Reg Cleaner
Mr Pounder
It seems to be okay. But I would not know any different.
Does anybody know of a good free reg cleaner that will safely do it better?
The Priceless list is confusing me.
Link if possible please.
Appreciated
Mr Pounder
VanguardLH
What is it about CCleaner that you feel some other utility would be better
at doing?
- What is currently wrong or failing with the registry?
- What convinced you that the registry needs to be "cleaned" up?
- What constitutes the "cleaning" actions?
- What do you expect to gain from the cleanup?
- What are you going to do if the registry changes hose over
your computer since a restore may not be possible?
- What is your recovery strategy from the registry changes?
*_Why the uneducated or lazy should never use registry cleaners_*
If YOU are not adept at *manually* editing the registry, don't use a tool
that you don't understand regarding its proposed changes. Regardless of
relinquishing the task to software, YOU are the final authority in allowing
it to make the changes. Any registry cleaner that does not request for YOU
to give permission to make its proposed changes along with listing each
proposed change should be discarded.
Do you have a backup & restore plan in place? When (and not if) the
registry cleaner corrupts your registry and when you can no longer boot into
Windows, just how are you going to restore that OS partition so it is usable
again? Even if you use a registry cleaner that provides for backups of its
changes so you can revert back to the prior state, how are you going to
perform that restore if you cannot boot the OS after hosing over its
registry? A registry cleaner that [automatically] backups up a copy of the
registry before you permit it to make changes to the registry sounds nice
but that feature is only usable if you can actually load the OS to then run
that utility to restore from its backup. You need something ELSE to ensure
you can restore your OS to a prior state so it is bootable and usable, like
an image backup (full or incremental). If you don't backup then you have
deemed your data as worthless or reproducible.
What about entries in the registry that look to be orphaned under the
current OS load instance but are used under a different OS environment? You
delete what looks orphaned only to find out that they are required under a
different environment.
Say there was an unusually high amount of orphaned entries in your registry,
like 4MB. By deleting the orphaned entries, you would speed up how long it
takes Windows to load the registry's files when it starts up - by all of
maybe 1 second. Oooh, aaah. All that risk of modifying the registry to
save maybe a second, or less, during the Windows startup. Most folks that
clean the registry end up deleting only 10KB, or less. They are doing
nothing to improve their Windows load time. Since the registry is only read
from the memory copy of it, and since memory is random access, there is no
difference to read one byte of the registry (in memory) from the another
byte in the registry (also in memory). The extra data in memory for
orphaned entries has no effect on the time to retrieve items from the memory
copy of the registry because orphaned entries are never retrieved (if they
were, they aren't orphaned).
Cleaning the registry will NOT improve performance in reading from the
memory copy of the registry. The reduced size of the registry's .dat files
might reduce the load time of Windows by all of a second and probably much
less. And you want to risk the stability of your OS for inconsequential
changes to its registry? The same boobs that get suckered into these
registry cleanup "tools" are the same ones that get suckered into the memory
defragment "tools".
A registry cleaner should only be used if you by yourself can correctly
cleanup the registry. The cleaner is just a tool to automate the same
process but you should know every change that it intends to make and
understand each of those changes. After all, and regardless of the stagnant
expertise that is hard coded into the utility, *YOU* are the final authority
in what registry changes are performed whether you do it manually or with a
utility. If YOU do not understand the proposed change (which requires the
product actually divulge the proposed change before committing that change),
how will you know whether or not to allow that change?
Jim S
The only problem with CrapCleaner I have had is that it repeatedly deleted
my help files before I realised it was doing it.
I untick 'help files' in the registry options and it seems fine.
Regcleaner is good 99% of the time - then it isn't and you wish you had
never used it the first 99 times.
--
Jim S
Tyneside UK
www.jimscott.co.uk
al
Microsoft's "Regclean", discontinued years ago, still works well and
without problems ... at least through XP.
The Henchman
"Yrrah" <Yrra...@acf.invalid> wrote in message
news:t2v4r5pjhv5oo1bl2...@net.com...
> "Mr Pounder" <MrPo...@RationalThought.com>:
>
>> I have used Crap Cleaner for years.
>> It seems to be okay. But I would not know any different.
>> Does anybody know of a good free reg cleaner that will safely do it
>> better?
>
> Your OS is?
> CCleaner is more than a registry cleaner. Its reg cleaning component
> is rather conservative in my experience, which is good for most people
> imho. If you feel really confident about what you are doing try
> RegSeeker (which is what I use occasionally).
> http://www.hoverdesk.net/freeware.htm
>
> Yrrah
I tried regseekr on a win 7 installation and messed it up big time. Good
thing I had an image backup from 1 hour earlier.
Johnw
> I tried regseekr on a win 7 installation and messed it up big time. Good
> thing I had an image backup from 1 hour earlier.
Not intended for Windows 7.
From the download site.
Windows 2000/2003/9x/XP / Freeware
za kAT
If it won't work on Vista, it's catshit.
Pooh agrees.
--
za...@pooh.the.cat - www.zakATsKopterChat.com
Dave Doe
MrPo...@RationalThought.com says...
>
> I have used Crap Cleaner for years.
> It seems to be okay. But I would not know any different.
> Does anybody know of a good free reg cleaner that will safely do it better?
>
> The Priceless list is confusing me.
> Link if possible please.
If you just do the 'Clean up' thing - it'll perform a registry check -
do whatever MS does (they don't exactly say do they :)
What they do say about it...
The clean up scanner will find obsolete temporary and registry files and
tell you if it?s time for you to clean up your hard disk. Removing these
files not only clears up clutter on your PC, it can also help improve
your computer?s performance. You can choose to follow the
recommendations or customize the clean up.
Yep, they don't really say anything of substance at all :)
--
Duncan.
Johnw
I usually have about 20 cleaners installed, just so I know what they
are all about. Most, if you don't have the skill level, you have to do
your research on what boxes to tick.
For about 4 years I find myself using these 2 nearly all the time. VIT
can be daunting, as it does a scan ( without choices ) & you see a
large number of files being selected. No files are removed until you
proceed after the scan.
At the end of the scan & you have gone through the 4 steps as per the
screenshots I uploaded, step 5 is offered & the cleaning is repeated.
Step 5 may be offered again & again, until finally it is happy there
are no more files to remove.
All files removed are backed up into the Rescue Center. On all the
computers I have set up & repair ( hav'nt done a Windows 7 ) I have
never had to use Rescue Center.
I normally run ATF ( no install ) first. Note: It is not Windows 7
ready.
ATF Cleaner
http://www.softpedia.com/get/Security/Secure-cleaning/ATF-Cleaner.shtml
http://www.atribune.org/
http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25
Forum
http://www.atribune.org/forums/
This program is for Windows 98/ME/2K/XP and Vista!
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please
click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please
click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the
bottom of each menu.
