-digit number, and receiving the 42-digit activation
code, took about 10 minutes.Microsoft has made some concessions to power
users. For example, a copy of Windows XP can be reactivated every 120
days, in case you change hardware or systems often.Of course, many users
will never experience WPA. Most PC vendors will preactivate Windows XP.
In addition, vendors can key Windows XP activation to a single value in
the BIOS. You then can change everything in the machine without reactivating
if the BIOS doesn't change. And corporate customers can buy volume licenses,
which don't require activation.
Registry hack of xp:
Before we start tweaking, I recommend you set up a few things on your
operating system. Make sure you have Administrator privileges on the computer
you are tweaking as some options may have been disabled for use by standard
users. Also, there's ClearType. ClearType basically works to make text
on your screen appear much clearer and readable - a massive boon for laptop
owners. It works wonders for desktop owners as well - as you can observe
from the below pictures...
ClearType Off
ClearType On
To turn ClearType on, just access your Display properties in Control Panel,
then click on the 'Appearances' tab. Then click the 'Effects...' button,
and you will get a dialog like the one below.
Tick 'Use the following method to smooth edges of screen fonts...' and
change the listbox to 'ClearType'. Then just click OK, Apply, and close
down your dialogs.
Tweak #1 - MsConfig
Most of you will be familiar with MsConfig, which is basically a built-in
system configuration utility for Windows. Open it up by simply going to
Start -> Run..., then type 'msconfig' in the box and press enter. Now,
the tab we are interested in here is the 'Startup' tab... simply click
on it and you should see a screen similar to the one below.
This box displays all of the programs that will be started when Windows
boots up. None of these programs are vital for Windows, so don't feel
worried about removing some of them in experimentation. You can see from
the screenshot that I have disabled both NDetect (ICQ's start-up program)
and WinAmpa (WinAmp, obviously). Now, if you've unchecked some boxes,
Windows should start up faster and will take less resources by not running
these programs in the background.
Tweak #2 - More Startup Tweakage
Now we're going to take the tweak above and go one step futher. Go to
Start -> Run again, then type 'services.msc'. You should get:
This is a more detailed list of processes that are starting up with Windows.
All those items with 'Automatic' listed next to their names are booting
with Windows. Click on the items to find out just what they do. If you
decide you don't need a certain service, you can simply right-click on
it and change it's properties from 'Automatic' to 'Manual'.
Tweak #3 - Speeding Up Internet Explorer
This is a handy little trick you can use with Internet Explorer 6 (which
ships with XP) to make it boot up extremely fast - instantly, on my system
:). This should be familiar to those of you who have created shortcuts
for Half-Life mods and the like. For those of you who aren't familiar,
simply right-click on a shortcut to Internet Explorer (such as the one
in the Quicklaunch bar) and add the parameter '-nohome' to the end of
the command line, like so:
Tweak #4 - Menu Delays
Another minor and easy tweak to remove any delay from menus sliding out.
For this you will need to use regedit (open regedit by going to Start
-> Run..., then typing 'regedit' and pressing enter). The key you need
to change is located in HKEY_CURRENT_USERControl PanelDesktop. The actual
key is called MenuShowDelay - all you have to do is change the value to
0. Remember, you will have to re-boot your computer for this tweak to
take effect.
Tweak #5 - GPEDIT.MSC And Autoplay
A great tweaking file that comes with XP is gpedit.msc. Go to Start ->
Run... and then type in 'gpedit.msc' and press enter. This is effectively
the Policies Editor, and it comes in handy often. For example, if you
hate CD autoplay like I do and want to permanently disable it, you can
use this tool to do so. Just run gpedit.msc, then go to Computer Configuration
-> Administrative Templates -> System. In here you can see the value
'Turn Off Autoplay'. Right-click on it and then click 'Properties'.
Now you can simply play around with the settings for this and other values
in these folders, customizing appearance and performance issues.
Tweak6:
Increasing options in add/remove programs:
Not a fan of MSN Messenger? don't want Windows Media Player on your system?
Fair enough, but if you go to Add/Remove Programs in the Control Panel,
by default none of Windows XP's 'built in' programs are visible. it's
fairly easy to change, though... just open the file X:\Windows\inf\sysoc.inf
(where X: is the drive letter where Windows XP is installed) in Notepad.
You should see a section of the file something like this:
[Components]
NtComponents=ntoc.dll,NtOcSetupProc,,4
WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7
Display=desk.cpl,DisplayOcSetupProc,,7
Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7
NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7
iis=iis.dll,OcEntry,iis.inf,,7
com=comsetup.dll,OcEntry,comnt5.inf,hide,7
dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7
IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7
TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2
msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6
ims=imsinsnt.dll,OcEntry,ims.inf,,7
fp_extensions=fp40ext.dll,FrontPage4Extensions,fp40ext.inf,,7
AutoUpdate=ocgen.dll,OcEntry,au.inf,hide,7
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7
IEAccess=ocgen.dll,OcEntry,ieaccess.inf,,7
This is a list of all components installed at the moment. I've taken
the example of MSN Messenger - the program entry called 'msmsgs', third-last
line. You can see the word 'hide' highlighted - this is the string which
tells Windows not to display the component in the Add/Remove Programs
list. Fix this up by simply deleting the word 'hide' like so:
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
To this:
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,,7
Now, after restarting, you should be able to see MSN Messenger in the
Add/Remove Programs list. If you want to be able to quickly view and remove
all components, simply open the sysoc.inf file and do a global find and
replace for the word ",hide" and replace it with a single comma
",".
Tweak #7 - Disabling Windows File Protection
WARNING: Using this tweak means you will be able to delete vital Windows
files.
here's a quick tweak to be able to totally disable Windows File Protection,
the system that prevent users from deleting system and program files.
