Windows. Народные советы

W
-
-
2006
681.3.06
32.973.26-018.2
49
49
. ., . .
Windows. . .: -, 2006.
256 : .
ISBN 5-94157-630-7
Windows,
, , , , . , Windows,
, . , ,
, . , .
Windows Script Host. -
, Windows.
Windows
681.3.06
32.973.26-018.2
:

.
.
N 02429 24.07.00. 29.11.05.

70x100Vu. . . . . 20,64.
3000 . 1494
"-", 194354, -, . , 5.
-
77.99.02.953..006421.11.04 11.11.2004 .
.

" ""
199034, -, 9 , 12
ISBN 5-94157-630-7
. ., . ., 2006
, "-", 2006
1.
<

Windows 3.1 Windows 3.11
Windows 95 (OSR2)
Windows 98 Windows Millennium Edition
Windows NT 3.1, Daytona Windows NT 3.51
: Windows NT 4.0 Windows 2000
Windows XP
Windows Server 2003
2. Windows

Windows XP
System Volume Information
Documents and Settings
Windows\Driver Cache\i386
Windows\Media
Windows\msagent
Windows\ShellNew
Windows\WinSxX
WindowsVMinidump
WindowsYTemp
Windows\system32\dllcache
Windows\system32\config
Windows\system32\Restore

Windows XP

Windows
1
3
3
5
8
10
12
13
15
17
19
19
20
23
23
24
24
24
24
24
25
25
25
25
25
26
26
26
28
28
29
29
winnt.exe
winnt32.exe
Windows

Windows
10
3. Windows

Paint

At.exe
Attrib.exe
Bootcfg.exe
Chcp.exe
Chkdsk.exe
Driverquery.exe
Fc.exe
Find.exe
Hostname.exe
Ipconfig.exe
Makecab.exe
Net.exe
Netstat.exe
Ping.exe
Powercfg.exe
Reg.exe
Regsvr32.exe
Route.exe
Rundll32.exe
Sfc.exe
Shutdown.exe
Systeminfo.exe
Tasklist.exe
Tracert.exe
29
30
33
35
36
38
43
43
44
44
45
46
51
52
52
53
56
57
57
57
58
58
58
59
60
60
61
61
61
61
61
62
62
62
62
63
63
63
64
65
65
65
65
70
71
72
72
73

Iexpress.exe
Windows

Windows Media
wscript.exe

Whoami.exe
Windows

4. Windows

""

... .

Windows

" "
5. Windows

V
73
74
74
75
75
76
76
76
77
77
77
77
80
81
81
83
84
85
85
87
90
93
94
94
96
100
102
102
107
111
111
114
115
117
117
117
118
118
118
119
120
120
120
120
120

""

Windows

,

Windows

121
121
121
122
122
122
122
122
123
123
124
124
124
125
125
125
125
126
127
127
127
128
129
129
129
130
130
130
130
130
131
131
131
131
131
132
132
133
133
133
133
134
134
134
134
134
135
135

, ,

"" ,

Windows

cmd.exe

cmd.exe

bat-

Windows
Windows
Windows

Administrator

VII
135
135
135
136
136
136
136
136
137
138
138
138
139
139
140
140
140
140
141
142
142
142
142
142
142
143
144
144
144
147
151
151
151
155
155
155
155
156
156
156
156
157
157
157
157
158
158
VIII
ClearType
158

Windows
Windows

HOST, LMHOST
Windows\System32\drivers\etc

-
-

Windows (MMC)

time-

Bootdefrag

Num Lock
Windows
Windows

reg-
reg-
DLL

,

158
159
159
159
159
160
160
161
161
161
161
162
162
162
163
163
163
163
164
164
164
164
165
165
165
166
166
166
166
167
167
167
167
168
168
168
168
169
169
169
169
170
170
170
170

Windows
null-
Windows Installer
msi-
Dial-Up-
(msconfig.exe)
Internet Explorer
Internet Explorer

HTML-
HTML-

Windows Update

Internet Explorer
Internet Explorer
Internet Explorer

<F3> ()

IX
171
171
171
172
172
172
173
173
173
174
174
174
174
174
175
175
175
175
175
175
176
176
176
176
176
177
177
177
177
177
177
178
178
178
178
179
179
179
179
179
180
180
180
180
181
181
181
181
_

Outlook Express

Windows Media Player

6. Windows Script Host

7. Windows XP Service Pack 2
Windows
Windows

Internet Explorer
Outlook Express
web-
182
182
183
183
183
183
183
183
184
184
184
184
185
186
188
190
192
196
203
205
209
214
217
217
219
220
220
221
222
222
8.
Regmon
Reg Organizer
Registry Viewer
Registry UnDelete
225
225
227
229
231
. -
235
237

.
,
. . .
, , ,
.
, . MS Windows,
, .
1 MS Windows. , , .
2 .
, ,
,
.
3 Windows, a
. , , , ,
, , . , ,
. .
4 ,
, Windows. , ,
, Windows .
5 Windows . ,
, .
, 4. Windows,
.
6 .

Windows Scripting Host (WHS, Windows)
,
(, , ), , ,
, ,
. - (bat), , , WSH,
. ,
Windows .
7 Microsoft
2004 . Service Pack 2. , , Windows,
.
, ,
.
8 , , .
, ,
, .
, .
,
, .

http://www.whatis.ru, ,
. , - , . . , . . , ,
.

Windows
, ,
MS-DOS.
Microsoft 1981 . MS-DOS 1.0.
, 1983 ., Interface Manager,
. , . Windows 1.0 10 1983 .
1985 .,
Microsoft Windows 1.0 (. 1.1).
^
Windows
http://screen.dtn.ru.
- .
,
.
Windows
.
, , (File
Manager), ,
: , ,
GDI, . , -
Windows

"".
, . . , .
liHS-DOS Executive;!
File
Uiew
Special
C:QlfiNTUM \ U I N i e i
nflTHTSTXT
1 FXF
M i c r o s o f t Windows
MS-DOS E x e c u t i v e
CRLC.
CflLEt
CfR
i DF
Uersion 1 . 8 1
CGO.t Copyright @ 1985, Microsoft Corp,
CGfl.l
CUP.I
~W
CITOI
CLIPI
Disk Space Free: 6394
CLOCt
Memory Free:
l18K
CO MM.
CONTI FON
EMM.AT
KERNEL.EXE
COURfl FON
EMM.PC
KEVBUS.DRU
COURB FON
EPSON.DRU
LMOUSE.DRU
COURC FON
FTG.DRU
L0F0NTS.F0N
COURD
LE
:.DRU
REUERSI.EXE
588.DRU
ROMAN.FON
ERN.FON
SCRIPT.FON
ISE.DRU
SETUP.EXE
OS.EXE
SETUP.LBL
OSD.EXE
SETUP.PIF
IOUSE1.DRU SG18.DRU
I0USE2.DRU SOUND.DRU
I3558.DRU SPOOLER.EXE
IP2.DRU
SVSTEM.DRU
IOUSE.DRU TERMINAL.EXE
EPAD.EXE TI858.DRU
It 92. DRU
TMSRA.FON
PAINT.EXE
TMSRB.FON
PRACTICE.DOC TMSRC.FON
RAMDRIUE.SVS TMSRD.FON
REfiDME.DOC
TOSH.DRU
USER.EXE
UTILITY. L
WIN.CNF
UIN.COM
UIN.INI
WIN.PIF
WIN1B8.BI
WIN180.0U
WINOLDAP.
WINOLDAP.
WRITE.DAT
WRITE.EXE
. 1.1. Windows 1.0
Windows 1.0, ,
1987 . . .
(Excel, Word, PageMaker,
CorelDraw), . Windows 2.0, .
1988 . Windows 286 Windows 386 (
). Intel.
Windows 2.0 ,
DOS- 386- .

.
1.
( 1988 .) , Windows NT.

, Windows 9x. Windows NT/2000/Server 2003 .
22 1990 . Windows 3.0
.
, ( MS-DOS Executive Windows 2.0),
, , ( , ).
(
DOS), Windows,
.
, ,
.
Windows 3.1 Windows 3.11

1992 . Windows 3.1 (. 1.2, 1.3). . 50
. ,
. Windows 3.1 :
( );
32- ;
DOS, Windows;
' ;
DOS- / Windows;
, 80386 ( . ,
.);
Windows
(DDE,
Dynamic Data Exchange);
Drag & Drop ( ) OLE
(Object Linking and Embedding, );
() TrueType,
Windows;
, Windows Multimedia Extensions.
. 1.2. Windows 3.1
Windows API (Application Program Interface, )

, .
Windows 3.1
. , , , ,
1.
DOS. , , - ,
, Windows DOS.
File Options Window

Accessories
Help
Program Manager
Main
Paintbrush
Terminal
Notepad
File Manager Control Panel Print Manager Clipboard
Recorder
Cardfile
Cae
l ndar
Calculator
m
m
DOS Prompt Wn
i dows Setup
Co
l ck
PIF Editot
Games
Solitaiie
Reuersi
Windows Applications
WHELP Microsoft Wofdvlacro Translator Dialog Editor
Microsoft Encel
. 1.. Program Manager
1993 . Microsoft Windows for Workgroups 3.11.

. Windows
Novell NetWare. , (
, ) Windows 3.11 . ,
.
, Windows .
, Windows 3.1 Windows for Workgroups 3.11
. Microsoft
. .
. , , , "
" - , , , .
Windows
W i n d o w s
9 5
( O S R 2 )
, 1995 . Microsoft , ,
Windows 95.
950 "",
-, , . "" .
, , API. ,
PR- : , .
( Windows 95).
,
, Microsoft
Windows . ( 32-,
16-).
Windows, DirectX
. , .
^
DirectX DirectDraw ( , ) DirectSound ( ).

Direct3D
DirectSound3D , DirectPlay
( , , ) .
Windows 95 , ,
. . ,
Windows , :
;
,
;
;
, ;
.
1.
, , , .
SYSTEM.DAT
USER.DAT, , .
Windows 3.1 REG.DAT, , HKEY_CLASSES_ROOT,
. Microsoft,
ini-,
. ini- , .
, - . Microsoft,

. 6.
Plug and Play ( )
.
,
( ,
, ,
. .). Windows 95
.
, ,
, ,
. Windows 95 . Intel. - AMD Cyrix,
. Intel

"" . , 1996 . Microsoft Windows 95 OSR2 (Operation System Release 2),
.
, :
Internet Explorer 3.0;
;
10
Windows
FAT32 (
FAT16).
. FAT File
Allocation Table ( ). FAT32
1 2 3 2 , FAT16 2 1 6 . , 2 FAT16
2 147 483 648 / 65 536 = 32 768 32 . FAT32 , .. 512 . 1996 .
.
? ,
. 32 , 10
30 . , 1024 10 FAT32 FAT16. 512 ( ) 1024 = 512 ,
32 1024 = 32 , . . 64 ! ,
.
Windows 98 Windows Millennium Edition

OSR2, .
. , AGP (Accelerated Graphics Port, ), USB
(Universal Serial Bus, ), DVDROM (Digital Video Disk, )
.
, 1998 . -
Windows 98.
Windows 95 ,

.
.
. ,
, USB ACPI (Advanced Configuration and
Power Interface).
Windows 98 .
, / . .
1.
11
Internet Explorer . html-, ,

.
(Outlook Express ,
NetMeeting , Windows Update ).
, .
, ,
,
64 .
1999 . Microsoft Windows 98 SE (Second Edition
). , AGP 2.0, Internet Explorer 5.0. , Windows 98 SE
"" Windows 9x.
,
Windows 2000/XP.
Microsoft , Windows 98
, DOS, 2000 .
( ) Windows ME
(Millennium Edition).

. : 80
. 10
( ,
- , ) . , ( Windows
Media Player, Windows Movie Maker).
, , MS-DOS. ,
- DOS . Microsoft , 1996 . DOS-
. -
12
Windows
.
, DOS
( ), ,
, . .
Windows ME , , ,
. , , ""

,
.
Windows NT 3.1, Daytona Windows NT 3.51

Windows NT.
.
Digital Equipment Corporation (DEC) "" (David N Cutler). 1988 .,
, Intel i860
"N-Ten". ,
"N-Ten", NT.
New Technology ( ),
. , 1989 .
50 .
, :
;
;
;
.
i860 ,
. MIPS. NT- Intel i386.
, , . C++, -
1.
,
, .
Windows NT, Windows NT 3.1, 1993 . Server Workstation. ,
, . 16 , .
"" Windows 3.1,
.
,
.
1994 . Windows NT 3.5 "Daytona". . ,
1993 ., . (
Novell NetWare, TCP/IP, ).
9 - .
1995 . Windows NT 3.51,
. - ( OLE Drag & Drop, API OpenGL
FAT). , 3.51, , , NT.
Windows NT 4.0 Windows 2000

Windows NT 4.0 Shell Update Release
(SUR). 1996 .

.
Windows 95.
, . Intel Pentium PRO.
.
13
14
Windows

, Web- Internet Information Server (IIS). Windows 95, NT
Internet Explorer.
- Windows NT Windows 95 (
- ). Windows NT
.
,
Windows 9x.
23 1997 . - Windows NT 5.0,
Windows 2000. "NT" . , . . "NT"
. , , Windows 2000
" NT", ,
. ,
.

2000 . : Professional, Server, Advanced Server
DataCenter Server. Windows 2000 Professional Windows 95/98 Windows NT 4.0 Workstation
.
4, 8 32 .
Windows 2000 ? :
,
;

IEEE 1394 (FireWire);
Plug
and
Play,
ACPI,
USB,
WMD (Windows Driver Model)

""
() ;
Microsoft Management Console (MMC).
1.
15
, 100-
. , Windows 2000
,
.
, , , . , , Windows XP NT Windows 2000
.
Windows XP
Windows NT
, Windows XP Windows Server 2003.
25 2001 .
Windows XP,
, "" Windows 9/ "" Windows NT/2000. . ,
.
Windows XP Professional.
Windows XP Professional, . .
, . , ,
, (Multilanguage User Interface, MUI), , .
Professional.
,
,
.
, , , , .
.

, .
, , -
16
Windows
, "fdisk" "format",
. - , ""
.
Windows XP .
,

30 .
. Windows 95/98 , Windows 2000.
, (scenes),
.
, , . , " ", ,
Windows 2000, ,
( ).
zip-, ,
CD-R (CD-RW) , . , , Windows, ,
.
, , , , , ,
. - ,
, ,
, . , ( , ,
).
" "
.
, . ,
Windows ME, . ,
1.
17
( ), ,
. (Internet Connection Firewall), ,
ActiveX, , "cookie".
,
, Service Pack 2 (SP2) Windows XP
Microsoft 2004 .
Windows XP.
NT,
Windows XP, , Windows 9x, Microsoft "" "" , ,
Microsoft.
Windows Server 2003

24 2003 . - Microsoft Windows Server 2003.
Microsoft, Windows 2000 Server, Windows NT 4.0.
:
Windows Server 2003 Standard Edition -;
Windows Server 2003 Enterprise Edition , ,
32 , ,
64- Intel Itanium;
Windows Server 2003 Datacenter Edition , - Microsoft. 32- SMP 64 ,
, ,
, 64- Intel Itanium;
Windows Server 2003 Web Edition Windows,
Web-.
18
Windows
Microsoft, Windows
Server 2003 40 % , Windows NT 4,
50 % ,
Windows NT 4.
. ,
.

Microsoft.
, 2006 . Windows Vista.
Windows
, ?
-, ,
. , . , ,
, , .
- , . . , ,
.

de facto
Windows XP. ,
Microsoft, :
Windows XP

Windows XP
;
;
100 %;

Windows XP, ,
, , DVD, ,
,
;
20
Windows
D , , .
, , . .
, , . Windows
: Professional. . , . . NT 5.1. , Windows Professional ,
Home-. :
Remote Desktop ;
Offline Files and Folders ,
;
Scalable processor support ;
Encrypting File System
;
Access Control ,
;
Centralized administration ;
Group Policy
;
Software Installation and Maintenance ,
, ;
Roaming User Profiles , ;
Remote Installation Service (RIS)
;
Multi-lingual User Interface (MUI) add-on
.
, Windows XP Professional,
.

Windows ,
.
.
2. Windows
21
Windows XP , . .
.

.
-, BIOS
CD-ROM. BIOS ,
, Advanced BIOS Features.
BIOS
. <Del>, <F2>,
ji
, BIOS
, . .
Advanced BIOS Features

CD-ROM. BIOS . -. (,
Press any key to boot from CD,
. - ,
.)

. 35 , ,
.
, Windows. , ,
- <Enter>. .

<>, <D> ( , , ,
).
( )
,
. 99 % .
22
Windows

:
;
;
Windows;
Windows.
(
), .
.
,
, .

.
.
( , , , ),
( ),
.
.
Windows.
. , , ,
(
, ).

( ) Administrator
( ).
.
.
. .
, , , , ,
" ".
( ), , "
2, Windows
23
" Windows . , ,
.
:
Microsoft ;
( );
( ).
, Windows.
Windows XP
Windows XP , . , , ,
Program Files, Windows, system32 .
?
? ,
.
" Windows", . ,
http://www.whatis.ru.

. . , _restore{(y67/)}R.Px\Snapshot.
, . Windows .
( | | | ). 1 , .
1
, .
2 3. 1494
Windows
Documents and
Settings
Documents and Settings , Windows XP. ,

Alexandr, C:\Documents and Settings Alexandr, .
, Alexandr ntuser.dat,
.
Windows\Driver Cache\i386
Windows\Driver Cache\i386 .
. ,
Windows .
Windows\Media
Windows\Media wav- . , , ( 2 ).
, .
Windows\msagent
Windows\msagent , MS Agent 2.0. , Chars
. Windows XP . MS Agent 2.0
. "MS Agent.
"2. , , msagent.htm, -.
Windows\ShellNew
Windows\ShellNew -, .
, , .
2
A. MS Agent. . .: -,
2005.
2. Windows
25
Windows\WinSxX
Windows\WinSxS ( . Windows Side by Side )

Windows XP. Microsoft , (dll) , . ,

, ,
-
dll-,
(WinSxS),
, .
Windows\Minidump
, . Windows

Windows\Minidump.
( , ,
| ).
WindowsYTemp
Windows\Temp .

. ,
. .
,
. 50 . SFCQuota,
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon
0 sfc:
sfc
/cachesize=O
, , 10, 10 .
Windows\system32\config
Windows\system32\config ,
. .
26
Windows
rstrui.exe . filelist.xml. filelist.xml , .
Internet Explorer.
xml-, ,
, .

Windows "" DOS,
1,5 . , . smartdrv ( smartdrv.exe
Windows
Windows 98). , ,
. 2030 .

Windows XP
Windows .
. . , -. .
-
. ,
-. , Microsoft . . Windows

Windows 95/98/ME.
. Microsoft . Windows Web- Microsoft.
.
2. Windows
27
. , .
Microsoft. Windows Home Edition:
http://download.microsoft.com/download/WinXPHome/Install/310994/WIN98Me
XP/RU/WinXP_RU_PER_BF.EXE.
, CDROM, .
-. : /
.
Windows XP Home Edition CD

.
"Page Down".

MICROSOFT
- !

, Microsoft Corporation
( " Microsoft"),
"" (
" "),

Microsoft
(
" "),
.
.
.

.

. "" .
?
2 . 1 . Windows XP Home Edition
28
Windows

WinXP_RU_PER_BF.EXE , . Windows Home Edition CD (. 2.1).
,
, (. 2.2).
s :\windows\temp\IXPGOO.TMP\ma keboot.exe

Microsoft Windows XP.
6
.
:
2.2.
, Windows . , - .
( , ).
:
:. 1
Windows .
.
. . , .

. BIOS . , ,
2. Windows
29
. . . - Windows XP.