This will remove all files from the items that are checked so if you
have some cookies you'd like to save, please move them to a different
directory first.
Notes for Windows Vista users:
On Windows Vista that "Windows Temp" is disabled, to empty "Windows
Temp" ATF-Cleaner must be "Run as an Administrator"
Vit Registry Fix Free Edition
http://www.softpedia.com/get/Tweak/Registry-Tweak/Vit-Registry-Fix.shtml
http://www.softpedia.com/progScreenshots/Vit-Registry-Fix-Screenshot-119237.html
http://www.vitsoft.org.ua/vit-registry-fix-free.htm
XP / Vista / XP X64 / Vista64 / 7
Screenshots.
http://www.mediafire.com/imageview.php?quickkey=jytnqmmdzdo&thumb=4
http://www.mediafire.com/imageview.php?quickkey=wldlfvjzzn4&thumb=4
http://www.mediafire.com/imageview.php?quickkey=tjnjkmzuc2n&thumb=4
http://www.mediafire.com/imageview.php?quickkey=zvj5zreyjn0&thumb=4
http://www.mediafire.com/imageview.php?quickkey=zjrdkczkrij&thumb=4
http://www.mediafire.com/imageview.php?quickkey=5wzymo50zdo&thumb=4
UnsteadyKen
> The Priceless list is confusing me.
> Link if possible please.
If you are not using Windows 7 then I would recommend EasyCleaner from
ToniArts.
http://personal.inet.fi/business/toniarts/ecleane.htm
I've used it on many computers running Windows 98/ME/NT/2000/XP and
Vista without a single problem. It has an undo option but I've never
needed to use it. Lovely little Swiss Knife of a utility.
--
Ken O'Meara
http://www.btinternet.com/~unsteadyken/
Mr Pounder
"VanguardLH" <V...@nguard.LH> wrote in message
news:hotjbs$hub$1...@news.albasani.net...
Thanks for all of that.
Digested and much appreciated.
Mr Pounder
Mr Pounder
"WaIIy" <WaIIy@(nft).invalid> wrote in message
news:mul4r511n4hcl61e0...@4ax.com...
> On Tue, 30 Mar 2010 19:21:52 +0100, "Mr Pounder"
> away from it, including the CCleaner option.
>
> That's a dangerous place to play.
CCleaner is well respected.
I've been using this option for years.
Thanks
Mr Pounder
Mr Pounder
"Yrrah" <Yrra...@acf.invalid> wrote in message
news:t2v4r5pjhv5oo1bl2...@net.com...
> "Mr Pounder" <MrPo...@RationalThought.com>:
>
>> It seems to be okay. But I would not know any different.
>> Does anybody know of a good free reg cleaner that will safely do it
>> better?
>
> CCleaner is more than a registry cleaner. Its reg cleaning component
> is rather conservative in my experience, which is good for most people
> imho. If you feel really confident about what you are doing try
> RegSeeker (which is what I use occasionally).
> http://www.hoverdesk.net/freeware.htm
>
> Yrrah
>
> Some of the best of the best in Freeware
> http://www.pricelesswarehome.org/
XP Pro.
Sorry.
I'll leave well alone I think.
I just gotta stop myself messing about.
Mr Pounder
>
helium
>
> I have used Crap Cleaner for years.
> It seems to be okay. But I would not know any different.
> Does anybody know of a good free reg cleaner that will safely do it better?
>
http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
It runs on win9X - 7.
I would suggest that right after you install it you do a
completer backup of your registry (reg cleaner will back
it up for you). then run it. regards, Helium
--
*************************************************************
* For my correct address: *
* 1) replace Helium with take5 *
* 2) remove "-XXX" and "pi." *
*************************************************************
Mr Pounder
"Yrrah" <Yrra...@acf.invalid> wrote in message
> "Mr Pounder" <MrPo...@RationalThought.com>:
>
>> XP Pro.
>
> RegSeeker will work, but...
> .
>> I'll leave well alone I think.
>> I just gotta stop myself messing about.
>
>
> Yrrah
>
I need to cut my fingers off.
The damage I have done to computers goes back to 1994 :-)
CCleaner has just been updated btw.
Mr Pounder
John Corliss
If the registry is stored in memory, a larger registry means that less
memory is available for programs to use. Or am I missing something?
My registry backup using ERUNT is currently 44.6 mb in size. I have
absolutely NO idea why it has to be that large, even with all the
programs I have installed or have used over the years. However, since
any registry entry over 256 characters in length is hidden, that means
that there's probably all kinds of things in my registry like
*executables* which, if I knew they were there and what they did, I
would not like at all.
The registry sucks. I didn't like it when it first appeared in W95 and I
still don't like it.
http://rwmj.wordpress.com/2010/02/18/why-the-windows-registry-sucks-technically/
--
John Corliss BS206. I block all Google Groups posts due to Googlespam,
and as many posts from anonymous remailers (like x-privat.org for eg.)
as possible due to forgeries posted through them.
No ad, CD, commercial, cripple, demo, nag, share, spy, time-limited,
trial or web wares OR warez for me, please. Adobe Flash sucks, DivX rules.
Caesar Romano
wrote Re Re: Reg Cleaner:
>The registry sucks. I didn't like it when it first appeared in W95 and I
>still don't like it.
>
>http://rwmj.wordpress.com/2010/02/18/why-the-windows-registry-sucks-technically/
+1 on that.
--
Work is the curse of the drinking class.
Johnw
> My registry backup using ERUNT is currently 44.6 mb in size.
I just exported my registry onto the desktop to check it's size. It's
86.2 MB.
John Corliss
Good God. Is there any doubt at this point that Microsoft and-or the
government(s) are hiding stuff in the registry?
I have entire e-books that are only about a half a meg in size, and
those are the large ones. It's hard to believe that all the necessary
settings for the Windows OS and any installed programs can't be stored
in a file the size of a novel.
UnsteadyKen
> I have entire e-books that are only about a half a meg in size, and
> those are the large ones. It's hard to believe that all the necessary
> settings for the Windows OS and any installed programs can't be stored
> in a file the size of a novel.
Just exported my Vista reg and it's 290 MB (304,160,768 bytes) why on
earth is it that size? Could something be wrong with my setup?
Ron
> VanguardLH wrote:
>> Mr Pounder wrote:
>>
>>> I have used Crap Cleaner for years.
>>> It seems to be okay. But I would not know any different.
>>> Does anybody know of a good free reg cleaner that will safely do it
>>> better?
>>>
> If the registry is stored in memory, a larger registry means that less
> memory is available for programs to use. Or am I missing something?
I looked around for an answer to that, but didn't find anything that
really addressed the question.
>
> My registry backup using ERUNT is currently 44.6 mb in size. I have
> absolutely NO idea why it has to be that large, even with all the
> programs I have installed or have used over the years. However, since
> any registry entry over 256 characters in length is hidden, that means
> that there's probably all kinds of things in my registry like
> *executables* which, if I knew they were there and what they did, I
> would not like at all.