Simply find the key SFCDisable in HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
NTCurrentVersionWinlogon and edit it to hold the value 0xFFFFFF9D.
If you want to re-enable File Protection, just re-set the value to 0.
Tweak #8 - Automatically Kill Programs At Shutdown
don't you hate it when, while trying to shut down, you get message boxes
telling you that a program is still running? Making it so that Windows
automatically kills applications running is a snap. Simply navigate to
the HKEY_CURRENT_USERControl PanelDesktop directory in the Registry, then
alter the key AutoEndTasks to the value 1.
Note: the key 'AutoEndTasks' might not exist. If not, simply create it
with a value of 1. To disable the AutoEndTask feature, simply change the
value back to 0.
There are several memory tweaks that can be performed with Windows XP
- all of them are located in the
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory
Management
section of the registry.
Disable Paging Executive
In normal usage, XP pages sections from RAM memory to the hard drive.
We can stop this happening and keep the data in RAM, resulting in improved
performance. Note that only users with a large amount of RAM (256MB+)
should use this setting. The setting we want to change to disable the
'Paging Executive', as it is called, is called DisablePagingExecutive.
Changing the value of this key from 0 to 1 will de-activate memory paging.
System Cache Boost
Changing the value of the key LargeSystemCache from 0 to 1 will tell Windows
XP to allocate all but 4MB of system memory to the file system cache,
basically meaning that the XP Kernel can run in memory, greatly improving
it's speed. The 4MB of memory left is used for disk caching, but if for
any reason more is needed, XP allocates more. Generally, this tweak improves
performance by a fair bit but can, in some intensive applications, degrade
performance. As with the above tweak, you should have at least 256MB of
RAM before attempting to enable LargeSystemCache.
Input/Output Performance
This tweak is only really valuable to anyone running a server - it improves
performace while a computer is performing large file transfer operations.
By default, the value does not appear in the registry, so you will have
to create a REG_DWORD value called IOPageLockLimit. The data for this
value is in bytes, and defaults to 512KB on machines that have the value.
Most people using this tweak have found maximum performance in the 8 to
16 megabyte range, so you will have to play around with the value to find
the best performance. Remeber that the value is measured in bytes, so
if you want, say, 12MB allocated, it's 12 * 1024 * 1024, or 12582912.
As with all these memory tweaks, you should only use this if you have
256MB or more of RAM.
Tweak #10 - Speeding Up Share Viewing
This is a great tweak. Before I found it, I was always smashing my head
against the table waiting to view shares on other computers. Basically,
when you connect to another computer with Windows XP, it checks for any
Scheduled tasks on that computer - a fairly useless task, but one that
can add up to 30 seconds of waiting on the other end - not good! Fortunately,
it's fairly easy to disable this process. First, navigate to HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current
Version/Explorer/RemoteComputer/NameSpace in the Registry. Below that,
there should be a key called {D6277990-4C6A-11CF-8D87-00AA0060F5BF}. Just
delete this, and after a restart, Windows will no longer check for scheduled
tasks - mucho performance improvement!
Tweak #11 - Prioritizing Individual Processes
This is so simple it's not funny, but it leads into the next tweak...
anyway, if you press Control+Alt+Delete, then click on the 'Processes'
tab, you should get a dialog like the one above. You can see a list of
all the processes running at the time. Now, if you are running a program
that you want to dedicate more processing time to - eg, 3D Studio Max,
as in my example, you can just right-click on the process, move your cursor
down to 'Set Priority >', then select how high you want that program
prioritized. While I'm checking my email, I might want a Normal priority
for Max, but if I leave my Computer, I can increass it to 'RealTime' to
get the most rendering done. Easy!
Tweak #12 - Prioritizing IRQs
The last tweak for this guide - and a good one. The main components of
your computer have an IRQ number assigned to them. With this tweak we
can increase the priority given to any IRQ number, thereby improving the
performance of that component. The most common component this tweak is
used for is the System CMOS/real time clock, which improves performance
across the board. First of all, decide which component you want to give
a performance boost to. Next, you have to discover which IRQ that piece
of hardware is using. To do this, simply go to Control Panel, then open
the System panel (You can also press the shortcut of Windows+Break). Click
the 'Hardware' tab, then on the 'Device Manager' button.
Now, right click on the component you want to discover the IRQ for and
click 'Properties', then click on the 'Resources' tab.
You can plainly see which IRQ this device is using (if there is no IRQ
number, select another device). Remember the number and close down all
of the dialog boxes you have opened, then start up RegEdit. Navigate to
HKEY_LOCAL_MACHINESystemCurrentControlSetControlPriorityControl in the
registry. Now, we have to create a new DWORD value - called IRQ#Priority
(where '#' is the IRQ number), then set the data to 1. For example, the
IRQ of my System CMOS is 8, so I would create the key IRQ8Priority.
Now, after restarting, you should notice improved performance in the component
you tweaked. I would strongly recommend the CMOS, as it improves performance
around the board. Also note that you can have multiple IRQ prioritized,
but it is fairly inefficient and can cause instability. To remove this
tweak, simply delete the value you created.
BY
ABHISEK DATTA
abhisek@programmer.net
http://abhisek.8m.net
http://hackersclub.focusindia.com
NOTE: THE TIPS AND TRICKS PART IS NOT WRITTEN ENTIRELY BY ME. ARTICLE
TAKEN FROM CNN NETWORK AND CONTRIBUTE BY AJIT RAY(member@http://hackersclub.focusindia.com).
ARTICLE EDITED AND PROVIDE WITH SOME MORE VALUABLE INFORMATION BY ME
|