! . Windows
- (Boot execution Environment) . -.
Windows

.
. , ,
Windows ,
, , ,
,
. , , . ,
DOS Windows , , , . DOS
winnt.exe, Windows winnt32.exe.
winnt.exe
, winnt.exe:
/help ;
/
;
/ ;
/: .
/i:.inf ( )
. \i386\Dosnet.inf;
/I Swinnt.log, ,
;
/-. . ;
30^
Windows
/: .
.
1-._ Windows.

-, []
\\\[]',
/-._ Windows XP.

, ;
/:_
( /s).
,
;
/udf: id, UDF- (ID), , , UDF- (. /). /udf , ,
UDF- . UDF- ,
$Unique$.udb.
winnt32.exe
winnt32.exe:
/help ;
/checkupgradeonly
Windows XP.
/unattend .
. Upgrade.txt ;
/cmd:_ () .
,
.
cmdlines.txt, ( - ),
;
/cmdcons . ,
, , -
2. Windows
31_
(
NTFS). /cmdcons ;
/copydir: 38\_ , Windows . _
,
. , i386
Private_drivers . /copydir:i386\Private_drivers, ,
%wW//*%\Private_drivers. /copydir
;
/copysource: _
, Windows .
_ ,
. ,
Private_drivers .
/copysource: Private_drivers,
, %w/uf//-%\Private_drivers.
/copysource . , /copydir, /copysource
;
/debug [] -. [_]
, : /debug4:Debug.log.
%w/cfr>%\Winnt32.1og , 2. : 0 , 1 ,
2 , 3 4 . , ;
/dudisabie .
, .
, , ;
/duprepare:nyTb
, Web- Windows Update.
Windows ;
/dushare-. , Web- Windows
Update (
, ) -
32
Windows
/duprepare: . , .
/i:.inf ( )
. dosnet.inf;
D /-._ . , ,
, , ;
/makelocalsource .
/makelocalsource , -;
/noreboot . ;
/ s:
Windows XP. /s-. (
). ,
;
;
/syspart: _
, . , .
/syspart
/tempdrive;
(
winnt32.exe / s y s p a r t , Windows NT 4.0, Windows 2000

Windows XP.
Windows 95/98/ME.
/tempdrive-._ . Windows XP . /tempdrive

;
, winnt32.exe;
2. Windows
33
/udf: [,_] (), (Uniqueness Database, UDB)

(. /unattend);
UDB , UDB . , ,
/udf:_,_.udb
, ^^
_.1. _: ,
,
$Unique$.udb;
/unattend
Windows 98, Windows ME, Windows NT 4.0 Windows 2000 . , ,
. ,
;
/unattend[]:[_]
. , _,
.
. , Windows 98, Windows ME, Windows NT,
Windows 2000 Windows XP.
/unattend Windows XP.
Windows XP
, , (
)
Windows XP, .
, .
Windows
Windows
, . ,
Windows
_34
Windows ( , . .). , , Microsoft .

,
, , . , , ,
.

,
, . " 10 " .
SP2 Deployment Tools

http://download.microsoft.com/download/f/8/2/f8212b93-9c65-4141-b92c766c43a47181/WindowsXP-KB838080-SP2-DeployTools-RUS.cab.
setupmgr.exe Setup Manager ( )
.
:
: ;
: ;
: ;
: ;
: -.
.
, (. 2.3).
unattend.txt. , .
-, , , , , winnt.sif .
- .

.
unattend.txt ini- , .
2. Windows
35

"-!
;

:

-
: ;
| :
; :

Windows,
.
,
,
,
Windows.
:
:
;
:
:
:
:
oi

.
.
.
> 1
. 2.3. .
Windows. . , , , http://unattended.oszone.net.

Microsoft , Windows XP
.
,
Windows . ,
,
, . , .
Windows, . .
wpa.dbl ( Windows\system32),
, . , ,
36
Windows
wpa.dbl , . ,
.
Windows

. ,
, (. 2.4). .
^
,
Windows.
Windows
Windows
Windows XP.
, .
.
"".
:
?,", Internet Explorer

$Internet Information Services (IIS)
@*#MSN Explorer
I
15,7 M
12,6
0,0
I E/I - KnnHRRhiy -
: Internet Explorer
""
:
:
0,0
9422,0
..
<
>
. 2.4. Windows
Windows\Inf sysoc.inf, . , hide HIDE.
2. Windows
37
. , hide, . ,
Pinball=ocgen.dll,OcEntry,pinball.inf,HIDE,7
,
Pinball=ocgen.dll,OcEntry,pinball.inf,,7
(
, , - ) (. 2.5).
Windows
Windows
fP^Î
Windows .
, .
.
"".
*
0,0
1^"!1
0 | Internet Explorer
Înternet Information Services (IIS)
0 ^ MSN Explorer
M
15,7
12,6
J> Winrlnws Mfisspnnfif
1 7 MR
'^
:
.
:
:
0,0
9421,6
<
>
. 2.5. sysoc.inf
, .
. ,
, .
38
Windows
10
, ,
Windows, ? 90 % , . , , , , , .
, , .
Norton Ghost Symantec.

, . . , ,
, ,
, .
,
, , .
,
. , . . ,
.
( 7 )
.
, . , "" . ,
. , , .
. , , .
, . . ,
. , , ,
, , . . .
2. Windows
39

,
, .
, . .
,
. . , - ,
, .
.
DOS-, . .
Norton Ghost MS-DOS. DOS
<Print Screen>. ,
, .
, , .
)
Windows XP MS-DOS. , ....
(. 2.6) MS-DOS.
Local , .
, Partition, Disk.
( ), Partition ( Disk). ( )
Image. ( / , , ), . .
,
.
Partition Disk , .
From Image. ,
, .
, , , . - ? , ! Ghost Ex-
Windows
40
plorer (. 2.7), ,
. ,
, , , .
( ) Restore .
:
;
:
( )

^. .MS-DOS;
. 2.6. MS-DOS
? . , , ,
Windows, . FAT32,
. NTFS, DOS
.
, NTFSDOS Professional.
http://www.winternals.com/products/repairandrecovery/index.asp?pid=ap#ntfsdos
2. Windows
41
WINXPJ1.GHQ -Ghost Explorer

Edit
Hep
l
PI
i hj D\:BACKUP\WN
I XP_E1G
. HO
3 S3 Fat32 extd
$-01 Documents and Setn
i gs
i3S6
**. Qj Program Files
+] -E) pvsw
3 recycled
WEBSERVER
L J etc
r
- U] home
Q j cgi-glob
- U i localhost
UJ cgi
Q l cgi-bin
. 12J subdomain
:
- www
; j DOCS
M CS phpmyadmin
j Test
h f f l testl.ru
Q test2.ru
i local
I EJ sbn
For He
pl, pe
rss Fl
alng b
ilrare
is badwordsx
t.tchke
j.p
lhp cong
fin.ic.php
db_ce
rae
tp
.hp db_de
sp
a
.tlihp db.deta
sli,.
db_deta
sl_i,. db_deta
$li_. db_detasl.ij
db_deta
sl_i. db_deta
sl_i. db_pn
ritvei., db_search., db_sa
tstp
.hp Documena
.t.
footer Jnc.php header .inc..,, header_prin,.. index.html
index.php
ldi_check.php
mu
_tslubm
.,pid_fpages.
d
a
Ijibelp
.hpelp
.tfhp cie
lnse m
n
p
a.ihp
pdf_schem.,.
phpinfo.php read_dump.... RELEASE-O...
sql.php
stub.html
. 2.7. Ghost Explorer
Administrator's Pak Winternals.

, ,
. -
NTFS-, .
, Windows .
, , , , .
Windows
Windows? , . 100 %?
. Microsoft ,
.
: ,
. , , ,
. : (, ),
. . .
. ( | | ). :
* .
System32 .
500 !
. , , .
, , ,
. , .
, . . ,
- "
Windows", , .
( | | )
, .
Windows
44

, , Windows. .
| | | . , .
. , , .
. web- -, ! Windows HTML-, log- . .
( )
.
.LOG ( ),
,
(. 3.1).
test.txt -
.LOG
18:32 11.09.2005

19:33 12.09.2005

. 3 . 1 .
Paint
Windows. -
(. 3.2).
BMP.
)
<Shift>,
. , 45. <Shift> ,
, .
3. Windows
45
arik.jpg - Paint

i
!
. 3.2.
Windows.
. , (+, -, *, /), , , ""
,
Windows . , , , , ,
.
, . , , <Enter>,
. ,
, , .
46
Windows
,
, . , -, .
:
:q ;
: ;
: ;
: ;
: ;
: , .

Windows XP Cmd.exe, . , , ,
. , Cmd.exe, , , mkdir, del . .
:
CMD [/ | /U] [/Q] [/D] [/E:ON | /E:OFF] [/F:ON | /F:OFF] [/V:ON |
/V:OFF] [[/S] [/ | /] ]
, &&, , :
" && && "
:
/? ;
/ ANSI;
/
;
/D AutoRun ( Cmd.exe),
:
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\ AutoRun;
HKEY_CURRENT_USER\Software\Microsoft\Command
Processor\AutoRun;
3. Windows
47
/E:ON (/E:OFF) () . Windows

Cmd.exe, () .
: a s s o c , c a l l , c h d i r (cd), c o l o r , d e l ( e r a s e ) , e n d l o c a l , f o r ,
f t y p e , g o t o , if, m k d i r (md), popd, p r o m p t , p u s h d , s e t , s e t l o c a l , s h i f t ,
s t a r t ( );
/F:ON (/F:OFF) ()
( ) Cmd.exe.
, ,
, . Microsoft
: "
/F:ON, TO : <Ctrl>+<D>
<Ctrl>+<F> . .
, , , , .
. ,
, .
. <Shift>
. ,
,
. ,
. , , , .
(CD, MD RD), TO . ,
,
. ,
, , . , :
< > , &, (, ) , [, ] , {, }, , =, ;, !, ', +, ,, ~";
48
Windows
/ ( );
/Q (ECHO O F F ) ;
/R /;
/s / /;
/ : .
:
, .
and /t:7c
- . . 3.1;
/ Unicode;
3.1.
/V:ON (/V:OFF) () ( Cmd.exe) (!) . , /V = ON ivan var

. var
, FOR.
!

;
/ , /E:ON ( );
/Y , /E:OFF.
3. Windows
49
. / /,

, (") .
,
: /s ;
; , : &, <, >, (,
), @, , |; ; , , .
, ,
,
, .
, .
. ,
.
, 16 , , RGB.
. MS-DOS Windows 25 80 ,
|more, NT
, .

Windows , <Ctrl>+<C>, <Ctrl>+<V>,
.
, , | .
. | .
<Enter>, .
.
TITLE []
(. 3.3). [] ( ).
TITLE. -
Windows
50
.
, , , :
@ OFF
TITLE ...
COPY \\Server\Share\*.doc
:\User\Coramon\*.doc
ECHO .
TITLE
? Windows
Microsoft Windows [ 5.1.2600]
() , 1985-2001.
C:\Documents and Settings\flLEXANDR>TITLE Windows
C:\Documents and Settings\flLEXfiNDR>
. 3.3.
( ^)
<> < i > ,
.
FOR , .
, 20 .
. , , list.txt
. :
net view > c : \ l i s t . t x t
, , , patch.exe , :
FOR /F "tokens=l" %i in (c:\list.txt) do copy d:\temp\patch.exe
"%i\C$\program filesUCQ"
%i NetBIOS-
list.txt, .
CLS .
3. Windows
^7
51
, .
, HELP.
Windows
(. 3.4).
C:\WINDOWS

^
^j
Jf
IIi ;"*
<
yj ~>
l, | ,4
:
[j
-'
'
X . Q
[ C:\WINDOWS
j
:
SNtUninstall...
i^ $NtUninstallKB885884S
addins
ffi 5 AppPatch
assembly
Config
Connectbn Wizard
Cursors
Debug
| Downloaded Installatbns
21 Dovvnbaded Proaram Files v
<
>
: 185 ( : 19,3 ) 13,0
P
addins
AppPatch
assemb
yl Cona
fi Connectbn
Wziard
P
a
| Cursors Debug Dow
noladed
n
IstaSao
tins
4j| My Compue
tr V
. 3.4.
:
/ (),
( );
/, ( explorer /e, c:\windows);
/ , (:\).
, ;
/root, , ( ) . . : explorer /root, C:\Windows\Cursors;
52
Windows
/select,
. :
explorer /select, C:\Windows\Cursors\banana.ani

:,
, , ,
D:\MyDownload. ,
.
. ,
C:\WINDOWS\EXPLORER.EXE/n,/e,D:\MyDownload.

( | ), ,
. , , <Shift>.
.

, , ,
| , .

. , , . .

( | | | )
,
Windows XP .

, . ,
, .
-
. ,
. .
3. Windows
53

(rstrui.exe) , , .
( ). ,
(, , ). Windows.

, , , . WMI srclient.dll,
DLL- ,
.

- Samples. . ( ) .
, ,
. , txt vbs. ,
.
, ,
.
:

3.1 ( createrestorepoint.vbs).
; 3.1.
' . h t t p : / / w i n c h a n g e r . w h a t i s . r u
1

' WMI SystemRestore
S e t SRP = G e t O b j e c t ( " w i n m g m t s : \ \ . \ r o o t \ d e f a u l t : S y s t e m r e s t o r e " )
CSRP = SRP.CreateRestorePoint (" ", 0, 100)
. ( | | | | ), .
Windows
54
. , ,
(. 3.5). , .
fj

, ,
. .
: [ ,
), (, }
(, ).
1. , 2.
.
.
<

>
2004 .
30
lj
2004 .
10
11
12
13
15
16
17
16
19
20
21
22
23
24
25
26
27
28
29
30
!
31
<
>
. 3.5.

3.2 ( restoreONOFF.vbs).
| 3.2.
' . http://winchanger.whatis.ru
'
onoff = InputBox (" ()
() ?
", " ")
3. Windows
55
Drive = InputBox (" .

':\'", " ")
set SRP =
GetObject("winmgmts:\\.\root\default:SystemRestore")
If onoff = "" then
eSRP = SRP.enable(drive)
end if
If onoff = "" then
eSRP = SRP.disable(drive)
end if
j J
3&

,
"".
:
..
; j
. 3.6.
3 . 1494
56
Windows
. ,

, . . ,
, ( :\).
, .
( | | )
. . 3.6. , :
.
:
( 3.3), ( restoreenum.vbs).
i 3.3.
' . http://winchanger.whatis.ru
'
set SRP =
getobject("winmgmts:\\.\root\default").InstancesOf("systemrestore")
for each Point in SRP
msgbox point.creationtime & vbcrlf & point.description &
vbcrlf & " = " & point.sequencenumber
next
. , . , , .
WSH- (Windows Script Host). WSH, ,

6, .

. ,
Outlook Express.
| | | |
| | migwiz.
3. Windows
57

(cleanmgr.exe)

, ,
, . |
| | | |
| cleanmgr.

(msinfo32.exe) , . , , ,
. , , . .
nfo. , CAB XML.
CAB .
:
msinfo32 [/?] [/pch] [/nfo _] [ / r e p o r t _]
[/computer _] [ / s h o w c a t e g o r i e s ] [ / c a t e g o r y _]
[ / c a t e g o r i e s _]
Windows.

(charmap.exe) , . :
Windows, DOS Unicode.
, , . ,
WordPad, .
,
. ,
(). ,
. (. 3.7). .
.
58
Windows
"
MS Serif
I
]
L N Q R S
d f
t V W X z {
% 1 <
...
> > > h

I 1
I I
1>
1

V W X YZ [ \
h i j 1 m
1
()
f
i
IX]
V
b
! |
[^
1 :
. 3.7.
Windows XP ,
| | . ,
. .
, <Ctrl>, <Alt>
<Shift>, .
<Shift>, <Ctrl> <F10>.

Choose Abort to Win, Retry to Lose, or
Ignore to Cancel ( ,
). , , (. 3.8).
3. Windows
59
. ,
, .
! | ( <F3>)
. 1
1 000 000. 1 -2.
.
.51- . "" #31699

I
. :-
1 !^>'_">
| 9
-
12 *
-..
9
S A
'I
IDaa a*
A
3 A
9A *
WCTSII >
9A
}utm J_I
Jr-ee,
10 A
A
A
8
6
2
8
.fj
Xr
- I
QKJW *I
6A A
Choose Abort to Win,

Retry to Lose,
or Ignore to Cancel.
User-Friendly User Interface

:
|;
j
5*. M
3 A
|
|Qp, ,i.4i. î
l u
: 521
Ifil
j
. .8.
5, , , ,
. .

,
.
, ,
. .
(bat)
.
60
Windows
At.exe
At.exe
.
AT , . .
.
:
AT [\\_]
[ [id]
AT [\\_]
[ , . . . ] ] ""
time
[/DELETE] | /DELETE
[/INTERACTIVE]
[/YES]]
[/EVERY:flaTa[,...]
/NEXT:
:
\\__ ,
. , , AT ;
id , ;
/delete . id , ;
/yes
(/delete) ;
time
:");
24-
"-
/interactive , ;
/every-.[,...]

() . ,
;
/next: [.. . ] ( ).
, ;
"" Windows NT ,
. .
, - ,
COPY DIR, ,
/, :
AT 1 0 : 0 0
"CMD / DIR > C : \ t e s t . O U t "
Attrib.exe
attrib.exe , , " ",
3. Windows
61
"", "" "". a t t r i b .

:
attrib [{+r|-r}] [{+a|-a}] [{+s|-s}] [{+h|-h}] [[:][] _]
[/[/d]]
Windows.
Bootcfg.exe
bootcfg.exe
, ,
boot.ini.
, , , bat-.
Windows.
Chcp.exe
chcp.exe .
chcp
. 866.
Chkdsk.exe
,
. chkdsk . chkdsk .
Windows.
Driverquery.exe

.
:
driverquery [/s ] [/ \ / ]
[/to {TABLE|LIST|CSV}] [/nh] [/v] [/si]
Windows
Fc.exe

.
62
Windows
:
[/] [/] [/] [/1] t/lbn] [/n] [/t] t/u] [/w] [/nnnn]
[!:]
[1]__1 [2:]
[2]_2
Windows.
, Windows.
(regedit.exe) ( | ), , before.reg. , ,
( ,
after.reg). ,
, :
FC before.reg after.reg > diff.txt
diff.txt , , .
Find.exe

.
find ,
.
:
find
[/v]
[/]
[/n]
[/i]
""
[[:][]_[...]]
Hostname.exe
hostname.exe , .
lpconfig.exe
Ipconfig.exe TCP/IP DHCP DNS.
ipconfig IP-,
.
Makecab.exe
makecab.exe cab-.
:
makecab /?
3. Windows
63_
Net.exe
net.exe , , , , , , , , ,
, . ,
net User
, .
, .
.
,
net /?
, :
NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |
HELPMSG | LOCALGROUP | NAME | PAUSE | PRINT | SEND | SESSION | SHARE |
START | STATISTICS | STOP | TIME | USE | USER | VIEW ]
.
n e t []
/help
,
net user _ /active :no
Netstat.exe
TCP, , , Ethernet, IP, IPv4

( IP, ICMP, TCP UDP) IPv6 ( IPv6,
ICMPv6, TCP IPv6 UDP IPv6). ,
n e t s t a t TCP.
:
netstat [-] [-] [-] [-] [- ] [-] [-s] []
, , :
netstat -n
Ping.exe
ping.exe IP , TCP/IP, -
64
Windows
- ICMP. -. Ping TCP/IP-, , . ping,

, .
:
p i n g [-t] [-a] [-n ] [-1 ]
[-f] [-i TTL] [-v ]
[- ] [-s ] [{-j _
| -
_)]
[-w ]
[__]
ping TCP/IP. ,
TCP/IP (. 3.9), :
ping 127.0.0.1
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\f)LEXANDR>ping 127.0.0.1
127.0.0.1 32 :
127.0.0.1
127.0.0.1
127.0.0.1
127.0.0.1
=32
=32
=32
=32
<1
<1
<1
1_=128
TTL=128
TTL=128
TTL=128
Ping 127.0.0.1:
: , = . = 0 (0 ),
- :
- , = 0 , 0
C:\Documents and Settings\flLEXflNDR>
. 3.9. p i n g
Powercfg.exe
.