>
> The registry sucks. I didn't like it when it first appeared in W95 and I
> still don't like it.
>
> http://rwmj.wordpress.com/2010/02/18/why-the-windows-registry-sucks-technically/
>
>
It looks like ERUNT backups are actually *smaller* than the size of the
registry itself. I took a look at today's backup on this machine and
it's 62.5MB. Most all of that is in three files: a ntuser.dat, and two
.FILEs, Software and System. Just to cross-check, I exported the whole
registry; it was 129MB. Like you, I don't know why they're so large, but
I have a fair amount of commercial software, so that might be one
reason. I do go into the ERDNT backup folder in C:\Windows and erase old
backups after a while.
hth
Ron Moore
Ron
> John Corliss said...
>
>> I have entire e-books that are only about a half a meg in size, and
>> those are the large ones. It's hard to believe that all the necessary
>> settings for the Windows OS and any installed programs can't be stored
>> in a file the size of a novel.
>
> Just exported my Vista reg and it's 290 MB (304,160,768 bytes) why on
> earth is it that size? Could something be wrong with my setup?
>
>
default. May have something to do with Superfetch; must be a lot of
registry devoted to that Vista "feature".
Ron Moore
UnsteadyKen
> Don't think so. Iirc, the Vista registry is much larger than XP's by
> default. May have something to do with Superfetch; must be a lot of
> registry devoted to that Vista "feature".
Thanks Ron, the PC works well, I suppose it's no great size really, I
can't get my head round how big files and programs are these days,
still thinking in terms of my first HD at 20mb .
Ron
> Ron said...
>
>> Don't think so. Iirc, the Vista registry is much larger than XP's by
>> default. May have something to do with Superfetch; must be a lot of
>> registry devoted to that Vista "feature".
>
> Thanks Ron, the PC works well, I suppose it's no great size really, I
> can't get my head round how big files and programs are these days,
> still thinking in terms of my first HD at 20mb .
>
size of the HD on my 286 machine. (Not my first computer, just the first
one that would run Windows 3.11)
Ron Moore
John Corliss
The way I look at it Ron is, that the possibility for hidden executables
(both .dlls and .exes) in the registry and rootkits to even exist IMO
shows that there must be some hidden agenda on Microsoft's part.
Otherwise, Microsoft would have, long ago, removed the possibility of
rootkits entirely.
Imagine this scenario:
1. Microsoft finds itself in hot water with the U.S. judicial system
because they are engaging in monopolistic practices.
2. Microsoft is approached by the "Department of Fatherland Defense" and
made an offer that will make the legal action "fade away". In exchange,
all they have to do is to make it easily possible for the U.S.
government to spy on anybody who is using a computer running the Windows
operating system.
3. Microsoft agrees and creates the ability to:
a. hide executables in the registry and elsewhere (i.e. rootkits)
b. run executables without the end user being aware that this is the
case (i.e. again, rootkits)
And now it's time for some disinformation specialist to pop in and tell
us to not believe our lying eyes, but instead believe what they tell us.
Probably the only way to be secure from Big Brother is to have a
computer that never goes online and another that does. And even then,
there are all these "built in free wireless networking" offers from the
manufacturers that you would have to get around.
VanguardLH
> If the registry is stored in memory, a larger registry means that less
> memory is available for programs to use. Or am I missing something?
>
> My registry backup using ERUNT is currently 44.6 mb in size. I have
> absolutely NO idea why it has to be that large, even with all the
> programs I have installed or have used over the years. However, since
> any registry entry over 256 characters in length is hidden, that means
> that there's probably all kinds of things in my registry like
> *executables* which, if I knew they were there and what they did, I
> would not like at all.
>
> The registry sucks. I didn't like it when it first appeared in W95 and I
> still don't like it.
>
> http://rwmj.wordpress.com/2010/02/18/why-the-windows-registry-sucks-technically/
Yep, more entries in the registry means more bytes both on the hard disk and
for the memory copy. Since the memory copy gets used, random access to any
part of it is just as fast as to any other part, so compaction and
defragmentation of the file copy on disk has no effect on access speed from
the memory copy. Because the memory image gets bigger, it takes more time
to load the file into memory -- but how much longer? When you have
compacted your registry's disk files, just how much did their size get
reduced? Say you got rid of 10KB in "cleaning" and compacting the registry
files. How much time does it take your hard disk to read 10KB into memory?
You think you have a stopwatch that can measure down to milliseconds? By
the time you click the start button, it's already over. If a cleaning (and
compaction) results in megabytes of removed bytes then you'll get a second,
or two, of reduced Windows load time -- but how many years would it take
before you accumulated that much shit in your registry? You're already
looking at replacing your host by the time the Windows load time gets
measurably impacted because of dozens, or more, megabytes of orphaned
entries in the registry.
About the only time it is important to clean out the registry is when its
size approaches the configured maximum *if* your OS imposes a maximum.
http://www.pctools.com/guides/registry/detail/685
Windows 2000 had a max size based on the paging pool size; see:
http://support.microsoft.com/kb/124594
As I recall, you could set the max registry size by going to System applet
in Control Panel, Advanced tab, under Performance Options. Windows XP and
2003 Server removed that restriction; see:
http://support.microsoft.com/kb/292726/
You thought it was faster for a program to repeatedly open an .ini disk file
to get at its configuration settings rather than reading from memory? You
thought it was faster to parse through an .ini file a line at a time to find
a setting rather than a search through a binary tree? Equivalencing the
registry to a filesystem was incorrect (in the article you mention). It is
a binary database. Can the registry be improved? Certainly. Right now,
users are expect to edit the database rather than get educated on the calls
to make to the database engine hence all the registry tweakers that have
appeared (and disappeared) in over a decade. We are also stuck using
regedit.exe which, as you mention, will not show registry entries that
exceed 256 characters in length. There are also parsing problems in that
what you see is not what is there but users don't like using hex editors to
display non-ASCII text characters. This is a problem with the *tool* used
to display database records, not with the database itself. OE used a
database for its message store. Was it good? No, not when compared to much
more robust database programs. So one day we'll see something that replaces
the registry but, alas, will still have to support the old registry paradigm
just like all versions of Windows still support the old .ini files.
The same style of arguments that I've seen for .ini files versus the
registry are similar to the angst exhibited by car owners that understood
carbureted engines when fuel injection appeared. It wasn't that the old way
was better. It was just familiar. There is always momentum to overcome for
those used to the old way to learn the new way. Nostalgia is an
encumberance. When the registry gets replaced with something else, again
there'll be the old foggies used to the old way that whine about change.
None of the discussion pro or con regarding the use of the registry (in
memory) versus .ini files (on disk) has anything to do with the hazards
mentioned in my prior post about doing uneducated cleanup of the registry or
without a recovery plan in place.