:
powercfg /?
, , :
powercfg /Q
3. Windows
65
Reg.exe
. , ,
.
,
reg /?
, Internet Explorer :
reg query
'HKEY_IXXM J _ICHINE\Software\Microsoft\Internet E x p l o r e r "
/v V e r s i o n
R e g s v r 3 2 . e x e
dll-.
.
:
regsvr32
[/u]
[/s]
t/n]
[/i[:cmdline]]
Dll-
:
/ ;
/s regsvr32.exe ;
/ DllRegisterServer. /i;
/ i : [cmdline] Dlllnstall [cmdline]. /
dll-;
oil- dll- ;
/ ? .
, dll- Active Directory :
regsvr32 schmmgmt.dll
Route.exe

IP . /?
route.
Rundll32.exe
Windows rundll32.exe, -, dll-
66
Windows
. - Microsoft.
.
. ( | ), ,
(C++, Delphi, Visual Basic . .). . .
SHELL32.DLL:
rundll32 shell32.dll,Control_RunDLL hotplug.dll ;
r u n d l l 3 2 s h e l l 3 2 , C o n t r o l _ F i l l C a c h e _ R u n D L L
;
r u n d i i 3 2 sheii32,controi_RunDLL
;
rundll32 shell32.dll,Control_RunDLL access.cpl,,1

( );
r u n d l l 3 2 shell32.dll,Control_RunDLL a c c e s s . c p l , , 2 ( );
rundll32 shell32.dll,Control_RunDLL a c c e s s . c p l , , 3 ( );
rundll32 shell32.dll,Control_RunDLL access.cpl,,4 ( );
rundll32 shell32.dll,Control_RunDLL access.cpl,,5 ( );
r u n d l l 3 2 shell32,Control_RunDLL
a p p w i z . c p l , , 1
( );
rundll32 shell32,Control_RunDLL appwiz.cpl,,2
rundll32 shell32,Control_RunDLL appwiz.cpl,,3
( Windows);
(
);
r u n d l l 3 2 s h e l l 3 2 . d l l , C o n t r o l _ R u n D L L d e s k . c p l , , 0
( );
r u n d l l 3 2 s h e l l 3 2 . d l l , C o n t r o l _ R u n D L L d e s k . c p l , , 1 ( );
rundll32 shell32.dll,Control_RunDLL desk.cpl,,3

( );
3. Windows
67_
r u n d l l 3 2 s h e l l 3 2 . d l l , C o n t r o l _ R u n D L L i n e t c p l . c p l , , 0 ( );
rund.1132 s h e l l 3 2 . d l l , C o n t r o l _ R u n D L L i n e t c p l . c p l , , 1 . ( );
rundll32 shell32.dll,Control_RunDLL i n e t c p l . c p l , , 2 ( );
r u n d l l 3 2 shell32.dll,Control_RunDLL i n e t c p l . c p l , , 3 ( );
rundll32 shell32.dll,Control_RunDLL i n e t c p l . c p l , , 4 ( );
rundll32 shell32.dll,Control_RunDLL inetcpl.cpl,,5 ( ).
rundll32 shell32.dll,Control_RunDLL main.cpl @ 0 ;
rundll32 shell32.dll,Control_RunDLL main.cpl @1

;
rundll32 shell32.dll,SHHelpShortcuts_RunDLL PrintersFolder OT ;
rundll32 shell32.dll,SHHelpShortcuts_RunDLL FontsFolder

;
r u n d l l 3 2 s h e l l 3 2 . d l l , C o n t r o l _ R u n D L L modem.cpl, a d d ;
rundll32 shell32.dll,Control_RunDLLtimedate.cpl
;
rundll32 shell32.dll,Control_RunDLL timedate.cpl,,It

;
r u n d l l 3 2 s h e l l 3 2 . d l l , O p e n A s _ R u n D L L
...;
r u n d l i 3 2 s h e l l 3 2 . d l l , s h e i i A b o u t A Windows;
r u n d l l 3 2 s h e l l 3 2 . d l l , SHExitWindowsEx 0 ,
( Windows 9x/ME);
rundll32 shell32 .dll, SHExitWindowsEx 1 ( Windows 9x/ME);
rundll32 shell32.dll,SHExitWindowsEx - 1
Windows ( Windows 9/);
68
Windows
r u n d l l 3 2 shell32.dli,SHExitwindowsEx
2 (-
Windows 9x/ME);
r u n d l l 3 2 shell32.dll,SHExitwindowsEx
( Windows 9/);
r u n d l l 3 2 s h e l l 3 2 . d l l , SHExitwindowsEx 8
Windows - ( Windows 9/);
r u n d l l 3 2 s h e l l 3 2 . d l l , S H F o r m a t D r i v e :;
rundll32
s h e l l 3 2 . d l l , S H H e l p S h o r t c u t s _ R u n D L L A d d P r i n t e r -
r u n d l l 3 2 s h e l l 3 2 . d l l , S H H e l p S h o r t c u t s _ R u n D L L C o n n e c t
;
rundll32 shell32.dll,SHHelpShortcuts_RunDLL PrintTestPage .
URL.DLL:
rundll32
u r l . d l l , F i l e P r o t o c o l H a n d l e r %1 web-,
%1 U R L ( http://). , r u n d l i 3 2
FileProtocolHandler http://www.whatis.ru;
uri.dil,
r u n d l l 3 2 u r l . d l l , M a i l T o P r o t o c o l H a n d l e r %1 , %i e-mail ;
r u n d l l 3 2 u r l . d l l , N e w s P r o t o c o l H a n d l e r %1 , %1 URL ;
r u n d l l 3 2 u r l . d l l , T e l n e t P r o t o c o l H a n d l e r %1 telnet, %1 .
USER.EXE:
r u n d l l 3 2 user,CASCADECHiLDWiNDOws ;
user,TILECHILDWINDOWS
rundii32
r u n d l l 3 2 u s e r , d i s a b l e o e m l a y e r
/ (, , ).
, Windows ;
r u n d l l 3 2 u s e r , e n a b l e o e m l a y e r O E M Layer,
;
rundll32 user,ExitwindowsExec Windows;
3. Windows
69
r u n d l l 3 2 u s e r , R e p a i n t S c r e e n ;
r u n d i i 3 2 u s e r , s e t c a r e t B i i n k T i m e n , ;
r u n d i i 3 2 u s e r , s e t C u r s o r P o s
;
r u n d l l 3 2 u s e r , S e t D o u b l e C l i c k T i m e
(double click), \
rundii32 user,swapMouseButton
( );
rundll32 user,WnetConnectDialog
;
r u n d i i 3 2 user,wnetDisconnectDiaiog
.
r u n d i i 3 2 diskcopy,DiskcopyRunDii
;
r u n d i l 3 2 keyboard, d i s a b l e ,
;
r u n d l i 3 2 mouse,disable ;
r u n d l l 3 2 k r n l 3 8 6 . e x e , e x i t k e r n e l ,
Windows;
r u n d l l 3 2 mshtml.dll,PrintHTML "HtmlFileNameAndPath"
HTML, "HtmlFileNameAndPath"

;
r u n d l l 3 2 m s p r i n t 2 . d l l , R U N D L L _ P r i n t T e s t P a g e TeCTO ;
r u n d l l 3 2 n e t p l w i z . d l l , A d d N e t P l a c e R u n D l l ;
r u n d i i 3 2 r n a u i . d i i , R n a w i z a r d / l ;
r u n d l i 3 2 s h e l l , s h e i i E x e c u t e ;
rundll32 sysdm.cpl,InstallDevice_Rundll
;
70
Windows
rundll32 Appwiz.cpi,NewLinkHere %i
, %1 ;
rundll32 syncui. d l l . Brief c a s e _ I n t r o
;
rundll32 syncui. d l l , Brief case_Create , ;
rundii32 msgina,sheiishutdownDialog
Windows;
rundli32 tcpmonui.dli,LocalAddPortui TCP- ;
rundll32 shdocvw.dll,DoOrganizeFavDlg
;
rundll32 user32 .dll, LockWorkStation ;
rundll32 desk.cpl,InstallScreenSaver [filename.scr]
;
rundii32 iEdkcs32.dll,clear Internet
Explorer, .
Sfc.exe
sfc.exe . Windows XP , Windows 9x,
. .
:
sfc [/scannow] [/scanonce] [/scanboot] [/revert] [/cancel] [/enable]
[/purgecache] [/cachesize=x] [/quiet]
:
/scannow ;
/scanonce
;
/scanboot
;
/revert ;
/purgecache ;
3. Windows
71
/cachesize=x ( 50 );
/? .
.
dllcache
, Windows XP
,
dllcache, Windows
. ""
( )
sfc
/cachesize=
,
Windows\System32\dllcache. 0.

, , , ( ).
sfc.exe /s cannow
Windows
.
Shutdown.exe
shutdown.exe
,
. - .
, :
shutdown [ { - 1 | - s | - | - a } ]
[- ""]
[-d[u]
[-f] [-m [\\_]]

[p]:xx:yy]
[-t xx]
:
-l .
- , . .
;
-s ;
- ;
- , , -1
_.
72
Windows
, -, . . shutdown.exe ;
- ;
- [\\_] , ;
-t
. 20 ;
- "" , shutdown.exe.
127 . ;
-d [u] [p] :xx:yy :
;
;
(0-255);
(0-65 536);
/? .
Systeminfo.exe
systeminfo.exe , ,
, ,
.
:
systeminfot.exe] [/s [/ \ [/ ]]]
[/fo {TABLE|LIST(CSV}] [/nh] .
Tasklist.exe
tasklist.exe (PID) , .
:
t a s k l i s t t . e x e ] [/s ]
[/fo {TABLE|LIST|CSV}] [/nh]
[/m []
I / s v c | /v]
[/ \
[/
]]
[ / f i [ / f i 2
[ ...
]]]
3. Windows
73
Tracert.exe
- Control Message Protocol (ICMP) (Time to Live, TTL).

,
.
, . ,
http://www.whatis.ru, :
tracert www.whatis.ru
t r a c e r t .
:
tracert [-d] [-h __]
[-w ]
[__]
[-j
_]

, (Graphic User Interface, GUI).
, ,
. .
* [Express Wizard
Welcome to 1 ess 2.0

This wizard wil help you cteate a self-extracting /
self-installing package.
First,you need to create a Self Extraction Directive (SED)
file to store information about your package. If you have
already done this, select Open existing one; otherwise,
select Create New Self Extraction Directive file.
(* ICreate new Self Extraction Directive fiie.j
f Open existing Self Exttaction Directive file:
>
. 3 . 1 0 . lExpress
Windows
74
lexpress.exe
Windows XP IExpress. , (. 3.10). .

, , ,
.
Microsoft, IExpress. -.
WinRAR.
Windows
taskmgr.exe, <Ctrl>+<Alt>+<Del>,
.
lmspaint.exe
taskmgr.exe
nvsvc32.exe
mdm.exe
wcescomm.exe
winxpchanger.exe
svchost.exe
ps.exe
kav.exe
kavsvc.exe
svchost.exe
explorer.exe
hh.exe
spoolsv.exe
svchost.exe
svchost.exe.
svchost.exe
svchost.exe
svchost.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
alg.exe
WINVVORD.EXE
! System
AlEXANDR
ALEXANDR
SYSTEM
SYSTEM
ALEXANDR
ALEXANDR
SYSTEM
ALEXANDR
ALEXANDR
SYSTEM
LOCAL SERVICE
ALEXANDR
ALEXANDR
SYSTEM
LOCAL SERVICE
NETWORK SERVICE
SYSTEM
NETWORK SERVICE
SYSTEM
SYSTEM
SYSTEM
SYSTEM
SYSTEM
SYSTEM
LOCAL SERVICE
ALEXANDR
SYSTFM
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
(Ml
23 888
4
2
2
1
3
4
5
156
044
652
340
628
124
676
332
7 684
3 516
19 604
12 192
9 912
3 980
3 436
27 476
4 792
5 188
1 024
4 424
432
4 532
392
3 500
29 784
?4f)Kfi
- I
i
. 3 . 1 1 . ,
>
3. Windows
75
( )
. , , (. 3.11).
, .
5, , , .

.
Windows.
Windows 98. .
Windows ME, - Windows 2000. Microsoft . , Windows .
.
( | | msconfig). :
;
System.ini system.ini;
Win.ini win.ini;
Boot.ini ;
;
,
.
, .
, , . , .
, , , , Run, Run- ( -). .

(clipbrd.exe)
, -
76
See o Windows
,
. .
Windows Media
, Program Files\Windows Media Player Windows Media (wmplayer.exe)
6.4 ( mplayer2.exe). , .
wscript.exe
wscript.exe GUI-,
Windows ( cscript.exe). ,
, , , ,
. , , ,
bat- . ,
WSH (Windows Script Host), , bat , Windows DOS.

. , . -.
,
.
. , , .
:
w s c r i p t _.
[...]
[...]
,
wscript /?
(sndvol32.exe) . ,

:\windows\sys tem3 2\sndvol3 2.exe -rec
3. Windows
77

Windows XP , .
Support\Tools.
. .
Whoami.exe

( , SID, ).
:
whoami [/option] [/option]
/help . ,
whoami /all /sid
C:\WINDOWS\systern32\cmd.exe
C:\Documents and Settings\fiLEXANDR>net start
These Windows seruices are started:
Application Layer Gateway Service
Automatic Updates
Bluetooth Support Seruice
COM+ Euent System
Computer Browser
Cryptographic Seruices
DCOM Seruer Process Launcher
DHCP Client
Distributed Link Tracking Client
DNS Client
Error Reporting Seruice
Euent Log
Fast User Switching Compatibility
Help and Support
IPSEC Seruices
_ X
. 3.12.
Windows

, . , , .
Windows
78
Windows.
. , , .
(. 3.12):
net start
. . (
) | | | .
, ( |
| services.msc).
(. 3.13).
Services
% (
()
ClipBook
:
Enables ClipBook
Viewer to store
information and
share it with remote
computers. If the
service is stopped,
ClipBook Viewer will
Cocros A
%Alerter
Notifies sel...
;
Âpplication Lay... Provides s... '
&1 Application Man... Provides s...
%ASP.NET State... Provides s...
Âutomatic Upd... Enables th...
^Background Int... Transfers f...
% Bluetooth Service
%BluetoothSupp...
rnabtes ..
I9COM+ Events... Supports...
%+ system... Manages t...
; v
&iCnmnnf(r Rrn
tint h * tn ehwr
\ X /
<
3.13.
,
.
, , . , . - .
( ),
.
, , -
3. Windows
79_
, . . Windows
, . , ,
, .

,
. ,
.
(Automatic Updates)
Windows,
.
. .
(Print Spooler)
.
, . ,
.
(Alerter)

. ,
, net send.
(Task Sheduler)
,
- ,
. , , , .

(Portable media serial number service)
, .
, .
(Remote Registry)
. ,
80
Windows
, . .

Windows XP Pro MUI, , ,
. -, Microsoft
. , , . ,
.
Windows XP Home Edition . services.reg -.
,
Windows. , Windows http://www.whatis.ru/.
Windows
, , , .
"" , , . , , .

Windows XP , , , . .
. , 812 .

. "" ...
(. 4.1).
, Windows,
. ,
, , .
, , ,
,
. .
.
, . .
.
82
Windows
.
- ,
. , - ,

, . ,
.
""
[]^

"" .
.
"": | I
[ ]
""
0 :
Internet Explorer
: j Microsoft Outlook
OK
. 4 . 1 .
.
, (
, . . ). (

). , ,
| , . ,
, (. 4.2).
4. Windows
83
Soft
. 4 . 2 .

, .
, . (
) ,
, .

Windows XP ,
, . ., (. 4.3).
, ,
(. 4.4).
, . Documents and Settings\% USERNAME%\MCM
,
. , , . : "
?".
. , , . , .
- ( Microangeio . http://www.microangelo.us.
-, ).
Windows
84
"j>
'^j
>
^
an
FLASH-
*
%
...
..,
*?| | ' I
. 4 . 3 .
. 4 . 4 .
&

, , ,
. .
<Ctrl> ,
( ,
).
.
.
, , , (
doc Microsoft Word, ). ,
.
.
,
, -
4. Windows
, .

, Windows XP
. ,
.
,
regsvr32 /u mydocs.dll
| .
. , :
regsvr32 mydocs.dll
Windows ME/XP zip-,

. , . ,
regsvr32 /u zipfldr.dll

regsvr32 zipfldr.dll

, , -
, , . , , , .
, .
- . ,
.
, - .
,
. BMP, 160 120 ( , ).
oemlogo.bmp.
oeminfo.ini 4.1 ( oeminfo.ini oemlogo.bmp -). .
85
86
Windows
Windows\System.
. 4.5.

!| ^^_] ^ | |
:
Microsoft Windows XP
Professional
2002
:
Garik
Garik
55683-0 -0013917-41219

. , .
Intel(R)
Celeron(R)CPU2.40GHz
2.42
256
1
0
. 4.5.
; 4.1, oeminfo.ini
[General]
Manufacturer=HapoflHbie
Model=M. , .
[Support Information]
Linel=3a http://www.whatis.ru
Line2=
Line3=4acbi :
14=- 08.00-16.00
4. Windows
5=-
Line6=
87
11.00-12.00!
[Support information],
, (. 4.6).

I http://www.whatis.ru
:
I - 08.00-16.00
| - 11,00-12.00!
. 4 . 6 .

, MS Office
Microsoft Outlook? ,
,
. , .
,
Outlook Express.
1.
HKEY_CLASSES_ROOT\CLSID
{01010101-0202-0303-0404-ABCDEFABCDEF}.
, F, ,
.
2.
"Outlook Express", mfoTip,
,
" ".
4 3. 1494
Windows
88
3. Defauiticon. s h e l l .
4. D e f a u i t i c o n C:\Program
F i l e s \ O u t l o o k Express\msirnn. exe, 1 ( ,
)- , .
0
(. . , ,
0, 1 . .).
, dll-. Windows. , Ink pif- .... (. 4.7). ...,

, .

:
! C:\Program Files\OutlookExpress\msimn.e>
[ .,.
. 4 . 7 . ,
Outlook Express
4. Windows
89
5. s h e l l open,
command.
C : \ P r o g r a m F i l e s \ O u t l o o k E x p r e s s \ m s i m n . e x e .
6. . ,
,
| . ".txt"
.
7. Outlook Express.{01010101 -0202-0303-0404ABCDEFABCDEF}. . . .
. Command
C : \ W i n d o w s \ e x p l o r e r . e x e X:\Mame_Folder\Name_Subfolder\.
,
.
4.2 reg- ( sample_link.reg).
| 4.2.
REGEDIT4
;
; .
; http://www.whatis.ru
[HKEY_CLASSES_ROOT\CLSID\{01010101-0202-0303-0404-ABCDEFABCDEF}]
@="Outlook Express"
"111"=" "
[HKEY_CLASSES_ROOT\CLSID\{01010101-0202-0303-0404ABCDEFABCDEF}\Defaultlcon]
@=": WProgram FilesWOutlook Express\\msimn.exe, 1"
[HKEY_CLASSES_ROOT\CLSID\{01010101-0202-0303-0404-ABCDEFABCDEF}\Shell]
[HKEY_CLASSES_ROOT\CLSID\{01010101-0202-0303-0404ABCDEFABCDEF}\Shell\Open]
[HKEY_CLASSES_ROOT\CLSID\{01010101-0202-0303-0404ABCDEFABCDEF}\Shell\Open\Command]
@="C: WProgram FilesWOutlook Express\\msimn.exe"

. . 4.8.
90
Windows
. 4.8. Outlook Express

Windows.
. . 5.
""
Windows ,
, .
1. , .
2. :
[.ShellClassInfo]
CLSID2={OAFACED1-E828-11D1-9187-B532F1E9575D}
Flags=2
desktop.ini .
3. target.lnk. ,
.
4. desktop.ini "" "" (
), - " ".
( 4.3), .
4.3.
(create_shortcut.vbs)
' -
' .
' http://www.whatis.ru
Dim Args, WSHShell, fso, f, TL
4. Windows
'
Set Args = WScript.Arguments
Set WSHShell = WScript.CreateObject("WScript.Shell")
Set fso = WScript.CreateObject("Scripting.FileSystemObject")
' ,
Set f = fso.GetFolder(Args(0))
f.Attributes = f.Attributes Or 1
' Desktop.ini -
Set f = fso.OpenTextFile(Args(0) + "\Desktop.ini", 2, True)
f.Write "[.ShellClassInfo]" + vbCrLf
.Write "CLSID2={OAFACED1-E828-11D1-9187-B532F1E9575D}" + vbCrLf
f.Write "Flags=2" + vbCrLf
f.Close
'
Set f = fso.GetFile(Args(0) + "\desktop.ini")
'
Set TL = WSHShell.CreateShortcut(Args(0) + "\Target.Ink")
TL.TargetPath = Args(1)
' .
1
0
' ( )
TL.IconLocation = "%windir%\notepad.exe, 0"
TL.Save
VBScript ( vbs). : -, , ( ). , ,
. . 4.9 ,
. . C:\Windows.
, - C:\Sample.
- ,
( , , ).
91
92
Windows
. 4.9. -
S Windows

[[ || | |( j

| ,..
SYSTEM
vmnetdhcp.exe
vmnat.exe
SYSTEM
vmware-authd. exe SYSTEM
dslrnon.exe
Garik
W3dbsmgr.exe
Garik
Garik
LCDPlyer.exe
internat.exe
Garik
Garik
start.exe
Explorer.EXE
Garik
svchost.exe
NETWORK SERVICE
svchost.exe
SYSTEM
taskmgr.exe
Garik
svchost.exe
SYSTEM
lsass.exe
SYSTEM
SYSTEM
services.exe
SYSTEM
winlogon.exe
SYSTEM
csrss.exe
rnspaint.exe
Garik
SYSTEM
smss.exe
:
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
: 22
: 0%
1 144
2 476
1 464
1 572
3 612
1 864
1 316
2 732
17 392
2 560
13 828
3 724
3 744
540
2 516
3 092
3 104
5 812
348
.'.I!
:|
.
I
1
1
' 1
*-i;
: 87924 / 6
. 4 . 1 0 .
4. Windows
93
- vbs-, Windows Script Host (WSH). Windows. 6.

, , .
,
(
, ). , . (. 4.10).
(. 4.11).
:.
:
|
.,, |
vmnetdhcp.exe
vmnat.exe
vmware-authd.exe
dslmon.exe
W3dbsmgr.exe
LCDPIyer.exe
internat.exe
start.exe
Explorer.EXE
svchost.exe
svchost.exe
taskmgr.exe
svchost.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
mspaint.exe
smss.exe
svchost.exe
System
...
SYSTEM"
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
99
SYSTEM
SYSTEM
Garik
Garik
Garik
Garik
Garik
Garik
NETWORK SERVICE
SYSTEM
Garik
SYSTEM
SYSTEM
SYSTEM
SYSTEM
SYSTEM
Garik
SYSTEM
LOCAL SERVICE
SYSTEM
SYSTEM
"Z1
1 144
2 476
1 464
1 572
3 612
1 864
1 316
2 732
17 392
2 560
13 828
3 724
3 744
860
2 516
3 092
3 108
6 904
348
2 984
212
20
. 4.11.
94
Windows
:
.

. .

, , ,
, ,
, , .
. ,
( )
.

? , ,
. , bmp, gif, jpg
.
Paint, Photoshop, ACDSee .
, , , (
). , ACDSee, , ,
, .

, , , .
- ,
Windows.
,
.
: ,
, readme . ,
( - ).
4. Windows
, ,
. .
HKEY_CLASSES_ROOT . ( | | regedit)
., ME-File ( ). .
HKEY_CLASSES_ROOT ,
, . . ME-Fiie. .
s h e l l D e f a u l t l c o n .
shell Open, command. command : Wwindows\\notepad.exe \"%1\"

( , ).
Defaultlcon C:\\windows\\
notepad.exe,1.
reg-,
( 4.4).
-, (add_ext_file.reg).
| 4.4.
REGEDIT4
;
; .
[HKEY_CLASSES_ROOT\.me]
@="ME-File"
[HKEY_CLASSES_ROOT\ME-File]
@=" "
[HKEY_CLASSES_ROOT\ME-File\shell]
[HKEY_CLASSES_ROOT\ME-File\shell\Open]
[HKEY_CLASSES_ROOT\ME-File\shell\Open\command]
@="C:Wwindows\\notepad.exe \"%1\""
[HKEY_CLASSES_ROOT\ME-File\DefaultIcon]
@=":\\windows\\notepad.exe,1"
95
96
Windows
. ,
, \ \\
\". %1
.
. , ( %1
).
, , , ,
. reg-. :
[HKEY_CLASSES_ROOT\ME-File\shell\print]
[HKEY_CLASSES_ROOT\ME-File\shell\print\command]
@=":Wwindows\\notepad.exe
/ \ " % 1 \ " "
, .
. ,
WordPad, Word .

, ,
, WinRAR.
? ,
. , .
HKEY_CLASSES_ROOT * ( ) .
,
. . HKEY_CLASSES_ROOT\*\ shell ( ). -
( arj).
,
. ARJ.
arj command, , arj a arc %i.
arc , ,
%1 ,
.
4. Windows
97
, arj.exe
, Path, Path.
,

(. 4.12).
(. 4.13). Path
. , .
. 4.14 .
\2

j J

ji .: :
, ,

[ ]

,
|

,
I ;
. 4.12.
98
Windows

Valya
|
TEMP
C:\DocumentsandSettings\Valya\Local,,.
C:\Documents and Settings\Vaiya\Local...
I ]
CLASSP
ComSpec
! NUMBER_OF_P...
I OS
: \PVSW\BIN\psql .jar
: \ WINDOWS\system32\cmd,
1
Windows NT
C:\PVSW BIN;C\WINDOW5\systern32,\
OK
. 4 . 1 3 .
Path
: I %5ystemRoot%\System32\Wbern;C:\APJ J
OK
. 4 . 1 4 . P a t h
reg-,
( 4.5).
4. Windows
99
! 4.5.
REGEDIT4
;
; .
[HKEY_CLASSES_ROOT\*\shell\ar j ]
@="
ARJ"
[HKEY_CLASSES_ROOT\*\shell\arj\command]
@="arj
a arc%1"
add_cont_menu.reg
-, .
,
, . .
, . . , ,
command notepad.exe "\%1"\. .
(
-
, HKEY_CLASSES_ROOT\unknown,
.
? .
HKEY_CLASSES_ROOT
Folder.
. arj a
arc %i -, .

, . , : (
). , . ,
, (CLSID) dll- -
. sheiiex.
100
Windows
...
...

shellex . Windows ,
( , Windows 2000 Windows ).
HKEY_CLASSES_ROOT\CLSID
:
{C2FBB630-2971-lldl-A18C-00C04FD75D13}
{C2FBB631-2971-lldl-
A18C-00C04FD75D13}. - .
.

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
copyto ( ),
{C2FBB630-297i-iidi-Ai8c-ooc04FD75Di3}.
Moveto
{C2FBB63i-297i-iidi-Ai8c-ooco4FD75Di3}.
. 4.15 -
.
...
{Add to archive,.,
JAdd to "Bootfont.rar"
|Compress and email...
|Compress to "Bootfont.rar" and email
,,
.
. 4.15. ... .

4. Windows
101
- , ,
HKEY_CLASSES_ROOT ,
shellex .
.
: HKEY_CLASSES_ROOT\.txt.
t x t f i l e . HKEY_CLAssEs_ROOT\txtfiie.
shellex, , contextMenuHandiers. .
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers.

( ) (. 4.16).
. 4.6 reg-
( add_ext_menu.reg).

, "Ng.rar",
"",

Q

4 ^ 3,5 (:)
^ (:)
0 NEW (D:)
*# (:)
0h3_blade(F:)
5> (G:)
Q
|^ - Valya

. 4 . 1 6 .
102
Windows
[ 4.6. ... ..
REGEDIT4
; ... . . .
; .
;
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Copyto]
@="{C2FBB630-2971-lldl-A18C-00C04FD75D13}"
;
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Moveto]
@="{C2FBB631-2971-lldl-A18C-00C04FD75D13}"
;
[HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Copyto]
@="{C2FBB630-2971-lldl-A18C-00CO4FD75D13}"
;
[HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Moveto]
@="{C2FBB631-2971-lldl-A18C-00CO4FD75D13}"
,
.

. ,
.
Windows,
, . Windows .
.

.
Windows
. -
4. Windows
103
. 16- 640 480 Windows

Boot.bmp. boot.ini (
"") /bootiogo /noguiboot.
, ,
4.7.
4.7. boot.ini
[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
multi(O)disk(O)rdisk(O)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /bootiogo /noguiboot

Windows 95, , , Windows 95 , Windows XP. .
, .
- ,
ntoskrnl.exe. ,
. , ntoskrnl.exe
. .
.
,
.
.
.
ntoskrnl.exe, ,
. .
. , ntosl.exe, ntos2.exe ntos3.exe. C:\Windows\System32.
ntoskrnl.exe! .
, . http://www.themexp.org Boot
Screens. ,
, , . . , -
104
Windows
. SP2,
.

boot.ini. [operating systems]
.
/kernel=newbootscreenfilename.exe.
newbootscreenfiiename.exe .
. , :
multi(O)disk(O)rdisk(O)partition(1)\WINDOWS="Microsoft Windows XP Home
Edition" /fastdetect

multi(0)disk(O)rdisk(0)partition(1)\WINDOWS="USSR Startup Screen"
/fastdetect /kernel=ntosl.exe
, . :
[operating systems]
multi(0)disk(0)rdisk(O)partition(1)\WINDOWS="Microsoft Windows XP Home
Edition" /fastdetect
multi(0)disk(0)rdisk(O)partition(l)\WINDOWS="USSR Startup Screen"
/fastdetect /kernel=ntosl.exe
multi(0)disk(O)rdisk(O)partition(1)\WINDOWS="Putin Startup Screen"
/fastdetect /kernel=ntos2.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Perestrojka Startup Screen"
/fastdetect /kernel=ntos3.exe
, , .
^
^|
, [boot l o a d e r ] . t i m e o u t .
, timeout=5
. ,
, , . , . BootXP, StyleXP,
BootSkin Screen Booty (. 4.17).
1
Screen Booty, http://www.screenbooty.com (
. .
4. Windows
105
-).
. -.
, Screen Booty - Evaluation Copy
0e Edit Veiw
640x480x<BPP
995".
. 4.17. Screen Booty
,
ntoskrnl.exe
Resource Hacker (http://rpi.net.au/~ajohnson/resourcehacker)
. , .
. ntoskrnl.exe . Resource Hacker File | Open.
, Bitmap, 11 ( 4.18).
1 ,
. " " . .
, . -
106
Windows
. Action Save Bitmap

bmp- . , , ntoskrnl.exe, . . l.bmp.
.
Resource Hacker - E:\archive\resourcehacker\ntoskrnl.exe
Re Edti Ve
iwfictionHep
l
Microsoft*
Windows*
8812i
. 4.18.
, .
, Paint Shop Pro (http://www.jasc.com).
l.bmp. .
, . Paint Shop Pro http://www.thetechguide.com/howto/xpbootlogo/16.pal ( Adobe Photoshop
http://www.thetechguide.com/howto/xpbootlogo/16.act).
Paint Shop Image | Palette | Load Palette
I6.pal (
Maintain Indexes).
Windows XP (. 4.19).
, . , Resource Hacker. Action Replace Bitmap ,
4. Windows
107
. Bitmap-
1, Open ffle with new bitmap
. Replace.
. ntoskrnl.exe.
, myboot.exe, Windows\System32. boot.ini, , .
.
Jasc Paint Shop Pro - win.bmp
Ee
li Edit Ve
i w; m
i age Effect Adjust layers Obe
j cts See
l cto
i ns Wn
idow Hep
l
D
x.
Presets:
Zoom % ) :
d . '....'
Enhance Photo
Zoomout/n:
S i * i
CBJ
Select Script>
Zoommore: i Actualsize:
Pan 1: Dck and drag to pan images larger than the whdow.
Materials
a -
History
Image: 640 x 480 x 16
. 4.19. Windows XP Paint Shop Pro

.
,
. , . .
108
Windows
logonui.exe.
, . .
(
http://www.themexp.org).
- . (
5)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\currentversion\winLogon.
uiHost ( ).
.

. StyleXP .
LogonStudio Stardock (http://www.stardock.com). , , . , LogonStudio
(http://storage.stardock.com/files/LogonStudio_public.exe)
logonui.exe,
. .
S? LogonStudio - Logons
Options
About
LogonStudio
Available Logons
Preview
Current: terminator
myruswn
i xp
reallogon
TheCet
welcomel
wec
l ome2
wec
l ome3
Refresh List
Load
New
Edit
Delete |
Import
Export |.i
Restore default XP logon
About Logon
V 1.0.64
Name: Terminator II
Author: Alexander Klimoff
Email: terminator2@mail.ru
Download free LOGONS

' from: vww.Wn
i Customzie.com
OK
Cancel
. 4.20. LogonStudio
Apply
Help
4. Windows
109
, , Resource Hacker .
.
logonui.exe, . . :
UIFILE, (Bitmap), (String Table),
(Version Info).
U I F I L E . \ U I F I L E \ I O O O \ I O 3 3
( ). , . .
, :
<style resid=framess>
element
{
background: argb(0,0,0,0);
}
element [id=atom(contentcontainer)]
{
background: rgb(90,126,220);
. .
, RGB ( : , ). Paint |
, >>. , , .
.
.
element [id=atom(toppanel)]
{
background: rgb(0,48,156);
- . :
element [id=atom(bottompanel)]
{
background: gradient(argb(0,57,52,173),
argb (0,0,48,156) , 0) ;
, ,
. -
110
Windows
. Bitmap\ioo\iO33 .
, BMP.
Action Replace Bitmap
100 , . ,
. \UIFILE\IOOO\IO33 ,
<element id=atom(contentcontainer) layout=flowlayout(1,3,2,3) layoutpos=client content=rcbmp(100,0,0,219rp,207rp,l,0)>
219 207rp .
. , ,
, .

, . LogonStudio , Resource Hacker
.
Windows XP
Windows XP
LUNA : (), . , ?
Windows Blinds (http://www.windowblinds.net), .
Stardock. , Stardock
Microsoft Windows XP,
"" Windows XP,
. Windows
Blinds ,
,
, "".
, , , . ,
Windows Explorer. , .

LiteStep (http://www.Iitestep.info).
4. Windows
111
, Windows Explorer.
,
. Talisman (http://www.lighttek.com)
, .
, , HoverDesk (http://hoverdesk.net),
Aston (http://www.astonshell.com).
Windows 95. ,
, , ,
, .
. , , .
. .
- . , . , - .
( | , ) .
. ,
. . -,
. theme,
.
- . Windows 98 , Ieshwiz.exe. - Windows XP

. Windows 98,
. .
, (. 4.21).
.

,
. , . ,
, .
,
. , :
ieshwiz.exe e:\myfolder
Windows
112

.
,
.
?
* HTML
HTML,
.
! [; !??...|
,
.

.
>
. 4 . 2 1 . leshwiz
,
. Ieshwiz.exe
Windows, HKEY_CLASSES_
ROOT\Directory\sheil . command,
:
c:\windows\ieshwiz.exe %1
,
. ,
.
.
desktop.ini.
, ( 4.8).
4. Windows
113
\ 4.8. desktop.ini
' - -
"....,.....,i ..<.... '..,..; ,.,
,.. .....................
,i\.....;.,.,.
[ExtShellFolderViews]
{BE09814O-A513-llD0-A3A4-00C04FD706EC}={BE098140~A513-llDO-A3A400C04FD706EC}
[{BE098140-A513-11D0-A3A4-00C04FD706EC}]
Attributes=l
IconArea_Image=C:\WINDOWS\FeatherTexture.tnp
IconArea_Text=0x008000FF
IconArea_TextBackground=OxOOFFFFOO
[.ShellClassInfo]
ConfirmFileOp=0
, ,
, .
. , . desktop.ini
. , desktop.ini
A t t r i b +s
":\",
Ieshwiz.exe. :
iconArea_image ( , );
iconArea_Text , HTML;
LJ iconArea_TextBackground ,
HTML-.
,
. web-
.
, ( ).
, .
,
.
, , .
, . ,
,r,r..\
Windows
114
.
| | .
.
desktop.ini, [.sheliciassinfo]:
iconFiie ( exe, dll, icl .)
(ico);
iconindex ( iconFiie
). , 0.
,

InfoTip =

, WinXPChanger (http://winchanger.whatis.ru).
, (. 4.22),
. - -.
21:21
W E:\MyProgramsV.
. 4 . 2 2 . , WinXPChanger
. 4 . 2 3 . Windows Media Player
4. Windows
115
" "
,
(skins). Windows Media. . , , .
5
Windows

, .
. Windows . , Windows 95 Windows . Windows XP .
sam, security, software, system, default (
), Windows\system32\config. Microsoft ini, , . , . Regmon ( , ,
8),
. , , .
, , , .
Windows , , .

, Windows XP,
: , , , . ,
, ,
118
Windows
. , , .
,
Windows XP.
.

.
!

, ,
.
. , ,
. IT-, .
, ( . " Windows XP"1).
" " .

, .
. (,
).
:
HKEY_CLASSES_ROOT = HKCR
HKEY_CURRENT_USER = HKCU
HKEY_LOCAL_MACHINE = HKLM
HKEY_USERS = HKU
HKEY_CURRENT_CONFIG = HKCC

, :
, , . ? Windows
, , . Windows XP. .: -, 2001.
5. Windows
119
. , .
regedit.exe Windows\system32.

. . . ,
, .

reged.it
(. 5.1). ,
. .
( ^
j ^
C j HKEY_CLA55ES_ROOT
5 J HKEY.OjKRErJTJJSER
AppEvents
! ] Console
C j ContrrJ Panel
"1 Environment
ft CJ IdenWies
It tt Keyboard Layout
ffi Q2 Printers
I U RemoteAccess
I <2j SessOTiInformatwi
8 Qj Software
I l*i GJ ACSFJter
1 ACD Systems
U Adobe
SB D Ahaad
:t: C j Alex Soft
Q Artark
EB- C j Battte.net
* L-J BHzzard Entertaîment
:t, U Bomers
S L J Borland
1
E R R
|
| 5( )
1 ^}App
! *]IMKEY
1 SSi-"!-":
1 ^SlRootDir
j SÛseSbaredFe
li s
| el'ersion
REG_SZ
REG.SZ
REGJINARV
REG_SZ
REG_SZ
REG_5Z
REG SZ
REG_SZ
( )
E:\ProgramFiles\Borland\C6u4der6\ein\bcb.exe
00 00 00 00 6f d6 f9 7 e7 e7 e7 89 88 83 82 e7 9c
abt-
7qdt-5seqm-nzz2w
E:\Program Files\Borland\CBdder6
TRUE
CSS
C++Mder
() AcbveX Controls
3P Oosed Files
Q4 dosed Projects
-t-+Bi*def\6.0
. 5 . 1 .

. , .

.
.
, -. 5 . 1494
120
Windows
, . ,
http://www.whatis.ru.