By the way, my registry is at 110MB (its exported size in one file, not the
disk space physically occupied by all the registry's files). Cleaning it up
won't make it any smaller as I already do that BUT, as I mention in my prior
post, you need to backup the registry, UNDERSTAND the change before
committing to it, and provide a means of restoring your OS partition (that
does NOT rely on the cleaner tool since it can run to restore its backup
unless you can load a usable instance of Windows).
UnsteadyKen
> 20mb???? Were you independently wealthy? Mercifully, I've forgotten the
> size of the HD on my 286 machine. (Not my first computer, just the first
> one that would run Windows 3.11)
Wealthy? I wished, it was a lucky find in 1988. I'd traveled the
typical British micro route of Sinclair ZX81 then a Spectrum and on to
a QL. One day I was at at a general auction sale looking for some
furniture and one of the lots that came up was described as "A
computer, sold as is, no reserve", nobody else showed any interest and
I got it for a song. It turned out to be an IBM PS/2 model 30. 8MHz
8086, 640k, MCGA graphics and in perfect order. Built like a Rolls
Royce, I used and abused it for 5 years and it never missed a beat. I
still miss the keyboard, a wonderful individually switched solid thing
with a great action. They don't make them like that any more.
In 1998 I had moved on to this: http://goo.gl/fPxZ
Ron
The first computer I assembled was based on Synertek's KIM-1 board.
Based on the 6502 processor, it had 1K of RAM and an onboard keypad. I
had to supply power to it, and save all the data to a cassette deck.
Yup, cassettes. I used an old B&W TV with an RF adapter for a monitor.
Had to have been in the mid-70's, not long before the first Apple and
Commodore machines arrived. Seems like I had to learn assembly language
or BASIC to use it, but I don't remember. (happily!)
It was mostly a pastime in those days, since I was a working
photographer more concerned with photo shoots and clients than anything
else.
Mainframe
> Ron wrote:
> The way I look at it Ron is, that the possibility for hidden executables
> (both .dlls and .exes) in the registry and rootkits to even exist IMO
> shows that there must be some hidden agenda on Microsoft's part.
> Otherwise, Microsoft would have, long ago, removed the possibility of
> rootkits entirely.
>
> Imagine this scenario:
>
> 1. Microsoft finds itself in hot water with the U.S. judicial system
> because they are engaging in monopolistic practices.
>
> 2. Microsoft is approached by the "Department of Fatherland Defense" and
> made an offer that will make the legal action "fade away". In exchange,
> all they have to do is to make it easily possible for the U.S.
> government to spy on anybody who is using a computer running the Windows
> operating system.
>
> 3. Microsoft agrees and creates the ability to:
> a. hide executables in the registry and elsewhere (i.e. rootkits) b.
> run executables without the end user being aware that this is the
> case (i.e. again, rootkits)
>
> And now it's time for some disinformation specialist to pop in and tell
> us to not believe our lying eyes, but instead believe what they tell us.
>
> Probably the only way to be secure from Big Brother is to have a
> computer that never goes online and another that does. And even then,
> there are all these "built in free wireless networking" offers from the
> manufacturers that you would have to get around.
Not fair. I discovered that years ago !!!!
OK, so I second it.
And might I add, linux is going the same way. I recently installed
ubuntu 10.04 and my homemade router said it transmitted 10 Mb of data
during the install. Also opensuse 11.3 live, which I tested today scans
your HD and sends data about what music you have on your PC. The bad bit
is, ten years ago, in "pre patriot act" days, people would be shocked by
this. Today someone will probably start shouting about tinfoil hats.
ANY connection to the internet without prior user consent should
ALWAYS be considered spying.
No matter what bears say.
John Corliss
If more RAM memory is used up in the act of storing the registry, then
that means less RAM memory is available for programs which you're
running and accordingly, they would slow down. But again - am I missing
something here?
I'm sure you're right about the registry still working as well even when
it's bloated with bad and orphan entries, but it's my suspicion that the
size of the registry conceals the fact that it's harboring code which
isn't in the end user's best interests.
> About the only time it is important to clean out the registry is when its
> size approaches the configured maximum *if* your OS imposes a maximum.
>
> http://www.pctools.com/guides/registry/detail/685
>
> Windows 2000 had a max size based on the paging pool size; see:
>
> http://support.microsoft.com/kb/124594
>
> As I recall, you could set the max registry size by going to System applet
> in Control Panel, Advanced tab, under Performance Options. Windows XP and
> 2003 Server removed that restriction; see:
>
> http://support.microsoft.com/kb/292726/
>
> You thought it was faster for a program to repeatedly open an .ini disk file
> to get at its configuration settings rather than reading from memory? You
> thought it was faster to parse through an .ini file a line at a time to find
> a setting rather than a search through a binary tree? Equivalencing the
> registry to a filesystem was incorrect (in the article you mention). It is
> a binary database. Can the registry be improved? Certainly. Right now,
> users are expect to edit the database rather than get educated on the calls
> to make to the database engine hence all the registry tweakers that have
> appeared (and disappeared) in over a decade. We are also stuck using
> regedit.exe which, as you mention, will not show registry entries that
> exceed 256 characters in length.
I consider that to be a HUGE problem, especially from a security standpoint.
> There are also parsing problems in that
> what you see is not what is there but users don't like using hex editors to
> display non-ASCII text characters.
I agree, but that's because to most users (like me) it's all just a
bunch of gibberish and that serves no purpose. Is there a way to make
use of that kind of stuff?
> This is a problem with the *tool* used
> to display database records, not with the database itself. OE used a
> database for its message store. Was it good? No, not when compared to much
> more robust database programs. So one day we'll see something that replaces
> the registry but, alas, will still have to support the old registry paradigm
> just like all versions of Windows still support the old .ini files.
>
> The same style of arguments that I've seen for .ini files versus the
> registry are similar to the angst exhibited by car owners that understood
> carbureted engines when fuel injection appeared. It wasn't that the old way
> was better. It was just familiar.
But when carbs break, they can be worked on by most people instead of
having to pay mechanics hundreds of dollars to repair what used to be a
simple fix with carburation. Admittedly, carburation isn't as reliable
as EFI and doesn't adapt to altitude changes the way EFI can, but I
digress...
> There is always momentum to overcome for
> those used to the old way to learn the new way. Nostalgia is an
> encumberance. When the registry gets replaced with something else, again
> there'll be the old foggies used to the old way that whine about change.
Detesting the registry isn't simply a matter of nostalgia getting in the
way. The registry is a huge, unnecessarily bloated security risk.
> None of the discussion pro or con regarding the use of the registry (in
> memory) versus .ini files (on disk) has anything to do with the hazards
> mentioned in my prior post about doing uneducated cleanup of the registry or
> without a recovery plan in place.