Windows XP "", .
( | | "",
"", , "").

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
DWORD- NostartMenuPinnedList , 1.
""
.

( . 5.2, ),
DWORD- NostartMenuMFUprogramsList , 1.

(. ),
.
HKCR\Applications\toM_ripoppaMMb;. exe
NostartPage.

Windows XP),
DWORD- NoUserNameinstartMenu , 1.
5. Windows
121
I Internet Explorer
)) Microsoft Outlook
>')
^ 4 *
V ReGet Deluxe
| Play Tm
i eZero
fjfo eMue
l
^jjj Nero - Burning Rom
j&' Spyware Remover

*
j | j |
Windows M.
f2L Add Remove
&
<a Live Update

i J
WinRAR

.,.
Wjjf\
(7)
. 5 . 2 .

, DWORD- {20D04FE03 A E A - I O 6 9 - A 2 D 8 - 0 8 0 0 2 B 3 0 3 0 9 D } , 1,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum

, DWORD- NoNetworkconnections , 1,

, DWORD- NostartMenuNetworkPlaces , 1,
122
Windows

DWORD- startmenuLogof f, 1,
.

, (
).
DWORD- NostartMenuSubFoiders 1.

,
C:\Documents and Settings\All Users\DiaBHoe ,
HKCUXSof twareXMicrosoft \Windows\Curr en tVersion\ Policies \Explorer
DWORD- NoCommonGroups 1.
HKCUXSoftwareXMicrosoftXWindows\CurrentVersionXPolicies\Explorer
DWORD- NoFavoritesMenu 1.
,

HKCUXSoftwareXMicrosoft\Windows\CurrentVersion\Policies\Explorer
NoRecentDocsMenu DWORD 1.

Windows 15 , | .
,
MaxRecentDocs
DWORD
F F F F F F F F ( F 15 ) .
5. Windows
123_

, ciearRecentDocsOnExit DWORD
1

,
, NoRecentDocsHistory DWORD 1

,
NoSMMyPictures DWORD 1
\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

, use search Asst
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState

, Windows
.
( ?),
HKCU\Software\Microsoft\Search Assistant
,

regedit /s clear.reg
Windows clear.reg ,
5.1.
124
Windows
\ 5.1.
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru]

.
^
^|
, clear.reg
.
DWORD- NoFind , 1.
, ... . , <F3>, . , ( ).
0 .

,

DWORD- NoSMHelp 1.

,
DWORD- NoRun 1.

DWORD- MemcheckBoxinRunDig, 1,
5. Windows
125

, 16-
DOS-.

(MRU-).
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
MRUList , ,
. , ,
, , .
, , , . . 26 .
MRUList (""), .

(
Windows XP),
DWORD- NoStartMenuMorePrograms , 1.

( |
| | ),
HKLM\SOFTWARE\Policies\Microsoft\Windows NTXSystemRestore
DWORD- DisabieSR , 1.

:
;
Windows
<Ctrl>+<Alt>+<Del> , .
Windows
.
126
Windows
DWORD- Nociose 1.
Windows (. 5.3).
.
[*1
Windows

Garik

WinKey+L
| | |(

lfP)registry.doc - Microsoft Wd
L
BTimeZero Client
[{N:\win\alex\registry\registry)- - Far
<
'
. , : .
[] ...
. 5.3. Windows
}^
Windows. - .
""
""
,
5. Windows
/27
DWORD- NoSetTaskbar 1.

Windows XP,
DWORD- NosimpieStartMenu 1.
"" ( |
"") ""
( Windows XP), .

"" (
| "", "", , , ""),
DWORD , 1:
NoSMMyPictures ;
NostartMenuMyMusic ;
NoSMMyDocs ;
NoNetworkconnections ;
NostartMenuNetworkPiaces .
.

,
: " , ". SHELL32.dll.
, mfoTip
HKCR\CLSID\{645FF040-5081-101B-9F08-OOAA002F954E}
128
Windows
, , , . ,

@%SystemRoot%\system32\SHELL32.dll,-22915

, .
- !
HKCR\CLSID\{645FF040-5081-101B-9F08-OOAA002F954E}
Localizedstring,
. @%systemRoot%\
system32\SHELL32.dll,-8964.
-8964
, SHELL32.DLL. ,
. ,
%username%
%Username%
. , : , ,
.
.
.

,
DWORD- NoPropertiesRecycieBin 1

,
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace

{645FF040-5081-101B-9F08-OOAA002F954E}.

, , /control Panel /Desktop
WallpaperOriginX WallpaperOriginY
, .
5. Windows
129
Windows
Windows
. DWORD- PaintDesktopVersion 1
HKCUNControl Panel\Desktop

.
.
DWORD- NoDesktop 1

, . . , web-,
HTML, HTML.
. ShellNew
Windows. ,
. , Microsoft
Office, - Word
Excel. , index.html.
. , :
<html>
<head>
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1251">
<title>Mou 3arcmoBOK</title>
</head>
<body>
</body>
</html>
. , HKCR\.htmi ShellNew. FileName,
130
Windows
(index.html).
.
. . , FiieName NuliFile.

,
DWORD- NoTraycontextMenu 1.

, Windows ,
3 ( ). ,
DWORD- TaskbarGroupsize
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
,

, , . ,
.
HKCU\Control Panel\Desktop
ForegroundLockTimeout DWORD "" :
, 200 000 .

.
DWORD- ForegroundFlashcount
. : 0
, 3.
5. Windows
131

( )
. ,
. .
DWORD- NoTrayitemsDisplay 1. ""
.

( | "", , )
, ,
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify
iconstreams Pasticonsstream. Windows (Task Manager), ,
Explorer.exe .
(...)
Explorer
.

,
{ 5 9 0 3 1 a 4 7 - 3 f 7 2 - 4 4 a 7 - 8 9 c 5 - 5 5 9 5 f e 6 b 3 0 e e }
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
MyComputer\NameSpace\DelegateFolders

,
MyComputer\NameSpace

{645FF040-5081-101B-9F08-OOAA002F954E}.
132
Windows

, DWORD- puterverb 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\Explorer
compmgmt.msc.
.

HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Manage
Open with FAR

Compile to HTML Help with FAR
...

...
.,.

. 5.4.

.
HKCR\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell
, (
. 5.4). command, . notepad.exe.
5. Windows
133_

,
. .
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer
,
. , .
cieanupPath.
%SystemRoot%\system32\cleanmgr.exe
/D %.
chkDskPath.
%SystemRoot%\system32\chkdsk.exe %c.
Def ragpath.
%systemroot%\system32\dfrg.msc %c.
^
,
( ), .

,
,
DWORD- D i s a b l e P e r s o n a i D i r C h a n g e 1
( ActiveX ).
.
,
.
HKCR\CLSID\{450D8FBA-AD25-llD0-98A8-0800361B1103}
134
Windows
infoTip,
( " ").

,
, DWORD- {450D8FBAAD25-HD0-98A8-0800361BH03} 1
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
Windows

Windows?
, ,
progman.exe, Windows. shell progman.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
,
explorer.exe.

Windows
(, , , SendTo . .).

. ,
.
,
HKCU\Software\ Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKCU\Software\ Microsoft\Windows\CurrentVersion\Explorer\
User Shell Folders
.
.
.

,
DWORD- NoviewContextMenu 1.
5. Windows
135

,
{D969A300-E7FF-lld0-A93B-0OA0C90F2719}
HKCR\Directory\Background\shellex\ContextMenuHandlers\New

| |
,
. ,
HKCR\.lnkXShellNew
,
.

, , ,
. ,
DWORD- NoToolbarCustomize 1
^
Internet Explorer.

.
HKCU\SOFTWARE\Microsoft\Internet ExplorerXToolbar
BackBitmapsheil,
bmp-
.

DWORD NoFiieMenu 1
HKCU\SOFTFARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
136
Windows
^
, Internet Explorer , Windows.

DWORD- NoCustomizeWebview 1
HKCU\Software\Microsoft\Windows\ CurrentVersion\Policies\Explorer

Windows .
DWORD- NosheiisearchButton
, 1,
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
, Windows.

Windows , ( | ) , web- Windows.
, , DWORD c l a s s i c s h e i l Oxoooooooi
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explore

Windows .
, HTML-,
, .files. , DWORD- NoFiieFolderconnection 1
HKCU\Sotware\Microsoft\Windows\CurrentVers ion \ Explorer

web- ( Windows XP
),
.
. ,
5. Windows
137
. HotTrackingColor

HKOAControl Panel\Colors
RGB,
: , ( 255 0 0).
:
255 0 0;
- 255 255 0;
0 255 0;
- 0 255 255;
- 0 0 255;
255 0 255.
, .
, ,
,
.
, , :
HKCR\*\shellex\ContextMenuHandlers
, . . ,
, , . , AVI
HKCR\avifile\shell
, ,

HKEY_CLASSES_ROOT\*\shel1
@="__ %1"
, ...
,
HKCR\*\shelI\openas\command
:
:\WINDOWS\rundl132.exe
s h e l 1 3 2 . d l 1 , O p e n A s _ R u n D L L %1
( ).
HKCR\Directory\shell HKCR\Folder\
shell. HKCR\Drive\shell.
138
Windows
,
, command, , :
C:\WINDOWS\system32\cleanmgr.exe /d %1
, - , .

, ,
.
pif-, isShortcut
H K C R U n k f i l e HKCRNpiffile.
"" ,

"" ,
, ,
HKCR\Network\SharingHandler
, n t s h r u i . d l l .

.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer
Driveicons. , . Defauiticon DefauitLabei.
.
, . , reg-
: 5.2.
I 5.2. :
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Dr
iveIcons\C\DefaultIcon]
@=" explorer. exe, 8"
5. Windows
139
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Dr
iveIcons\C\DefaultLabel]
@=" "

,
> NoDrives .
.
- ( ).
. 26 . : 1; 2; 4 . .
, .
.
:
O X O 3 F F F F F F ;
0x3 ;
0x4 ;
0x8 D;
0x7 , ;
OXF , , D;
0x0 .
(. ).

,
, , Dir. DWORD- NOviewOnDrive
. , 1,
4, D 8. , D,
1 () + 8 (D) 9.
140
Windows
:
- 1;
J - 512;
S - 262 144;
- 2;
- 1024;
- 524 288;
- 4;
L - 2048;
U - 1 048 576;
DD-8;
-16;
F - 32;
G-64;
- 128;
I - 256;
-4096;
ON-8192;
- 16 384;
- 3 2 768;
Q - 65 536;
R - 131 072;
V - 2 097 152;
W - 4 194 304;
X - 8 388 608;
Y 16 777 216;
Z - 33 554 432;
- 67 108 863.

, DWORD- NoHardwareTab

Windows , DWORD- AutoReboot 0 1
\SYSTEMXCurrentControlSet\Control\CrashControl

(Explorer) Windows
.
, ,
.
HKCU\Sotware\Microsoft\Windows NT\CurrentVersion\Winlogon
DWORD- A u t o R e s t a r t S h e l l :
0 ;
1 .

Windows XP ,
.
5. Windows
141
, , .

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\comdlg32
placesBar. . ,
. . PiaceO, piacei,
14. DWORD ( . 5.1
).
5.1. PiaceO,..., Placeu

00000000
00000005
00000027
0000000
00000011
00000006
00000012
00000014
History
00000022
.
place . :
Placel="C:\Windows\Systems"
, , PiaceO piacei,
.

Windows 95/98,
NoPiacesBar 1 ( )
142
Windows

, DWORD NoBackButton 1

( ),
DWORD- NoFiieMru 1

, ,
Windows
. . , ,
.
( ).

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32

Windows
Windows XP,
> ForceciassicControlPanel 1

Control.exe, ,
DWORD- NocontrolPanel 1
HKCUXSoftware\Microsoft\Windows\CurrentVersion\Policies\Explorer
.
.
.
5. Windows
143

, , .
. .
,
DWORD- DisaiiowCpi 1

DisaiiowCpi. , ,
, 1,
. :
1 main.cpl;
2 - mmsys.cpl
. .
. ,
. .
Restrictcpi 1 Res t r i c t c p i , ,
.
^
,
.
( ).
, .
,
, , . , ,
ControlPanel\NameSpace
{D20EA4Ei-3957-iid2-A40B-oc5020524i53}. (
), Windows
.
144
Windows

, , - ( - ). , Windows ?
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\
Russian Standard Time
Display,
. . ,
!

.
, NoDeietePrinter

, .
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall
DWORD- NoAddRemovePrograms 1. ,

, .

,
DWORD- NoRemovePage 1.
5. Windows
145

,
HKCTASoftware\MicrosoftWindows\CurrentVersion\Policies\Uninstall
DWORD- NoAddPage 1.
Windows
Windows,
DWORD- NowindowsSetupPage 1.

Windows XP SP1
Windows 2000 SP3
. ,
DWORD- NoChooseProgramsPage , 1.
CD
CD-ROM CD ,
DWORD- NoAddFromcoorFioppy 1.
Windows Update

Windows Update ,
DWORD- NoAddFrominternet 1.

,
, : , . ,

DWORD- NoSupportmfo 1.
146
Windows

( ).
,
. ,
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
, .
.

,
, .

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\<HMH
*.
Dispiayicon , ;
DispiayName ;
ModifyPath ()
. , / ( ModifyPath)
( u n i n s t a i i s t r i n g ) ;
u n i n s t a i i s t r i n g .

publisher, ,
, .
:
Publisher ;
Readme Readme ;
comments ;
contact (e-mail . .);
DisplayVersion ;
ProductiD ;
Regcompany ;
5. Windows
147
Regowner ;
URLinfoAbout ( Publ i s h e r );
URLUpdateinf URL ;
HeipLink URL .

( | | | | )
, . .
( ) DWORD
HKCU\Software\Policies\Microsoft\Internet ExplorerXControl Panel

.
, GeneraiTab 1.
.
( , ), colors 1.
.
( , ),
Links 1.
.
,
Fonts 1.
.
,
Languages 1.
.
, Accessibility 1.
.
, , Homepage 1.
148
Windows
.
,
( Cookie..., ..., ...). settings 1.
.
( , ), cache 1.
.
, History 1.
.

1.
securityTab
.
,
secAddsites 1.
.
, secchangesettings 1.
.
Priva 1.
.
,
Privacy s e t t i n g s 1.
.
contentTab 1.
.
,
Ratings 1.
.
, c e r t i f i c a t e s 1.
.
, CertifSite CertifPers 1.
5. Windows
149
.
,
certifPub 1.
.
, . ,
web- . ,
, ,
, . FormSuggest passwords
"". "
"
, .
.

(. ).
HKCU\Software\Microsoft\Internet Explorer\Main
FormSuggest Passwords "".
.
Profiles 1.
.
connectionsTab
1. , , connection s e t t i n g s 1.
.
, , connwiz Admin Lock 1.
.
( |
| (LAN)),
Autoconfig 1.
150
Windows
-.
- ( |
(LAN)) Proxy 1.
.
ProgramsTab 1.
, .
,
, Messaging 1.
.
,
calendarcontact 1.
.
, Windows .
: HTML, , , , ,
.
HKLM\Software\Clients
. ,
WinMail.
Mail winMaii.
WinMail.
.
-.
- ,
Resetwebsettings 1.
, Internet Explorer .
, Internet
Explorer ,
check_if_Defauit 1.
.
AdvancedTab
1.
5. Windows
151
.
,
. Advanced 1
, .

,
,
HKCXT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
DWORD- NoFoiderOptions 1.

, ,
, , DWORD- NoFiieAssociate 1
.

( | ,
) - ,
.
. DEVMGR_SHOW_DETAILS
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment

,
DWORD- NoDispCPL 1
, .
.
6 . 1494
152
Windows

, DWORD- NoThemesTab
1

,
NoDispBackgroundPage 1
DWORD-
, , , .

, . DWORD- NoChangingWallpaper
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
.

wallpaper
waiipaperstyie, :
0 ( );
1 ;
2 - .

.

, (bmp). , DWORD- NoHTMLWaiiPaper 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

,
5. Windows
153
DWORD- NoDispScrSavPage 1. , , , .

, ,
.
DWORD- screenSaveActive

HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop

.
DWORD- screensaverissecure
HKCU\Software\Policies\Microsoft\Windows\Control
Panel\Desktop
:
ScreensaverisSecure .
,
;
"". ;
"1", .
" "
. " " ,
" ".

,
DWORD- NoDispAppearancePage 1.
, ,
.

DWORD- Novisuaistyiechoi.ee
154
Windows

DWORD- Nocoiorchoice

DWORD- Nosizechoice

,
DWORD- NoDispsettingsPage 1. , , , ,
.

, ,
. , , . ,
,
,
. DWORD NochangeAnimation, 1
, , .

<ALT>

.
<ALT> DWORD- NochangeKeyb o a r d N a v i g a t i o n l n d i c a t o r s 1
5. Windows
155
, , .
cmd.exe

. ,
> ( ).
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
PROMPT REG_EXPAND_SZ,
:
$ | ( );
$D ;
$G > ( );
$L < ( );
$N ;
$ ;
$Q = ( );
$ ;
$v Windows;
$$ $ ( ).

cmd.exe
(cmd.exe). , , del, erase, chair, goto.
DWORD- EnabieExtensions
HKCU\Software\Microsoft\Command Processor
0. 1.

.
DWORD- DeiayedExpansion, 1,
156
Windows

bat-
(cmd.exe)
bat-. DWORD- DisableCMD
HKCU\Software\Policies\Microsoft\Windows\System
:
0 ( ) bat-;
1 , bat-;
2 bat-.

<>,
DWORD- compietionchar 9, <>. <Backspace> 8, <Ctrl>+<D> 4,
<Ctrl>+<F> 6.

cmd.exe ,
.
HKCU\Software\Microsoft\Coramand Processor
AutoRun , CD /D C:\.
. , bat- , . . - autoexec.bat
, , .

, , ,
.
5. Windows
157
HKCR\Directory\Shell
.
command cmd.exe /k cd "%i". ,
, ,
.
Windows
Windows
Windows,
. , , . .
, . AutoAdminLogon,
1,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
DefauituserName Defauitpassword ,
Windows. , DefaultDomainName, . , , ,
, .

Windows
. Windows. DWORD-
AutoLogoncount . ,
5, Windows.

1. 0,
AutoLogoncount DefauitPassword ,
AutoAdminLogo 0.

logonui.exe, .
158
Windows
.
HKLM/SOFTWARE/Microsoft/Windows
NT/CurrentVersion/WinLogon
uiHost,
.
Administrator
, , ,
,

HKLM\Software\Microsoft\Windows
counts \UserList
NT\CurrentVersion\Winlogon\Special
Ac-
DwoRD- Administrator 1.

,
.
HKLMXSoftware\Microsoft\WindowsNT\CurrentVersion\Winlogon
LegalNoticeCaption ,
, LegalNoticeText
. .
ClearType
.
Microsoft ClearType, . ,
( , ).
,
HKU\.DEFAULT\Control Panel\Desktop
2 FontSmoothing FontSmoothing 1 FontSmoothingOrientation.

( | ) , Windows,
5. Windows
159
, .
. , ,
. Registeredowner
( ) Registeredorganization ( )
HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion
Windows
Windows : , -, CD-RW. Windows , .
"" , sourcePath
HKLM\SOFTWARE\MicrosoftWindows\CurrentVersion\Setup
Windows

Windows, DWORD- DisableTaskMgr 1

(Blue
Screen of Death, BSOD) ,
HKLM\SYSTEM\CurrentControlSet\Servises\i8042prt\Parameters
DWORD- Crashonctriscroii 1.
<Ctrl>, <Scroll Lock> .

Windows.
( ). DWORD
HKLM\Software\Microsof t:\Windows NT\CurrentVersion\SystemRestore
compressionBurst .
.
160
Windows
DiskPersent ,
. 4 12 %.
DSMax , . 4 400 .
DSMin ,
.
Restorestatus
(0 , 1 , 2 ).
RPGiobaimterval , . 24
(86 400 ).
RPLifeinterval ,
. 90
(7 776 000 ).
RPSessioninterval. , . 0 ().
( ),
.
Thawinterval ,
,
.

( <Alt>+<Tab>),
cooiswitch 0.

, (
<Alt>+<Tab>),
HKCUXControl Panel\Desktop

cooiswitchcoiumns .
coolSwitchRows
5. Windows
161_

, - , , . ,
DWORD- showinfoTip 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Windows XP . , DWORD EnableBailoonTips 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

, .
HKCU\Software\Policies\Microsof t:\Windows\System\Power
DWORD- PromptPasswordonResume 1.

. .
. ( ( . . " "), ).

HKLM\Software\Microsoft\Windows\CurrentVersion
HKCU\SOFTWAREXMicrosoft\Windows\CurrentVersion
Run, Runonce. ( ), . ,
, . , "Once".
, . ,
, - , .
. ,
162
Windows
. , , . Windows.

, . DWORD.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
, Run LOCAL
MACHINE, D i s a b i e L o c a i M a c h i n e R u n 1.
Run,
LOCAL MACHINE.
RunOnce LOCAL MACHINE. D i s a b l e L o c a i M a c h i n e R u n O n c e . RunOnce LOCAL MACHINE.
Run CURRENT USER D i s a b i e c u r r e n t u s e r R u n . RunOnce CURRENT USER D i s a b l e C u r r e n t U s e r R u n O n c e .
HOST, LMHOST
Windows\System32\drivers\etc
(
) Windows\System32\drivers\etc, :
1. .
2.
rameters.
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Pa-
3. DataBasePatn .
4. Windows\system32\drivers\etc.

.
( . . ),
.
MenuShowDelay HKCUXControl P a n e l \ D e s k t o p .
"400". "0"
. "0" "32767".
5. Windows
163

-
-,
DWORD- AutoRun 0
HKLM\SYSTEM\CurrentControlSet\Services\CDRom

-
Windows XP ( , autorun.inf).
. , :
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
CancelAutoplay\Files
, ,
-, AutoRun
autorun.inf. : "*.*" CD-ROM.

Windows ,
.
HKOT\SOFTWARE\Microsoft\
Windows\CurrentVerson\Policies\Explorer
DWORD- RestrictRun Oxoooooooi.

RestrictRun
. , 1, () .
. , Word.exe, Excel.exe . . regedit.exe,
! RestrictRun 0.

.
HKCU\SOFTWARE\Microsoft\ Windows\CurrentVerson\Policies\System
DWORD- DisabieRegistryToois 1. -
164
Windows
, reg-.
Windows (MMC)

Windows (MMC) ,
DWORD- RestrictAuthorMode 1
HKCU\Software\Policies\Microsoft\MMC
.

, DWORD- RestrictToPermittedSnapins 1
HKCU\Software\Policies\Microsoft\MMC
.

time-
HKLM\SYSTEM\ControlSet001\Services\W32Time\TimeProviders\NtpClient
speciaiPoilinterval :
, ( 43 200 12 ).
time-
Windows XP , . .
.
, Adjust
Date/Time Internet Time .
.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers
, .
5. Windows
165_

HKCU\Control Panel\International
sTimeFormat.
, 8 ( ), . , .
"HH:mm ". ,
. , - (:) , (*),
.
, *.
.
sii59 s2359 , , " " " ". sTimeFormat HH:mm:ss t t (- ).
, 12 24 , , .
. , Outlook
Express .

, ,

.
,
HKU\.DEFAULTXKeyboard LayoutXPreload.
409 ( ) 419 (), . . .

,
( ).
,
HKLM\System\CurrentControlSet\Control\Nls\Locale
166
Windows
. 00000419, 00000409 . . ,
"" " ".

10 % ( ) , ( ).
, .
. DWORD-
DiskSpaceThreshold, 0 99 (. . )
HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters

,
(. ), , ,
, DWORD- NoLowDiskSpaceChecks
1

, ,
HKLM\System\CurrentControlSet\Control\FileSystem
DWORD- c o n t i g F i i e A i i o c S i z e
00000200,

. . (
).
Boot defrag
boot defrag ,
. , . ,
5. Windows
167
HKLM\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction
Enable N. Y.

pagefile.sys
.
. DWORD- ciearPageFileAtshutdown 1
HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\Memory Management

, ,
.
. DWORD- DisablePagingExecutive 1
HKLM\ SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

Windows . - " 10 ...". ,
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
DWORD- AutochkTimeOut :
. 10 . 259 200 ( 3 ),
.
Num Lock
,
Num Lock . ,
?
:
HKCUXControl Panel\Keyboard
initiaiKeyboardindicators "2".
168
Windows
Windows

Windows <lffi> ( , - Microsoft). .
, scancode Map
00 00 00 00 00 00 00 00 03 00 00 00 00 00 5 0 00 00 5 0 00 00 00 00

HKLMXSYSTEMXCurrentControlSetXControlXKeyboard
Layout

Windows
"" Windows. DWORD- NowinKeys 1

HKCU\Software\Microsoft\Windows\Current Version\Policies\Explorer
,
Windows, , .

. , |
winrar, .
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths
.
, WINRAR.EXE, , C:\WINDOWS\NOTEPAD.EXE.
. | , winrar
.
reg-

reg-, Regedit.
, , . , .
reg-, , ,
, .
5. Windows
169
HKCRNregfile\shell\open\command
regedit.exe /s "%i".
reg-
- (
!), . reg- .
notepad.exe "%1" ( ).
DLL
Windows DLL- ,
.
( ).
DLL AiwaysunioadDLL "1"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

- . DrWatson ( ) log-.

HKLM\SOFTWARE\Microsoft\Windows NTACurrent Version\AeDebug
Auto 0. DrWatson
,
. 1 ( ).
,

, . . . ( <Ctr>+<Shift>+<Esc>):
HungAppTimeout
, ( 5000 ).
.
170
Windows

w a i t T o K i i l A p p T i m e o u t
HKOAControl P a n e l \ D e s k t o p
(
2000 ).
.

. AutoEndTasks
HKCUVControl Panel\Desktop
"1" .
"2" . , , HungAppTimeout (. ), , , .
^

, . . .

Windows, 8.3 (DOS-).
HKLMXSystemXCurrentControlSetXcontrolXFileSystem
win3iFiiesystem, 01 (
00).

Windows NTFS .
.
, .
DWORD- N t f s D i s a b l e L a s t A c c e s s U p d a t e 1
HKLMXSYSTEMXCurrentControlSetXControlXFileSystem
5. Windows
171
Windows
Windows NT 3.1 3.5 20 .
Windows XP ,
. waitToKiiiserviceTimeout,
.
HKLM\SYSTEM\CurrentControlSet\Control
20 000, 20 . , , 1000, 1 . ,
,
.
. . . ,
, , .
null-
null-,

, ,
DWORD- RestrictAnonymous 1
HKLMYSTEM\CurrentControlSet\Control\Lsa
Windows Installer
Microsoft Windows Installer (msi-).
. DWORD- DisableMsi
HKLM\Software\Policies\Microsoft\Windows\Installer
:
0 ;
1 Windows Installer;
2 Windows Installer.
/ 72
Windows
msi-

msi- (CD-ROM,
-, DVD . .) DWORD- DisableMedia
HKCU\Software\Policies\Microsof t:\Windows\Installer
Windows Script Host (WSH)

, Windows Script
Host.
HKLM\Software\Microsoft\Windows Script Host\Settings
Enabled, "",
WSH ( "1" ).
DispiayLogo, "",
WSH Microsoft
MS-DOS.

Dial-Up-
Dial-Up-
, , Dial-Up. ,
, .
HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
DWORD- DisabiesavePassword 1, Dial-Up-.

, .
, . DWORD
HKCU\Software\Microsoft\Notepad
l f s t r i k e o u t 1.
lfunderiine 1 .
5. Windows
173
(msconfig.exe)
(msconfig.exe) . , ,

HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig
. , .
Windows XP . .
,
HKCU\Software\Microsoft\Spider
Losses_Dif f i c u i t "".
Losses_Easy "".
Losses_Medium "".
wins_Difficuit "".
wins_Easy "".
wins_Medium "".
HighScore_Difficuit
"".
HighScore_Easy
"".
HighScore_Medium "".
streakwins_Difficuit
"".
streakwins_Easy "".
streakwins_Medium
"".
174
Windows
. , , 10 000 .
,

HKCU\Software\Microsoft\winmine
Timel , "".
Time2 , "".
Time3 , "".
, 3 ,
.
""?

HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Hearts
ZB 42.
<Ctrl>+<Shift>+<Alt>+<F12> !
Internet Explorer
Internet Explorer
Internet Explorer 4.0, version
HKLM\Software\Microsoft\Internet Explorer

Internet Explorer
NoFiieMenu 1
DWORD-
HKCU\Software\Microsoft\ Windows \CurrentVersion\ Pol icies\Explorer
, , Windows.
5. Windows
175

| | ( <Ctrl>+<N>) .
DWORD- NoFiieNew 1
HKCU\Software\Policies\Microsoft\Internet
ExplorerXRestrictions

| | , , , , .
, DWORD- NOEXpandedNewMenu 1

, | ( <Ctrl>-*-<0>,
<Ctrl>+<L>), DWORD- NoFiieOpen 1
HKCU\Software\Policies\Microsoft\Internet ExplorerXRestrictions
...
Internet Explorer ,
HTML-.
(
). ,
checkDocumentForProgiD
HKCUXSoftwareXMicrosoftXInternet Explorer\Main
...
... DWORD NoBrowserSaveAs 1
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions

DWORD- NoPrinting 1
HKCU\SoftwareXPolicies\Microsoft\Internet ExplorerXRestrictions;
176
Windows

,
DWORD- D i s a b i e i m p o r t E x p o r t F a v o r i t e s 1
Explorer

, ( | , <Alt>+<F4>, - ), DWORD NoBrowserClose 1
HTML-
HTML- DWORD Noviewsource 1

HTML-
HTML- . ,
HKLM\SOFTWARE\Microsoft\Internet ExplorerWiew Source Editor\Editor Name
( ),
- .

| ( <F11>)
Internet Explorer .
DWORD- NoTheaterMode 1
5. Windows
177

Internet Explorer,
NoFavorites 1
HKCUXSoftware\Policies\Microsoft\Internet ExplorerXRestrictions.
DWORD-

DWORD- RestGoMenu 1
HKCUXSoftware\Policies\Microsoft\Internet ExplorerXRestrictions
Windows Update
Windows Update.
. windows
update Menu Text
HKCUXSoftwareXPoliciesXMicrosoftXInternet Explorer
, .

Internet Explorer ( |
), DWORD- NoBrowserOptions
1
HKCU\Sotware\Policies\Microsoft\Internet ExplorerXRestrictions

,
. ,
. reg :
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet SettingsX
ZoneMapXDomains
Windows , .

HKCUXSoftware\Policies\Microsoft\Internet
DWORD-.
Explorer
178
Windows

NoHeipMenu
1.
Netscape
Netscape
NoHelpitemNetscapeHelp 1.

NoHelpItemSendFeedback CO 1.

NoHeipitemTipofTheDay 1

,
HKCU\SOFTWARE\Microsoft\Internet
Explorer\MenuExt
, , ,
.

, DWORD- NoBrowserContextMenu 1

,

, DWORD- NoOpeninNewWnd 1
Explorer\Restrictions

, ,
, search Bar
HKLM\Software\Microsoft\Internet
Explorer\Main
5. Windows
179

, NoSeiectDownioadDir 1
HKCU\Software\Policies\Microsoft\Internet ExplorerXRestrictions

Internet Explorer , , . , DWORD- NoBrowserSavewebCompiete 1
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
-,
HTML .

Internet Explorer,
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Rating!3

SP2 Internet Exprlorer
HTML- , ActiveX. , .
,
HKLM\SOFTWARE\Microsoft\Internet Explorer \main\FeatureControl\Feature_LocalMachine_Lockdovm
DWORD- iExpiorer 0.

IE 4**
. ,
Friendly h t t p errors
.
180
Windows
Internet Explorer

- -256. .
26 26 , 38 38. (
, ) . ,
26 , 38. . , C:\Windows\System.
bg_logo.bmp sm_logo.bmp. ( )
HKCU\Software\Microsoft\Internet Explorer\Toolbar
: BrandBitmap SmBrandBitmap.
BrandBitmap "" (
C:\Windows\System\bg_logo.bmp). SmBrandBitmap "" (C:\Windows\System\sm_logo.bmp).
Internet Explorer
window T i t l e

. , .

Internet Explorer

Internet Explorer.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar
BackBitmap,
BMP-
. , .

s t a r t Page
. .
s t a r t Page, .
5. Windows
181
<F3> ()
<F3> Internet Explorer,
. DWORD- NoFindFiies 1
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrietions

Internet Explorer,
DWORD- NoNavButtons 1

. (,
, ).
HKCU\Software\Microsoft\Internet Explorer\TypedURLs
,
u r i i . , ,
. , urll, uri2, url5, uri6,
.
,
web-. , , .

, ,
.

. , .
, ,
.
,
. .
HKCU\Software\Microsoft\Internet Explorer\SearchUrl
.
, : (http://www.yandex.ru)
(http://www.rambler.ru).
:
182
Windows
h t t p : / / w w w . y a n d e x . r u / y a n d s e a r c h ? r p t = r a d & t e x t = % s ;
h t t p : / / s e a r c h . r a m b l e r . r u / s r c h ? w o r d s = % s .
:
<>+;
% %25;
& %2;
+ %2;
, .

.
:

.
J^
^ ^
Google,
( goo terminator).
-
.
Internet Explorer ,
, . : , , , .
DWORD MyPics_Hoverbar
Explorer\PhotoSupport
1. . Enable_MyPics_Hoverbar
HKCU\Software\Microsoft\Internet Explorer\main
yes () ().
5. Windows
183
130 130 . ,
DWORD- i m a g e _ F i i t e r

10 .
DWORD- offset
.

,
:
WINDOW_PLACEMENT HKCUXSoftware\Microsoft\Internet Explorer\Main;
OldWorkAreas OldWorkAreaRects HKCUXSoftware\MicrosoftMnternet

Explorer\Desktop.
O u t l o o k
E x p r e s s

windowTitie
H X C U \ I d e n t i t i e s \ { * * I d e n t i t y ID * * } \ S o f t w a r e \ M i c r o s o f t \ O u t l o o k
press\5.0,
{**
i d e n t i t y I D **} .

DWORD- Nospiash
HKCU\Identities\{** Identity ID **}\Software\Microsoft\Outlook Express \ 5.0,
{** identity ID **} .
1, . Outlook Express 0.

Outlook Express ( |
),
7 . 1494
184
Windows
HKLM\Software\Microsoft\Outlook
DWORD-
Express
No modify accts 1.

HKOT\Software\Policies\Microsof t:\WindowsMediaPlayer
TitieBar, .
( | ), DWORD HideNetworkTab 1
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer

Windows Media (
| , , ). Windows
Media, DWORD DisabieAutoupdate 1
HKLM\SOFTWARE\Policies\Microsoft\WindowsMediaPlayer

.

Windows
Script Host
DOS,
MS-DOS , , bat-.
, . MS-DOS
, .
MS-DOS Windows, bat- WSH-.
WSH Windows Script Host ,
JScript, VBScript (Active Perl, Python), - .
, bat, Windows MS-DOS.
, WSH
, , (
) , (
, , ), ,
.
, WSH
, VBScript ( vbs) JScript ( js).
, . WSH, .
186
Windows

. , , VBScript, JScript.
WSH .
, .

WSH : cscript.exe ( ) wscript.exe (GUI-).
, . . ,
, . :
C S c r i p t _.
[...]
[...]
:
// ,
;
//D Active Debugging;
//-. ;
//rescript cscript.exe;
//H:Wscript wscript.exe
( );
111 ( , //);
//Jobixxxx WSF;
//Logo ( );
/ /Noiogo ;
//s ;
l/T-.nn ( ): ;
// ;
/ / Unicode / .

).
( bat-
187

. ,
, ,
. wsh.
inf- ini-. wsh-, :
(. 6.1).

wsh. :
[ScriptFile]
Path=G:\files\file.js
[Options]
Timeout=0
DisplayLogo=l
: create shortcut.vbs
!
I'
_d
. 6 . 1 . vbs-
188
Windows
[ScriptFiie] path, , [options] .

, .
, ,
.

.

. , ,
, WSH
.
js (
wsh_sample_reg.js) 6.1.
1 6.1. (JScript)
// J S c r i p t
// .
// h t t p : / / w w w . w h a t i s . r u
// WSHShell
v a r WSHShell = W S c r i p t . C r e a t e O b j e c t ( " W S c r i p t . S h e l l " ) ;
//
WSHShell.Popup(" " ) ;
//
WSHShell.RegWrite("HKCU\\MyRegKey\\",
"Primer");
//
WSHShell .RegWrite ("HKCUWMyRegKeyWString", 1) ;
// DWORD-
WSHShell.Popup(" DWORD");
WSHShell.RegWrite("HKCUWMyRegKeyWDWORD",
2, "REG_DWORD")
189
I/
WSHShe11.Popup(" " ) ;
WSHShell .RegWrite ("HKCUWMyRegKeyWBinary", 3 , "REG_BINARY") ;
//
WSHShell.Popup(" ");
WSHShell .RegDelete ("HKCUWMyRegKeyWString") ;
WSHShell.RegDelete("HKCU\\MyRegKey\\DWORD");
WSHShell .RegDelete ("HKCUWMyRegKeyWBinary") ;
//
WSHShell .RegDelete ("HKCUWMyRegKeyW") ;
, . (. 6.2). .
, .
, , . , ( <F5> ). ,
.
JScript \ , , \\.
.
. 6.2.
, HKEY_CURRENT_USER .
. HKEY_LOCAL_MACHINE HKLM, HKEY_CLASSES_ROOT
HKCR. .
190
Windows
VBScript (wsh_sample_reg.vbs)
6.2.
| 6.2. (VBScript)
1
VBScript
' .
1
http://www.whatis.ru
set WSHShell = WScript.CreateObject("WScript.Shell"]
WSHShell.Popup " "
WSHShell.RegWrite "HKCU\MyRegKey\'
"Primer"
WSHShell.Popup " "

WSHShell.RegWrite "HKCU\MyRegKey\String", 1
WSHShell.Popup " DWORD"
WSHShell.RegWrite "HKCU\MyRegKey\DWORD", 2, "REG_DWORD"
WSHShell.Popup " "
WSHShell.RegWrite "HKCU\MyRegKey\Binary", 3, "REG_BINARY"
WSHShell.Popup " "
WSHShell.RegDelete "HKCU\MyRegKey\String"
WSHShell.RegDelete "HKCU\MyRegKey\DWORD"
WSHShell.RegDelete "HKCU\MyRegKey\Binary"
WSHShell.Popup " "
WSHShell.RegDelete "HKCU\MyRegKey\"
, ( ,
, , , var set). , ,
, , .