I agree, if a person doesn't know what they're doing with a registry
cleaner then they shouldn't try to use one. OTOH, if a person (like me)
*does* know what they're doing, then it hurts nothing to use one. In
fact, I just used RegSeeker to clean out about 300 bad entries the day
before yesterday. No problems resulted.
> By the way, my registry is at 110MB (its exported size in one file, not the
> disk space physically occupied by all the registry's files). Cleaning it up
> won't make it any smaller as I already do that BUT, as I mention in my prior
> post, you need to backup the registry, UNDERSTAND the change before
> committing to it, and provide a means of restoring your OS partition (that
> does NOT rely on the cleaner tool since it can run to restore its backup
> unless you can load a usable instance of Windows).
When exported, my registry is 107 mb. That's ridiculously large IMO.
VanguardLH
> If more RAM memory is used up in the act of storing the registry, then
> that means less RAM memory is available for programs which you're
> running and accordingly, they would slow down. But again - am I missing
> something here?
Yep, an when you load more programs into memory that are resident (services,
background processes) then you also have less system memory for other loaded
programs. That's why you need to actually think about how much RAM you need
in your host for the tasks you intend to execute and do so concurrently. If
you plan on doing e-mail, word processing, and other menial tasks, a single
core CPU and 2GB host is sufficient. If you want to do video editing, some
newer games, or allow concurrent (not switched) users on, say, a host
running Terminal Services, you need more cores and more memory. If the
difference in memory consumption for the registry is causing your host to
thrash in and out of the paging file then you should consider just what you
really need to have loaded on startup, what you need to leave running, and
if you under-designed your host regarding its hardware requirements. Saying
that registry consumption of memory is going to impact your host is like the
user whining that they only have a couple gigabyte left on their 100GB hard
disk and wants to delete the C:\Windows\$<patch> folders to get back a
little more free disk space. That's a workaround that'll last only a short
time and isn't a fix for the real problem.
If you have bloated the size of your registry beyond what you consider a
good size then consider why you installed all that software on your host.
Do you want a neat, dustfree, cobweb-free, usable house that is easy to
navigate and have friends over? Or do you stockpile every piece of trash in
your dump of a house so you have to wind through narrow paths to walk
through the rooms? Just because you have gobs of space on huge hard disks
doesn't mean you should be installing every piece of software you come
across. That means bloat in the registry. It means you end up with
software you never or rarely use wasting disk space. If you consider your
registry's size to be bloated then so is the compilation of software that
you've installed on your host.
> I'm sure you're right about the registry still working as well even when
> it's bloated with bad and orphan entries, but it's my suspicion that the
> size of the registry conceals the fact that it's harboring code which
> isn't in the end user's best interests.
A text file can contain code but obviously it doesn't run until something
ELSE reads that code to run it. Same with any *data* in the registry. So
you're supposed to use security software to detect when you have malware,
even for just the loader, on your host that might read more code from
somewhere else.
> Detesting the registry isn't simply a matter of nostalgia getting in the
> way. The registry is a huge, unnecessarily bloated security risk.
And since when couldn't .ini files be altered without the knowledge of
users? Also, where is the security risk? Nothing in the registry is
executable. If some malware is hiding *data* in the registry (even if that
data is code), SOMETHING has to read that data to use it. There are better
ways of hiding code that can be loaded later than putting it in the
registry; i.e., use a file I/O driver to hide the code files. This is like
cookies are malware. They're just text files. The registry is just a
database of data. You need to catch the malware that would use those as
data sources, and the malware can use other locations to hide code files.
Bullets are worthless sitting in a box unless someone actually takes them
out to load into a gun.
>> None of the discussion pro or con regarding the use of the registry (in
>> memory) versus .ini files (on disk) has anything to do with the hazards
>> mentioned in my prior post about doing uneducated cleanup of the registry or
>> without a recovery plan in place.
>
> I agree, if a person doesn't know what they're doing with a registry
> cleaner then they shouldn't try to use one. OTOH, if a person (like me)
> *does* know what they're doing, then it hurts nothing to use one. In
> fact, I just used RegSeeker to clean out about 300 bad entries the day
> before yesterday. No problems resulted.
Tis why I said "uneducated". I also do not like the "boob tool" version of
registry cleaners that doesn't tell the user just what are the proposed
changes. Some don't present a decent list of proposed changes for the user
to see them or to understand what is being proposed. I've seen some that
tout being "one click fix" and it's all done in secret and magically to the
user's perspective. These users ARE the administrators of their own OS
using tools that can significantly to severely affects its usability, and
yet most of these registry cleaner users have never read a Dummies book, the
help included with the OS, or even glanced at a book on the registry. Users
of registry cleaners are like giving a scapel to the same boobs and tell
them to cut open the patient and probe around. For the educated, they can
be good tools provided that same user doesn't get lazy in using them. As
with any tools, some are crappy quality and some are good.
> When exported, my registry is 107 mb. That's ridiculously large IMO.
I've installed lots of software on my host (which remains on my host). I've
been using that same installation for years which means more entries get
added by Windows (beyond those added by the installation of software) or by
the application during its use. Since the registry is where the OS and apps
save their configuration data, the more software you install then the more
programs have configuration settings to save in the registry. Also, unlike
.ini files and separate caching files for somewhat temporary data, the
registry isn't just about storing configuration data but also a place to
store cached data. You have MRU (most recently used) lists, prefetch data,
cryptographic storage of your login credentials for Windows and e-mail
accounts, and so on. If you don't like the registry growing after you
install some software then bitch to the software's maker about storing all
that configuration and data in the registry. They use it because they can.
VanguardLH
> VanguardLH wrote:
>>
>> We are also stuck using regedit.exe which, as you mention, will not show
>> registry entries that exceed 256 characters in length.
>
> I consider that to be a HUGE problem, especially from a security
> standpoint.
Except that software that calls system APIs to access the registry are not
similarly restricted in parsing the registry. This is a defect of
regedit.exe, not of the registry. Any anti-malware program that scans the
registry is not going to use regedit.exe. It will use its own functions to
read the registry. Any limitations, if any, in reading the registry will
then be incorporate within that anti-malware program.
regedit.exe will also deliberately not show you some entries in the
registry. There are key to which even administrators are not allowed
access. That is because they are system values that admins should never
touch. Similarly, there are records for which you cannot change their
permissions because, again, administrators - which are users - are not
supposed to touch them. They are there for use by the OS, not for you to
reconfigure them. Some limitations in regedit.exe for your use were
deliberate. Some were unintentional and Microsoft should address them (but
obviously hasn't in over a decade).
If you are using security software that is as limited as regedit.exe to
obtain values from the registry, you need to toss that software and get
something better. For educated users familiar with the registry, and
because using system APIs is not limited in parsing registry entries as is
regedit.exe, your registry cleaner tool should also be able to access all
those over-256 character entries.
John Corliss
Well, I'd just like to find freeware that would go through the registry
and list all entries that are over 256 characters in length.
As for being protected from myself, I'm a big boy and am willing to take
chances. If I screw up, there's always format &reinstall, as well as
backed up data.
Johnw
> Well, I'd just like to find freeware that would go through the registry and
> list all entries that are over 256 characters in length.
>
Can't help on that one.
>
> As for being protected from myself, I'm a big boy and am willing to take
> chances. If I screw up, there's always format &reinstall, as well as backed
> up data.
>
Did you try Vit Registry Fix Free Edition as per my earlier post &
compare your before & after registry sizes?
John Corliss
> John Corliss presented the following explanation :
>
>> Well, I'd just like to find freeware that would go through the
>> registry and list all entries that are over 256 characters in length.
>>
> Can't help on that one.
>>
>> As for being protected from myself, I'm a big boy and am willing to
>> take chances. If I screw up, there's always format &reinstall, as well
>> as backed up data.
That remark was in response to VanguardLH's statement about regedit.exe
deliberately not showing some entries.
> Did you try Vit Registry Fix Free Edition as per my earlier post &
> compare your before & after registry sizes?
Sorry John, I don't see that post of yours in this thread for some
reason. You must mean this:
http://www.vitsoft.org.ua/Eng/vit-registry-fix-free.htm
I'm already using RegCleaner and RegSeeker. What I'd like to be able to
do isn't to do more cleaning, but to be able to locate and display any
entries that are longer than 256 characters in length.
John Corliss
> John Corliss wrote:
>
>> If more RAM memory is used up in the act of storing the registry, then
>> that means less RAM memory is available for programs which you're
>> running and accordingly, they would slow down. But again - am I missing
>> something here?
>
> Yep, an when you load more programs into memory that are resident (services,
> background processes) then you also have less system memory for other loaded
> programs. That's why you need to actually think about how much RAM you need
> in your host
? I'm running a home-based computer. Probably better to refer to it as a
client, if anything. I still prefer to simply refer to it as a computer
though.
Or maybe you meant to say, "a host" instead of "your host"?
> for the tasks you intend to execute and do so concurrently. If
> you plan on doing e-mail, word processing, and other menial tasks, a single
> core CPU and 2GB host is sufficient. If you want to do video editing, some
> newer games, or allow concurrent (not switched) users on, say, a host
> running Terminal Services, you need more cores and more memory. If the
> difference in memory consumption for the registry is causing your host to
> thrash in and out of the paging file then you should consider just what you
> really need to have loaded on startup, what you need to leave running, and
> if you under-designed your host regarding its hardware requirements.
All of this is pretty basic stuff of which I'm already aware of course.
"I was born at night, but it wasn't last night."
> Saying that registry consumption of memory is going to impact your host is
> like the user whining
Perhaps a less loaded word might be "complaining"? You seem to be
implying that *I* am "whining" by inference here. Besides, I'm not
interested in the effect that cleaning a registry has on any speed
issues because, like you, I know that it's effect is for all intents and
purposes, non-existent. I'm more interested in being able to clean out
settings and hidden crap which it isn't in my best interests to have
concealed there.
> that they only have a couple gigabyte left on their 100GB hard
> disk and wants to delete the C:\Windows\$<patch> folders to get back a
> little more free disk space. That's a workaround that'll last only a short
> time and isn't a fix for the real problem.
>
> If you have bloated the size of your registry beyond what you consider a
> good size then consider why you installed all that software on your host.
I have two computers, this one and a Sony VAIO which I don't use a lot.
In fact, I've only been restoring the latter to a "like new state" by
doing a total reinstall of the OS and all the basic programs it came
with. It also has a huge registry, IIRC with an ERUNT backup of about
slightly over 30 mb in size.
The fact of the matter is that I would simply like to hear a plausible
excuse for ANY registry having to be that large.
> Do you want a neat, dustfree, cobweb-free, usable house that is easy to
> navigate and have friends over? Or do you stockpile every piece of trash in
> your dump of a house so you have to wind through narrow paths to walk
> through the rooms? Just because you have gobs of space on huge hard disks
> doesn't mean you should be installing every piece of software you come
> across.
You're preaching to the choir here. I use every single program that I
have installed on my computer and there isn't any dead weight. None.
And again, it's my contention and belief that all the necessary settings
for the Windows OS and any installed programs should be able to be
stored in a file the size of an e-book novel -that is, about a half meg
at most.
> That means bloat in the registry. It means you end up with
> software you never or rarely use wasting disk space. If you consider your
> registry's size to be bloated then so is the compilation of software that
> you've installed on your host.
You're assuming things about my system which are incorrect. Also see the
remarks I made about my Sony VAIO above.
>> I'm sure you're right about the registry still working as well even when
>> it's bloated with bad and orphan entries, but it's my suspicion that the
>> size of the registry conceals the fact that it's harboring code which
>> isn't in the end user's best interests.
>
> A text file can contain code but obviously it doesn't run until something
> ELSE reads that code to run it. Same with any *data* in the registry. So
> you're supposed to use security software to detect when you have malware,
> even for just the loader, on your host that might read more code from
> somewhere else.
Or perhaps the code which is hidden in the Registry *isn't* from some
malware infestation, but instead originates from MS and-or the U.S.
government, as I have mentioned several times now in this group. I
honestly don't know for sure that this is the case, but I have my
suspicions that the situation might exist and I would like to know for
sure one way or the other.
>> Detesting the registry isn't simply a matter of nostalgia getting in the
>> way. The registry is a huge, unnecessarily bloated security risk.
>
> And since when couldn't .ini files be altered without the knowledge of
> users?
Of *course* they always were, but on the other hand you were almost
always able to view those alterations by simply opening the .ini file in
Notepad. You can't that with the Registry.
> Also, where is the security risk? Nothing in the registry is
> executable.
That, I'm afraid, is a statement which I would like to see some
references for. I'm not trying to be argumentative here, I would just
like to increase my knowledge base and this is one area in which I have
little background. I *have* heard mention in various places (where I no
longer remember) that .dll files and executable code can be hidden in
the registry or I would never have said that it could be.
> If some malware is hiding *data* in the registry (even if that
> data is code), SOMETHING has to read that data to use it.
Perhaps a rootkit could do this then.
> There are better
> ways of hiding code that can be loaded later than putting it in the
> registry; i.e., use a file I/O driver to hide the code files.
You mean like rootkits do.
> This is likecookies are malware.
But of course, I've never made that statement. Cookies just give out
more info to special interest groups and businesses than I'm comfortable
with providing. I run a tight rein on my FF cookies and I'm comfortable
with that arrangement.
> They're just text files. The registry is just a
> database of data. You need to catch the malware that would use those as
> data sources, and the malware can use other locations to hide code files.
> Bullets are worthless sitting in a box unless someone actually takes them
> out to load into a gun.