, , ,
. Windows Script
Host bat- . ( wsh_run_prg.js) 6.3.
i 6.3. (JScript)
// JScript
// .
// http://www.whatis.ru
797_
var WSHShell = WScript.CreateObject("WScrlpt.Shell");

WSHShell.Run("notepad",5);
,
Run WSHShell . Run
: ,
. Windows, .
.
. 0 9,
.
( ):
.
, .
, - ,
;
2 ;
, ;
0 5 ( , , );
. Z-.
.
- ,
.
VBScript ( 6.4) Windows
wsh_invisible_prg.vbs).
1 6.4. (VBScript)
1
VBScript
' .
1
set WSHShell = WScript.CreateObject("WScript.Shell")

WSHShell.Run "notepad", 0
. 6.3 , notepad.exe ,
.
192
Windows
Windows
I
[. ||"[
1 ! [ || | }

alg.exe
csrss.exe
ctfmon.exe
explorer.exe
lsass.exe
msmsgs.exe
notepad,
services.exe
i smss.exe
| spoolsv.exe
1 svchost.exe
1 ! svchost.exe
1 svchost.exe
svchost.exe
System
i taskngr.exe
W3dbsmgr.exe
i I WinCinemaMgr.exe
WINCMD32.EXE
winlogon.exe
1 WINWORD.EXE
1 ...
1
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
99
3 592
3 688
1 604
16 740
904
1 104
t
1
2 496
348
4 200
3 800
14 244
2 456
3 412
216
3 676
4 416
2 276
556
3 216
1 308
20
1
1
1
sx
(: 22
Iff
; 0%
! = Windows Comman*
1
1
| : 87984 / 6
; '| 5.doc - Mcrosoft Word
Wi...
. 6.3.

Windows Script Host .
, .

WHS ( 6.5).
wsh_create_shortcut.js .
| 6.5. (JScript)
// . JScript
// .

var WSHShell = WScript.CreateObject("WScript.Shell");
//
var vbOKCancel = 1;
var vblnformation = 64;
var vbCancel = 2;
var Message = " ?";
var Title
= " ";
//
Welcome();
//
var DesktopPath = WSHShell.SpecialFolders("Desktop");
//
var MyShortcut = WSHShell.CreateShortcut(DesktopPath + "\\.1");
// :
//
MyShortcut.TargetPath =
WSHShell.ExpandEnvironmentStrings("%windir%\\notepad.exe");
//
MyShortcut.WorkingDlrectory =
WSHShell.ExpandEnvironmentStrings("%windir%");
//
MyShortcut.HotKey = ("CTRL+ALT+N");
//
MyShortcut.WindowStyle = 4;
// ,
MyShortcut.IconLocation =
WSHShell.ExpandEnvironmentStrings("%windir%\\notepad.exe, 0");
//
MyShortcut.Save();
// ,
WScript.Echo(" "!;
function Welcome!) {
var intDoIt;
intDoIt =
WSHShell.Popup(Message,
0,
Title,
vbOKCancel + vblnformation );
193
Windows
194
if
( i n t D o I t == vbCancel) {
// ,
WScript.QuitO ;
,
. (. 6.4), welcome ()
. .

: , .

,, 1 J
. 6.4.
, 64, . 6.4. . 6.56.7 .
. 6.5. ,
16
. 6.6. ,
32
. 6.7. ,
48
0 - ;
1 ;
2 , , ;
3 , , ;
4 , ;
5 - , ;
6 , , .
,
:
1 - OK;
2 ;
195
3 ;
4 ;
5 ;
6 - ;
7 - ;
10 ;
11 .

var DesktopPafch = WSHShell.SpecialFolders("Desktop");
S p e c i a l F o l d e r s
WSHShell. .
Desktop, :
F a v o r i t e s ;
Fonts ;
MyDocuments ;
NetHood ;
PrintHood ;
Programs ;
Recent ;
sendTo ;
startMenu ;
s t a r t u p ;
Templates .
: AllUsersDesktop, AllUsersStartMenu, AllUsersprograms, Aiiusersstartup, Windows NT/2000/XP.

,
. 4, . , :
7
.
WSH , . TargetPeith
196
Windows
, .
, ,
.

( 6.6).
. , , (wsh_create_url_shortcut.js).
'
. . . . . . . . .
| 6.6. - (JScript)
// . JScript
// .
// ""
var FavoritesPath = WSHShel1.SpecialFolders("Favorites");
//
var MyShortcut = WSHShell.CreateShortcut(FavoritesPath + "\\
.URL");
//
MyShortcut.TargetPath =
WSHShel1.ExpandEnvironmentStrings("http://news.whatis.ru");
MyShortcut.Save();
url , , , . ,
.

,
, CD-ROM, .
, ( 6.7)
( wsh_drives.vbs ).
\ 6.7. . VBScript
. VBScript
.
197
'
Set fso = WScript.CreateObjectCScripting.FileSystemObject")
Set WSHShell = WScript.CreateObject("WScript.Shell")
str = ""
' (, CD-ROM, )
For each i In fso.Drives
'
If i.DriveType=2 Then
'
drive=i.DriveLetter
'
' 1
free = FormatNumber(i.FreeSpace/1048576, 1)
1

total = FormatNumber(i.TotalSize/1048576, 1)
'
fs = i.FileSystem
'
1
CHR(IO) (\ JScript)
str = str + " " + drive + ", " + total + " , "
str - str + free + " , - " + fs + CHR(IO)
End If
Next
'
WSHShell.Popup(str)
. 6.8.
Windows Script Host
, 2 998,4 , 2 595,96 , - FAT32
, 9 999,46 , 3 701,0, - FAT32
F, 4 994,86, 4 944,5 , - FAT32
G, 4 994,8, 4 811,8 , - FAT32
, 4 994,8 , 3 757,6 , - FAT32
I, 4 987,0, 3 413,7, - FAT32
J, 81 426,8 , 62 828,0, - FAT32
. 6.8.
198
Windows
,
.
If i.DriveType=2 Then
/ . ,
CD/DVD-ROM. , .
, :
D o ;
1 ;
2 - HDD;
;
4 - CD-ROM;
5 RAM-.
, . GetDrive:
Set fso = WScript.CreateObject("Scripting.FileSystemObject")
Set Drive = fso.GetDrive("c")
, WSH:
isReady , true, false;
RootFoider ;
seriaiNumber ;
shareName ;
voiumeName ;
DriveExists :
fso.Drive-
Exists ("").
.
, , , , . .
: TEST, test.txt
( 6.8). , ,
wsh_create_folder_and_file.js.
199_
I 6.8. JScript
// . JScript
// .
// (
// VBScript)
var fso = new ActiveXObject("Scripting.FileSystemObject");
//,
if (fso.FolderExists("C:\\TEST"))
WScript.Echo(" ");
else
// -
var Folder = fso.CreateFolder(":WTEST");
//,
if (fso.FileExists("C:\\TEST\\test.txt"))
WScript.Echo(" ");
else
// ,
var File = fso.CreateTextFile(":\\TEST\\test.txt",
true);
. ( ). true.
, . . false, ASCII. true Unicode.
,
(Folder File ). ,
/,
G e t F o l d e r / G e t F i l e :
var F i l e = fso.GetFilef":\\TEST\\test.txt");
, ,
, , , . ,
Copy, Move Delete. Move
, / . Delete . ,
test.tmp,
File.Copy("C:\\TEST\\test.tinp") ;
200
Windows
Folder File
:
size /;
Datecreated ;
DateLastAccessed ;
DateLastModified ;
Name /, .
shortName ( MS-DOS).
8.3;
path ();
shortPath ( ~);
ParentFolder ;
.
:
WScript.Echo(File.Path);
Attributes
( "", "" . .). . . 6.1
.
6.1.
Normal
Readonly
Hidden
System
Volume
Directory
16
Archive
32
Compressed
128
201
, . , " ",
"" "", 1 + 2 + 4 = 7:
Filel.Attributes = 7;
, .
, /.
Folders,
SubFoiders Folder. Folders
count item Add. ( 6.9).
................................
:<"
.-
I 6.9. . JScript
// . J S c r i p t
// .
//
v a r f s o , f, f c , f c l , s ;
//
fso = new ActiveXObjectC'Scripting.FileSystemObject");
//
f = fso.GetFolder(":");
// ,
fc = new Enumerator(f.SubFoiders);
fcl = f.SubFoiders;
s = ""
// ,
//
for (; !f.atEnd(); fc.moveNext())
(
//
s += f.item();
s += "\";
}
//
s = s + " : " + fcl.Count;
WScript.Echo(s);
VBScript ( 6.10).
202
Windows
j 6.10. . VBScript
' . VBScript
' .
1
'
Dim fso, f, fl, fc, s
'
Set fso = CreateObject("Scripting.FileSystemObject")
'
Set f = fso.GetFolder("C:")
' ,
Set fc = f.SubFolders
'
For Each fl in fc
'
s = s & fl.name
s = s & CHR(IO)
Next
1

s = s & " : " & f.Count
WScript.Echo s
, VBScript JScript . Enumerator. .

wsh_folders.js wsh_folders.vbs
-.
Add,
, :
fcl.Addf"NewFolder"); // JScript
fc.Add "NewFolder"
' VBScript
.
- Files.
( 6.11) 6.9.
[ 6.11. . JScript
// . J S c r i p t
// .
203
v a r f s o , f, f l , f c , s ;
fso = new ActiveXObject("Scripting.FileSystemObject");
f = fso.GetFolderC'C:") ;
fc = new Enumerator(f.files);
s = "" ;
for (; !f.atEnd(); f.moveNext())
{
|
s += fc.item();
s += "\n";
}
WScr ipt.Echo(s);
He - .
, VBScript .

, ,
.
, .
,
, :
//JScript
var fso = new ActiveXObject("Scripting.FileSystemObject") ;
var file = fso.OpenTextFile("C:Wtest.txt", 2, true);
//VBScript
Set file = fso.OpenTextFile("C:\test.txt", 2, true)
, openTextFile , , . , ,
. .
.
, , :
1 ;
2 . , , , ;
8 . , ,
. .
204
Windows
true false. , , .
true, .
,
. :
-2 , ;
-1 Unicode;
ASCII.
:
write ;
writeLine ;
d WriteBiankLines (
, ).
6.12 .
I 6.12. . JScript
>..;.
....
:.
...j
II . JScript
// .
fso = new ActiveXObject("Scripting.FileSystemObject");
file = fso.OpenTextFileC'c: Wtest.txt", 2, true);
//
file.Write("Hello, " ) ;
f i l e . W r i t e C ' W o r l d ! ") ;
//
file.WriteBiankLines(2);
//
file.WriteLine("Hello, " ) ;
file.WriteLine("World!");
:
Read ;
ReadLine ;
ReadAii ;
skip ;
skipLine .
205

( 6.13). Windows 9x win.ini,
run
. , . ,
- ( -
wsh_check_run.vbs).
6.13. run win.ini. VBScript
' run w i n . i n i .
' .
VBScript

'
1

Set file = fso.OpenTextFile("c:\windows\win.ini", 1, false)
1
, run 2- ,
1
, 1-
file.SkipLine
'
1
,
if (not file.ReadLine = "run=") then
WScript.Echo " run !!!"
' .
else
WScript.Echo "OK!"
end if
, . , , run, , , .
: , , .

WSH
wshNetwork, ,
, .
206
Windows
( 6.14), ,
(wsh_net_info.js).
i 6.14. , . JScript
// , . JScript
// .
// WshNetwork
var WshNetwork = new ActiveXObject("WScript.Network");
// info
info = " : " + WshNetwork.UserName;
info = info + "\n";
//
info = info + " : " + WshNetwork.ComputerName;
info = info + "\n";
// ,
info = info + ": " + WshNetwork.UserDomain;
//
WScript.Echo (info);
VBScript ( 6.15).
\ 6.15. , . VBScript
' , . VBScript
' .
1
Set WshNetwork = CreateObject("WScript.Network")
info = " : " & WshNetwork.UserName
info = info & Chr(lO)
info = info & " : " & WshNetwork.ComputerName
info = info & Chr(lO)
info = info & ": " & WshNetwork.UserDomain
WScript.Echo info
WshNetwork: UserName,
ComputerName UserDomain . ? , ,

, (
6.9).
207
Windows
: Garik
: COMPUTER
: COMPUTER
OK
. 6 . 9 . ,
, .
,
( wsh_network_drives.js) 6.16.
| 6.16. . JScript
II . JScript
// .
//
var vbOKOnly = 0;
var vblnformation = 64;
var WSHNetwork = WScript.CreateObject("WScript.Network")
//
var colDrives = WSHNetwork.EnumNetworkDrives();
if (colDrives.length == 0) { //
WSHShell.Popup(" ",
0,
" WSHNetwork",
vblnformation + vbOKOnly );
} else {
strMsg = " : \";
for (i = 0; i < colDrives.length; i += 2) {
strMsg = strMsg + "\n" + colDrives(i) + "\t" + colDrivesd + 1 ) ;
WSHShel1.Popup(s trMsg,
0,
" WSHNetwork",
vblnformation + vbOKOnly );
208
Windows
, WSH, , : , , , , .
VBScript ( 6.17).
6.17. . VBScript
' . VBScript
' .
Set WSHNetwork = WScript.CreateObject("WScript.Network")
Set colDrives = WSHNetwork.EnumNetworkDrives
If colDrives.Count = 0 Then
MsgBox " ",
vblnformation + vbOkOnly,
_
" WSHNetwork"
Else
strMsg = " : " & Chr(lO)
For i = 0 To colDrives.Count - 1 Step 2
strMsg = strMsg & Chr(lO) & colDrives(i) & Chr(9) & colDrives(i+1)
Next
MsgBox strMsg,
vblnformation + vbOkOnly,
" WSHNetwork"
End If
_
_
NetworkDrive RemoveNetworkDrive .
( JScript):
WshNetwork.MapNetworkDriveC'X:", "\\\\S2\\Voll", "true", "Userl", "123");
: , , , . (true false) , .
,
. ,
.
, .
.
:
WshNetwork.RemoveNetworkDrive("X:", "true", "true");

.
true, ,
. .
, . , , .
EnumPrinterConnections
( ).
AddPrinterConnection . MapNetworkDrive, , (LPT1, ).
RemovePrinterConnection (
).
SetDefaultPrinter .
, :
SetDefaultPrinter("\\WCompl\\HP1100");
AddwindowsPrinterConnections Windows . .
Windows 9x Windows NT/2000/XP
.
Windows .
AddwindowsPrinterConnections{strPrnPath,
strDriverName [,st;rFort]);
strPrnPath ;
strDriverName , ;
s t r P o r t , .
Windows NT/2000/XP .

, WSH, : "
?". , reg-, , , bat-. , WSH , ,
, ?
209
210
Windows
WSH , ( ).

Windows ( MS-DOS ).
-,
, .
, ? . ,
.
, .
//JScript
var WshShell = WScript.CreateObject("WScript.Shell");
WshShell.AppActivate("");
wshSheli.AppActivateO.
. , . , ,
, ,
. , . . ,
Word ,
"Microsoft Word". , , .
, ,
, "".
,
.
sendKeys (). , ,
( 6.18).
I 6.18. . JScript
// . JScript
// .
var WshShell = WScript.CreateObject("WScript.Shell");
// , ,
// true ,
// false ,
KEY = true;
211
w h i l e (KEY) {
if (WshShell.AppActivate("")) {
// ,
WriteWord();
//
KEY = false;
}
if (WshShell.AppActivate("Microsoft Word")) {
WriteWord();
KEY = false;
}
// 10
WScript.Sleep(lOOOO);
function WriteWord() {
WshShell.SendKeys("THE " ) ;
WScript.Sleep(300);
WshShell.SendKeys("MATRIX " ) ;
WScript.Sleep (300) ;
WshShell.SendKeys("HAS " ) ;
WScript.Sleep(300);
WshShell.SendKeys("YOU...");
WScript.Sleep(300);
10 Word
, ,
. , ,
, -
.
, VBScript ( 6.19).
| 6.19. . VBScript
' . VBScript
.
set WshShell = WScript.CreateObject("WScript.Shell")

KEY = true
do while KEY
if WshShell.AppActivate("Microsoft Word") then
WriteWord()
KEY = false
212
Windows
end if
WScript.Sleep 3000
loop
function WriteWordO
WshShell.SendKeys "HELLO, WORLD!"
end function
,
, JScript. 6.18 6.19
wsh_sendkeys.js wsh_sendkeys.vbs .
, ,
.
-
, , <Enter>, <Tab<, <F1>, ..., <F12>,
<Alt>, <Shift>, <Ctrl> . . 6.2
.
6.2. WSH
<Backspace>
{BACKSPACE}, {BS}
{BKSP}
<F1>
{F1}...{F12}
<Caps Lock>
{CAPSLOCK}
<End>
{END}
<Delete>
{DELETE}{DEL}
<Esc>
{ESC}
<Enter>
{ENTER} ~
<Home>
{HOME}
<lnsert>
{INSERT} {INS}
<Num Lock>
{NUMLOCK}
<Page Down>
{PGDN}
<Page Up>
{PGUP}
<Print Screen>
{PRTSC}
<Scroll Lock>
{SCROLLLOCK}
<Tab>
{TAB}
<T>
{UP}
>
{LEFT}
<4->
{DOWN}
<
{RIGHT}
<Shift>
<Break>
{BREAK}
<Ctrl>
<Alt>
<F12>
213
, <Shift>,
WshShell.SendKeys("+(ABC) ") ;
,
WshShell.SendKeys("+");
, , +, , % , ( ) .
: {+}, {%}. , : +, , %, -, (, ), {, }, [, ].
,
, . ,
WshShell.SendKeys("{ 100}"};
<>. , 8175.
.
, . 6.2.
Word, test
( , , , ) 6.20.
; 6.20. . JScript
// . JScript
// .
var WshShell = WScript.CreateObject("WScript.Shell'
if (WshShell.AppActivate("Microsoft Word")) {
WshShell.SendKeys("%");
WshShell.SendKeys("{ENTER}");
WshShell.SendKeys("{DOWN}");
WshShell.SendKeys("test");
214
Windows
, , , . ,
"" ,
(- ,
), . , "" , .

,
"",
, . ,
,
( ). , , . , () .
VBScript, - :
Dim Perem
WSHShell.Popup " "
Perem = ""
Perem = WSHShell.RegRead("HKCU\Software\Test")
WSHShell.Popup Perem
WSHShell.Popup " "
" " , , ,
(. 6.10), Test
HKeuxsof tware . - .
: -
, - ? , . :
Dim Perem
WSHShell.Popup " "
Perem = ""
215
On Error Resume Next

GetErr()
if Err.Source="WshShell.RegRead" then
Perem = " "
else
Perem = WSHShell.RegReadt"HKCU\Software\ Test")
end if
Err.Clear
WSHShell.Popup Perem
WSHShell.Popup " "
Function GetErr()
If WSHShell.RegRead("HKCU\Software\ Test"; Then
End If
End Function
Windows
:
N:\win\end\5\samples\l 11. vbs
; 7
: 1
: "HKCU\Software\Tesfc"
:
80070002
:
Wsh5hell.RegR.ead
OK
. 6 . 1 0 .
.
(Err.Number)
(.source). if , ,
, , , , . .
,
.
. VBScript, run-time errors (
). source ( ). clear , . source clear
, , , 8 . 1494
216
Windows
Number D e s c r i p t i o n . Number ,
a D e s c r i p t i o n .
Perem = " "
Perem = " " & Err.Number & ".
" & Err.Description
: " -2147024894.
"HKCU\Software\Test"".
. .
? -, WSH
. -, (
,
. .)
(
FileExists fso). - . .
run-time
VBScript. , JScript , VBScript. t r y { . . .}
c a t c h { . . . } .
.
JScript, .

,
, .
, WSH . . , , . , ,
WSH Microsoft:
http://msdn.microsoft.com.
7
Windows XP Service Pack 2
- Windows ,
. - Windows, Microsoft
, ,
.
Service
Pack 2 (SP2). 2
(SP2) Windows XP . ,
. Microsoft
, .
,
. , .
Bluetooth,
Windows Media ,
API DirectX 9c. , Service
Pack 1, . -,
,
Windows. -, Windows. -,
Internet Explorer.
. , ,
218
Windows
. , Service Pack 2 System Restore,

.
,
. Service Pack 2
/, :
x p s p 2 . e x e /
, , SP2, .
266 , . ,
. , Windows XP Professional
90 .
' Windows
Pucyptt

Windows Update

Windows. ,
. ,
. ,
.
Windows ?