That is, unless say, your closet is full of thousands of .50 caliber
explosive tipped bullets and your house catches fire.
But as a metaphor, I agree. Still, having such code in the registry
could be part of the problem. For instance, why is it that with XP (I
forget which service pack it was, probably 2) all of the sudden the
Remote Procedure Call service became required? THAT service could easily
be accessing code hidden in the Registry in order to facilitate
governmental or business spying on you.
> I also do not like the "boob tool" version of registry cleaners that
> doesn't tell the user just what are the proposed changes.
Absolutely agree! Absolutely. IMO, anybody who uses such a program is
just begging for trouble if not immediately, then eventually. Only a
matter of time.
> Some don't present a decent list of proposed changes for the user
> to see them or to understand what is being proposed. I've seen some that
> tout being "one click fix" and it's all done in secret and magically to the
> user's perspective. These users ARE the administrators of their own OS
> using tools that can significantly to severely affects its usability, and
> yet most of these registry cleaner users have never read a Dummies book, the
> help included with the OS, or even glanced at a book on the registry. Users
> of registry cleaners are like giving a scapel to the same boobs and tell
> them to cut open the patient and probe around.
LOL Kind of like a "home lobotomy kit" (cotton gauze, a screwdriver and
a piece of bent coat hangar.)
> For the educated, they can be good tools provided that same user doesn't
> get lazy in using them. As with any tools, some are crappy quality and
> some are good.
I agree again. That's why I stick with what's worked for me so far.
Sure, there are other good ones out there but they basically duplicate
what my current choices do for me.
Of course, if I get a new computer all that's going to change.
>> When exported, my registry is 107 mb. That's ridiculously large IMO.
>
> I've installed lots of software on my host (which remains on my host). I've
> been using that same installation for years which means more entries get
> added by Windows (beyond those added by the installation of software) or by
> the application during its use. Since the registry is where the OS and apps
> save their configuration data,
Well, there's the problem. IMO, it's a "having all the eggs in one
basket" approach and I don't like or agree with that at all.
> the more software you install then the more
> programs have configuration settings to save in the registry. Also, unlike
> .ini files and separate caching files for somewhat temporary data, the
> registry isn't just about storing configuration data but also a place to
> store cached data. You have MRU (most recently used) lists, prefetch data,
> cryptographic storage of your login credentials for Windows and e-mail
> accounts, and so on.
Even with all that, I don't see any reason for the huge size of the
registry. The only thing that can account for the size, IMO, is hidden
code which most likely isn't in my best interests.
> If you don't like the registry growing after you
> install some software then bitch to the software's maker about storing all
> that configuration and data in the registry. They use it because they can.
Surely they do contribute to registry bloat. However, on this system
I've always carefully monitored every single installation of programs
with Total Uninstall. If it's missing any changes to the Registry, then
I'd like to know why.
My near future plan, if I don't get a new computer soon, is to wipe this
computer's drive and do a total reinstall of everything along with a
restoration of the data and tweaks. Invariably, every time I've done
this in the past the resulting registry size is much smaller than before
and the system runs much better. Mysterious glitches which I've been
able to tolerate up to that point seem to simply go away.
Regardless, I still don't believe that there's any reason for a registry
to be as large as it is. Having a large registry size means that
searching the registry takes much longer and at the very least, I don't
like *that*.
za kAT
> What I'd like to be able to
> do isn't to do more cleaning, but to be able to locate and display any
> entries that are longer than 256 characters in length.
Perhaps you could have a chat with this developer.
http://www.codeproject.com/KB/recipes/RegistryDumper.aspx
If you could adjust the code to forget the keys and just show values then
you just need to search for line lengths > 256, or something like that.
John Corliss
> John Corliss wrote:
>>
>> What I'd like to be able to do isn't to do more cleaning, but to be
>> able to locate and display any entries that are longer than 256
>> characters in length.
>
> Perhaps you could have a chat with this developer.
>
> http://www.codeproject.com/KB/recipes/RegistryDumper.aspx
>
> If you could adjust the code to forget the keys and just show values then
> you just need to search for line lengths> 256, or something like that.
Since I already have an account with the site so I was able to download
the program. It might be good enough for my purposes if I use the output
in conjunction with something else (not sure what yet at this point though.)
Many thanks.
John Corliss
> za kAT wrote:
>> John Corliss wrote:
>>>
>>> What I'd like to be able to do isn't to do more cleaning, but to be
>>> able to locate and display any entries that are longer than 256
>>> characters in length.
>>
>> Perhaps you could have a chat with this developer.
>>
>> http://www.codeproject.com/KB/recipes/RegistryDumper.aspx
>>
>> If you could adjust the code to forget the keys and just show values then
>> you just need to search for line lengths> 256, or something like that.
>
> Since I already have an account with the site so I was able to download
> the program. It might be good enough for my purposes if I use the output
> in conjunction with something else (not sure what yet at this point
> though.)
Should have added: to narrow down the results.
The readme that comes with the program says:
"RegDump takes one parameter and that is path to registry hive
for example c:\WINDOWS\repair\system. and hives are copied here
everytime we create system backup diskete in xp. Or you can take those
from system restore point dir"
In my case, since I don't use Windows Backup, I will have to get the
registry files from the System Restore point folder in the protected
"System Volume Information" folder. I can get inside that folder by
using some info I found in this group a while back-
Create a new shortcut, name is something appropriate. Give it the
following command line:
C:\WINDOWS\system32\cacls.exe "c:\System Volume Information" /E /G
"(user name)":F
To restore the protected status of the folder after I'm done dumping the
Registry (or at least a recent copy of it as in this case)-
Create a new shortcut, name is something appropriate. Give it the
following command line:
C:\WINDOWS\system32\cacls.exe "c:\System Volume Information" /E /R
"(user name)"
In both cases, where "(user name)" is your Windows user name. Also, this
assumes standard folder locations in XP. Not sure how this would be done
in newer versions of Windows.
za kAT
I was gonna say, if it dumps really large text files maybe something like
http://www.baremetalsoft.com/baregrep/index.php will help
I vaguely remember it accepts large line lengths as well as Searching files
of any size (> 2GB) as is tolerant of binary characters.
VanguardLH
> The fact of the matter is that I would simply like to hear a plausible
> excuse for ANY registry having to be that large.
Do a fresh install of Windows with no updates. Look at the registry's size.
Now install all the updates to Windows. Not the fluff crap, like
Silverlight, but the actually *OS* updates. Check the size of the registry.
Now go install all your software. The registry grows by leaps and bounds.
The registry is where these applications save their data for configuration,
MRUs, cached credentials, and so on.
Also remember that when you export the registry, you are not generating the
binary-formattery .dat files for the registry. You are generating a *text*
file, and an uncompressed one. The size of your exported registry is NOT
the size of the .dat files used to record the registry.