^

. "
", Windows
().
?

. .
. 7.1.
7. Windows Service Pack 2
219
Windows
, SP2. , , , , .
Windows (Security Center),
, (. 7.1).
Windows
! ! !!
Windows ,
, . 1
, .
:
HActiveSync Application
0 Connection Manager
BmRouterRuntime
13 PortChecker
13 UPnP-
0WS_FTP95
D
13

...
...
..
@ ,

. 7 . 2 .
220
Windows
Windows
SP2 , .
ICF (Internet Connection Firewall), firewall .

. , ,
(. 7.2).
, .
>
: I 3

: [
i f Windows XP - Software Updates
Windows Media 10
@ Wiidows Media Format Runtime

ff
Windows
23.10.2004
I f 1 Windows XP Hotfix - KB873339
16.12.2004
j % ' Widows XP Hotfix KB88618S
16.12.2004
i f Windows XP Hotfix - KB885835
16.12.2004
ff
Windows XP Hotfix - KB885836
16.12.2004
25.12.2004
4 j ' WildOWS XP Hotfix - KB890175
22.01.2005
i f WildOWS XP Hotfix - KB891781
11.02.2005
i f Windows XP Hotfix - 888
12.02.2005
13.02.2005
i f Wiidows XP Hotfix - KB887472
15.02.2005
I f 1 Windows XP Hotfix KB873333
15.02.2005
15.02.2005
> Windows XP Hotfix - KB867282
15.02.2005
tf
15.02.2005
Windows XP Hotfix - KB890047
i f WildOWS XP Hotfix - KB887742

0
Windows XP Hotfix - KB88S884
26.02.2005
Windows XP Service Pack 2
. 7.3.

(. 7.3). "" (patches)
.
, Microsoft
221
Office MS Office,
Windows Media Player .
Internet Explorer
Internet Explorer,
. ,
. . ,
-
ActiveX. , . .
^

( Opera), .
ActiveX (
| ).
ActiveX, . ,
flash-, , Macromedia
Flash.
Internet Explorer
Windows XP SP2
Internet Explorer. ,
SP2.
,
- web-.
, Internet Explorer. . ,
, ,
. , Internet
Explorer, web-.
-
222
Windows
.
, ,
,
. ( ). ,
Windows.
.
Outlook Express
Outlook Express .
Service Pack 2
HTML,
, . Outlook Express
. ,

,
HTML. , Outlook Express, Windows
Messenger MSN Messenger.
SP2 , . , Outlook Express
HTML,
. . . ( ), ,
.
. ,
.
, .
web-
,
Internet Explorer SP2, win-
223
dow.navigator.userAgent. u s e r agent "SV1", ,

Internet Explorer SP2 ( 7.1).
| 7.1. Internet Explorer
<SCRIPT LANGUAGE="JScript">
var g_SP2= false;
function browserVersion()
{
g_SP2= (window.navigator.userAgent.indexOf("SV1") != -1);
if(g_SP2)
{
// Internet Explorer SP2
alert (" > SP2");
}
else
{
// Internet Explorer SP2.
alert (" SP2");
</SCRIPT>
browserversion().

. ,
. , , . ,
. , , .
Regmon
Registry Monitor ( Regmon ) . (Mark Russinovich)
(Bryce Cogswell). http://www.sysinternals.com.
. ,
: - ,
, Windows .
Regmon. , , . , , , .
?
- ? ,
.
226
Windows
, .
-.
Registry Monitor - Sysinternals: www.sysinternals.com
File Edit Opttons Hep
l
I v f
*It!
#
Time
Process Request
5 R e s-QueryValue
25991
85,59633051
2& Reg...CloseKey
25932
85.59831895
3ft Reg... EnumerateKey
25993
85.59836318
aft Reg... CloseKey
25991
85.59837605
Reg... OpenKey
25995
85.59895936
& Reg... OpenKey
25996
85.59898590
^S Reg... CloseKey
25997
8559900131
Reg... QueryValue
26998
85.59902222
$sL 9 CloseKey
25999
85.59903813
g Reg... OpenKey
26000
85.59911222
gft Reg... OpenKey
26001
85.59911013
. Reg... CloseKey
26002
85.59915803
iSH Reg...QueryValue
26003
85.59917591
ffl Reg... CloseKey
26001
85.59919211
Isas... OpenKey
26005
8560061811
Isas... OpenKey
26006
85.60067101
Isas... QueryValue
2600?
85.60068696
C3 Isas... CloseKey
26008
85.60071106
C3 Isas... OpenKey
26009
85.60073752
i~1 Isas.. QueryValue
26010
85.60075121
*1 Isas... CloseKey
2
6
0
1
1
8
5
.
6
0
0
7
6
5
1
8
Isas... CloseKey
26012
85.60110796
<
R e
Path
*
HKCR\Drive\shelle)AFolderExtensions\{1
HKCR\Drive\shelle*\FolderExtensions\{1
HKCR\Drive\shelle>AFolderExtensions
HKCR\Drive\shelle)AFolderExtensions
HKCU\Software\Microsoft\Windows\Curr
HKCU\Sottware\Microsofl\Windows\Curr
HKCU\Sottware\Microsoft\Windows\Curr
HKCU\Soltware\Microsoft\Wmdows\Curr
HKCU\Soft*are\Micros oft\Wi n dows\Cu rr
HKCU\Sofevare\Microsoft\Windows\Curr
HKCU\Soltware\Microsott\Windows\Curr
HKLM\SECURI"TAPolicy
HKLM\SECURIT>APolicy\SecDesc
HKLM\SECURITViPolicy\SecDesc\(Def
HKLM\SECURITYAPolicy\SecDesc
HKLM\SECURI"TAPolicy\SecDesc
HKLM\SECURIPAPolicy\SecDesc\(Def
HKLM\SECURITAPolicy\SecDesc
; ,
HKLM\SECURITAPolicy
'
.:
. 8 . 1 . Regmon
.
:
Save (<Ctrl>+<S>)
, ;
Capture (<Ctrl>+<E>) /
;
Autoscroll (<Ctrl>+<A>) /
. ,
, ;
Clear (<Ctrl>+<X>) ;
D Time Format (<Ctrl>+<T>)
.
, , , ;
8.
227
Filter/Highlight (<Ctrl>+<L>) .
.
, . ,
, i* icq, iexplore;
History Depth (<Ctrl>+<H>)
. 0, ;
Find (<Ctrl>+<F>) ;
Regedit Jump (<Ctrl>+<J>)
, .
; | 1
|
I
...
: 18,2005; 08:25:55
. 8.2. Reg Organizer

R e g
O r g a n i z e r
Reg Organizer (. 8.2) .

, ,
, .
.
228
Windows
Reg Organizer . , reg-

( . . ). , ,
.
. Windows.
. -,
, regedit.exe
, , . , , , , . -,
. ,
.
. , . . , :
,
. ;
;
,
;

(DLL). DLL,
.
, , .
, . , ,
.

.
-,
. , , ,
, ,
. . , , -
8.
229
. , . . "",
. .
, , . "" ""
, .
, , . log-. :

,
;
(
), . . ,
;
, win.ini
system.ini.
Reg Organizer ,
, , .
, , Reg Organizer ,
, . ,
, , Reg Organizer.
,
. Reg Organizer . , .
Registry Viewer
Registry Viewer DOS-
, Windows. ?
.
, . , ,
DOS. , -
, .
, , ,
230
Windows

Windows.
, (. 8.3).
.
REGEDIT4,
Windows 9x/ME/NT/2000/XP.
REGVIEW.EXE NTUSER.DAT
KeVUievrer . 1 NT/2K/XP reg i s t r y R/W node
Accessibility
iCountry
Appearance
iCurrDigits
Colors
iCurrency
Current
iDate
Custom C o l o r s
iDigits
Desktop
iLZero
d o n ' t load
iHeasure
I n p u t Method
iNegCurr
International
iTine
IOProcs
iTLZero
Keyboard
Locale
Mouse
sllS9
Patterns
s2359
PowerCfg
sCountry
Screen Sauer.3DFlyingObj
^Currency
Screen S a u e r . 3 D P i p e s
sDate
Screen S a v e r . B e z i e r
sDecimal
Screen Sauer.Marquee
sLanguage
Screen S a v e r . M y s t i f y
sList
Screen S a u e r . S t a r s
sLongDate
Sound
sShortDate
sThouaand
sTirae
sTineFornat
iTinePrefix
sMonDecinalSep
snonThousandSep
iNegNuinber
sNatiueDigits
NumShape
iCalendarType
iFirstPayOfWeek
iFirstWeebOfye>
sGrouping
sMonGrouping
sPositiueSign
sNegatiueSign
HSDi
G e n e r a l P a u l Lee <c> 1999 -20U1.
7
2
1
1
2
1
0
5
1
0
00010419
P-
BOS
9
d MMMM yyyy
dd.MM.yyyy
u
:
'.'
0
h
1
0123456789
1
1
0
3;B
3;0
Path
Control Panel
SSSPKOTO.HIU
| F l Help F2 E x p o r t 1*1 Next l e u e l
l~l
P r e v i o u s l e v e l *-,- Change p a n e l Esc Quit
. 8.. Registry Viewer
Windows 2000/XP
HKEY__CURRENT_USER
ntuser.dat C:\Documents and Sttiin%s\<iiMH_noAb3oeame>. regview
8.
231
ntuser.dat. . <Enter>
<Gray +>, <Gray ->.
. http://www.paullee.ru -.
Registry UnDelete
. , . (, ,
) (
). Windows 95 , .
, ( ).
1. , .
2. , .
3. .
, . ,
.
4. Windows 98, , .
, , . . . ,
, . , , ""
( , ).
, .
(. 8.4). () .
.
.
. .
(
).
232
Windows
FHeijIstvg UnDelete 1.2" for Uin98/Me I
G e n e r a l P a u l Lee ~Cc>~2O0i7~
_ r l Help *-,-* Change p a n e l E n t e r U n D e l e t e ( a u t o >
. 8.4. Registry UnDelete
,
.
, . , , , , .

( ).
, , Registry
UnDelete .
8.
233
, ,
, , , .

DOS, "" , Windows .
Registry Viewer Registry UnDelete.
,
. , http://www.paullee.ru.
-
- , , .
: Soft ( ), Samples ( ),
Tutorials ( ). . 1 -.
1. -
/Soft
: Regmon, Reg Organizer, Reg Organizer, Registry Viewer, Registry UnDelete

Windows: ScreenBooty, LogonStudio, WinXPChanger
/Samples
,
, ,
Windows
:
Regmon (http://www.sysinternals.com/files/ntregmon.zip);
Reg Organizer (http://www.chemtable.com/files/regon.zip);
Reg Organizer
(http://www.chemtable.com/files/russian.exe);
Registry Viewer (http://www.paullee.ru);
Registry UnDelete (http://www.paullee.ru);
ScreenBooty (http://www.screenbooty.com/download/sbsetup_evaluation.exe);
LogonStudio (http://storage.stardock.com/files/LogonStudio_public.exe);
WinXPChanger
(http://winchanger.whatis.ru/file/winxpchanger_demo.zip).

A
ti1h11Program Intera
fce (API) 6
Asptopnueao
Blue Screen of Death (BSOD) 159

Boot defrag 166
D
Dial-Up- 172
DrWatson 169
Dynamic Data Exchange (DDE) 6
G
Ghost Explorer 40
H
HoverDesklll
1
Interface Manager 3
Internet Connection Firewall (ICF) 220
Internet Explorer 174, 221
L
LiteStep 110
M
MS Agent 2.0 24
N
Norton Ghost 38
NTFSDOS Professional 40
Null- 171
Object Linking and Embedding (OLE) 6

Outlook Express 183, 222
P
Paint 44
R
Reg Organizer 227
Registry Monitor 225
Registry UnDelete 231
Registry Viewer 229
Regmon 225
s
Service Pack 2 217
T
Talisman 111
w
Windows 1.0 3
Windows 2.0 4
Windows 2000 14
238
Windows 3.0 5
Windows 3.1 5
Windows 95 8
Windows 98 10
Windows for Workgroups 3.117
Windows Installer 171
Windows Mrclia Player 184
Windows NT i2
Windows NT 3.5 13
Windows NT 3.51 13
Windows NT 4.0 13
Windows Script Host (WSH) 172, 185
204
190
203
186
188
205
207
209
192
210
196
204
- 196
Windows Server 2003 17
Windows XP15,19
33
20
26
WinXPChanger 114
170
161
52
8
SHELL32.DLL 66
URL.DLL 68
44, 172
220
53, 159
161
Windows,
157
76
74, 93, 159

170
161
173
214
214
45
Windows 168
10
120
46, 155
49
Windows XP 36
46, 155
30
Windows 164
94, 137
53
127
58
140
24
25
26
25
81
133
131
75, 173
38
:
140
140
78, 164
169
57
130
142
:
Documents and Settings 24
System Volume Information 23
Windows\Driver Cache\i386 24
Windows\Media 24
Windows\Minidump 25
Windows\msagent 24
Windows\ShellNew 24
Windows\system32\config 25
Windows\system32\dllcache 25
Windows\system32\Restore 26
Windows\Temp 25
Windows\WinSxS 25
:
134
134
173
56
123
51, 111, 134
:
At.exe 60
attrib.exe 60
bootcfg.exe 61
239
charmap.exe 57
Chcp.exe 61
chkdsk.exe 61
cleanmgr.exe 57
clipbrd.exe 75
cmd.exe 155
Cmd.exe 46
cscript.exe 186
Driverqueiy.exe 61
Fc.exe 61
Find.exe 62
hostname.exe 62
Ieshwiz.exe 111
Iexpress.exe 73
Ipconfig.exe 62
makecab.exe 62
Microangelo 83
mplayer2.exe 76
msinfo32.exe 57
net.exe 63
netstat.exe 63
ping.exe 63
Powercfg.exe 64
progman.exe 134
Reg.exe 65
regedit.exe 119
Regsvr32.exe 65
Route.exe 65
rstnii.exe 53
mndll32.exe 65
sfc.exe 70
sluitdown.exe 71
sndvol32.exe 76
StyleXP 108
systeminfo.exe 72
tasklist.exe 72
taskmgr.exe 74
tracert.exe 72
Whoami.exe 77
wmplayer.exe 76
wscript.exe 76, 186
msconfig.exe 173
24
,
128
119
117
176
240
174
57
76
159
164
8
77
79
79
79
79

79
79
58
110
57
111
:
ClearType 158
Drag & Drop 6
Plug and Play 9
:
boot.ini 61
msi 171
pagefile.sys 167
REG.DAT 9
SYSTEM.DAT 9
USER.DAT 9
USER.EXE 68
winnt.exe 29
winnt32.exe 30
25
24
33
167
29, 30
24
,
136
166
174
107,157
121
Windows
Media 76
158
138
90
87

SoftLfne #
13#,1
* Microsoft,. Oracle,
SAP, Symantec, VerJtas, Citnx., Adobe .
. .
- - -
'. NM,
. : : ; . . .
:. .
. ' - . :
jfpHiMX
'. ; : ' .. : :;:
M i n e
S O t i .
. .
' . < ;' ; 0C'L1
119991, , . , 8. ./: (095) 232 00 23

E-mail: info@softline.ru http://www.softline.ru
, -, ), , ,
foitoe- , *
- . .
Microsoft Windows
www.bhv.ru
" "
., ., . 29, . (812) 251-41-10

E-mail: opt@bhv.spb.su

,
, ?
Mcirosoft"
?
W i n d o w s ,
.
,
, . ,
,
,
.
, -.
M
ccriosoft Ki
A
Access
M
ciroso
tf
M
ciroso
tf S
H
Excel
Outlod
5"| Mc
i rosoft
Office
-: www.bhv.ru (812) 251-42-44

-: www.computerbook.ru
: trade@bhv.spb.!
su
"-"
:
www.bhv.ru
" ": ., ., . 29, . (812) 251-41-10
: e-mail: opt@bhv.spb.su

. MS Agent Speech API Delphi (+CD-ROM)
448 .
. OpenGL.
C++ (+CD-ROM)
736 .
. DirectX 9. C++ (+CD-R0M)
400 .
A. MS Agent. (+CD-ROM)
352 .
. (+CD-ROM)
272 .
. MS Office Delphi
(+CD-ROM)
496 .
. C++
496 .
(+CD-ROM)
.
384 .
. 1: 7.7/8.0:
336 .
. Windows
880 .
(+CD-ROM)
A. HTML Web-
400 .
. MS SQL Server 2000:
608 .
. STL - C++
656 .
., . : GDI+ DirectX
(+CD-ROM)
. C++
368 .
496 .

. USB.
(+CD-ROM)
576 .

. : ,
. Linux (+CD-ROM)
1200 .
480 .

Язык

Windows. Народные советы

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Windows. Народные советы

Загружено:

Авторское право:

Доступные форматы

W

N 02429 24.07.00. 29.11.05.

. 1.1. Windows 1.0

( 1988 .) , Windows NT.

Windows 3.1 Windows 3.11

. 1.2. Windows 3.1

Windows API (Application Program Interface, )

File Options Window

File Manager Control Panel Print Manager Clipboard

. 1.. Program Manager

1993 . Microsoft Windows for Workgroups 3.11.

DirectX DirectDraw ( , ) DirectSound ( ).

Windows 98 Windows Millennium Edition

Internet Explorer . html-, ,

Windows NT 3.1, Daytona Windows NT 3.51

Windows NT 4.0 Windows 2000

WMD (Windows Driver Model)

Windows Server 2003

Advanced BIOS Features

System Volume Information

Documents and Settings , Windows XP. ,

Windows\WinSxS ( . Windows Side by Side )

Windows XP Home Edition CD

2 . 1 . Windows XP Home Edition

/-._ Windows XP.

winnt32.exe / s y s p a r t , Windows NT 4.0, Windows 2000

/tempdrive-._ . Windows XP . /tempdrive

/udf: [,_] (), (Uniqueness Database, UDB)

Windows ( , . .). , , Microsoft .

SP2 Deployment Tools

?,", Internet Explorer

Windows\Inf sysoc.inf, . , hide HIDE.

J> Winrlnws Mfisspnnfif

WINXPJ1.GHQ -Ghost Explorer

phpinfo.php read_dump.... RELEASE-O...

. 2.7. Ghost Explorer

Administrator's Pak Winternals.

/E:ON (/E:OFF) () . Windows

/V:ON (/V:OFF) () ( Cmd.exe) (!) . , /V = ON ivan var

Drive = InputBox (" .

WSH- (Windows Script Host). WSH, ,

> > > h

<Shift>, <Ctrl> <F10>.

.51- . "" #31699

Choose Abort to Win,

User-Friendly User Interface

"CMD / DIR > C : \ t e s t . O U t "

attrib.exe , , " ",

"", "" "". a t t r i b .

TCP, , , Ethernet, IP, IPv4

- ICMP. -. Ping TCP/IP-, , . ping,

'HKEY_IXXM J _ICHINE\Software\Microsoft\Internet E x p l o r e r "

rundll32 shell32.dll,Control_RunDLL hotplug.dll ;

rundll32 shell32.dll,Control_RunDLL access.cpl,,1

rundll32 shell32.dll,Control_RunDLL access.cpl,,4 ( );

rundll32 shell32.dll,Control_RunDLL access.cpl,,5 ( );

rundll32 shell32,Control_RunDLL appwiz.cpl,,3

rundll32 shell32.dll,Control_RunDLL desk.cpl,,3

rundll32 shell32.dll,Control_RunDLL inetcpl.cpl,,5 ( ).

rundll32 shell32.dll,Control_RunDLL main.cpl @ 0 ;

rundll32 shell32.dll,Control_RunDLL main.cpl @1

rundll32 shell32.dll,SHHelpShortcuts_RunDLL PrintersFolder OT ;

rundll32 shell32.dll,SHHelpShortcuts_RunDLL FontsFolder