My ntuser.dat registry file (the HKEY_USERS hive for only my account) is
11.3MB in size. Under C:\Windows\system32\config, the registry files are:
default: 1.8MB
SAM: 0.3MB
SECURITY: 0.3MB
software: 29.7MB
system: 10.2MB
See which one consumes the most disk space hence the most memory when its
image gets loaded into memory? Software! Look at how much just YOUR user
profile added to the registry. Those are all the settings for YOUR
particular instance of the OS to differentiate it from any other Windows
account also created and used under that same OS. Your numbers will be
different depending on what software you have installed.
Then notice that the 110MB size for me exporting my registry (from its
memory image) is nowhere close to the total size of these registry files.
That's because the binary data stored into the .reg file is all text and it
isn't compressed. You are taking the binary database structure and
converting them to simple text strings. That causes a lot of bloating.
You sure that 0.5MB e-book that you tout as an example isn't a compressed
file? Can you use your reader to save a *text* file copy of the same e-book
to see how big it grows? My limited experience with e-books has me
believing they are stored in compressed format which means when (and if) you
saved them as plain uncompressed text that they would grow quite a bit.
> And again, it's my contention and belief that all the necessary settings
> for the Windows OS and any installed programs should be able to be
> stored in a file the size of an e-book novel -that is, about a half meg
> at most.
In the exported .reg file from your registry, just what OS-only
configuration and operational data do you think should be omitted? It's all
exposed in the registry and there is a lot of that info to expose. Once you
start declaring that parts of it should not get exposed then you are touting
that Windows should no longer be as configurable or monitorable or that
isolation between Windows accounts to allow their differentiation should be
reduced or removed.
> Or perhaps the code which is hidden in the Registry *isn't* from some
> malware infestation, but instead originates from MS and-or the U.S.
> government, as I have mentioned several times now in this group. I
> honestly don't know for sure that this is the case, but I have my
> suspicions that the situation might exist and I would like to know for
> sure one way or the other.
Personally I have not found any code blocks stored in the registry using
various registry utilities. It would be of little value since a loader
would have to read that data so it is the loader with which you need to be
concerned. If Microsoft were in cohoots with NSA to execute secrete code,
they certainly wouldn't have to waste uncompressed text space in the
registry. Rather they'd just put in it a .dll that the OS would not permit
its deletion, alteration, or refuse to load if missing or altered and which
would always get loaded into memory as part of the OS kernel to ensure that
these furtive functions were always available.
>> If some malware is hiding *data* in the registry (even if that
>> data is code), SOMETHING has to read that data to use it.
>
> Perhaps a rootkit could do this then.
Which would operate as a kernel-level file handler to hide its own code
files, not waste space in the registry. Since any program can use the
system API to read all of the registry values, including the 256-char ones
that regedit.exe won't show, they would still discover the malware code
block residing there. If someone is going to the effort of writing a
rootkit, using the registry seems a dumbass move of where to store the
remainder of their code. Rootkits also want to survive beyond a Repair
in-place install of the OS or a wipe and reinstall of the OS which means the
registry starts anew.
In all the years that you have been using Windows, have you ever heard of
registry-based malware (beyond fucking over the config settings for the OS)
where they store *code* there? There are folks in the *.security newsgroups
that are far more knowledgeable than I regarding the various infection
vectors into Windows, so you saying there might be but haven't see it happen
and me saying that I've never seen it or heard about it and it doesn't make
sense really isn't going to resolve the matter. You might want to wander
over into those other newsgroups of greater experts than the both of us to
find out if any malware has actually stored *code* (not just settings) in
the registry.
John Corliss
> John Corliss wrote:
>> John Corliss wrote:
>>> za kAT wrote:
>>>> John Corliss wrote:
>>>>>
>>>>> What I'd like to be able to do isn't to do more cleaning, but to be
>>>>> able to locate and display any entries that are longer than 256
>>>>> characters in length.
>>>>
>>>> Perhaps you could have a chat with this developer.
>>>>
>>>> http://www.codeproject.com/KB/recipes/RegistryDumper.aspx
>>>>
>>>> If you could adjust the code to forget the keys and just show values then
>>>> you just need to search for line lengths> 256, or something like that.
>>>
>>> Since I already have an account with the site so I was able to download
>>> the program. It might be good enough for my purposes if I use the output
>>> in conjunction with something else (not sure what yet at this point
>>> though.)
>
> I was gonna say, if it dumps really large text files maybe something like
>
> http://www.baremetalsoft.com/baregrep/index.php will help
>
> I vaguely remember it accepts large line lengths as well as Searching files
> of any size (> 2GB) as is tolerant of binary characters.
Looks like a really good one. Downloading now. Thanks again!
John Corliss
LOL. Eh... that is, for nagware.
VanguardLH
> ... but the actually *OS* updates. ...
Okay, that boo boo was because I rewrote and shortened the sentence but
forgot to change "actually" to "actual".
> ... you are not generating the binary-formattery .dat files ..
But how the hell did "formated" turn into "formattery". "ry" instead of "d"
just isn't a fat-finger typo.
za kAT
Tiny one, I'd forgotten your sensitivities.
Not sure that is a good solution anyway, thinking about it.
You need to sort by line length at least, or preferably chop those < 256
characters and it doesn't do that. There are loads of ways to do this
scripting wise, easy under Linux I'm sure. Perhaps GNU tools.
Cue someone with a cool one liner...
John Corliss
> John Corliss wrote:
>
>> The fact of the matter is that I would simply like to hear a plausible
>> excuse for ANY registry having to be that large.
>
> Do a fresh install of Windows with no updates. Look at the registry's size.
You mean right now? I'm sorry, but I don't have three days to devote to
this process at the moment. However, next time I do this I already fully
intend to do what you're suggesting here.
> Now install all the updates to Windows. Not the fluff crap, like
> Silverlight, but the actual (corrected as per your other post) *OS* updates.
I rarely, if ever, install anything but critical security patches. I
don't even install any registry bloating dotnet runtimes.
> Check the size of the registry.
> Now go install all your software. The registry grows by leaps and bounds.
> The registry is where these applications save their data for configuration,
> MRUs, cached credentials, and so on.
>
> Also remember that when you export the registry, you are not generating the
> binary-formattery .dat files for the registry. You are generating a *text*
> file, and an uncompressed one. The size of your exported registry is NOT
> the size of the .dat files used to record the registry.
An ERUNT backup is probably more representative of the binary formatted
version of the registry, and currently my ERUNT backup is around 44 mb.
That's still ludicrously oversized.
> My ntuser.dat registry file (the HKEY_USERS hive for only my account) is
> 11.3MB in size. Under C:\Windows\system32\config, the registry files are:
>
> default: 1.8MB
> SAM: 0.3MB
> SECURITY: 0.3MB
> software: 29.7MB
> system: 10.2MB
Here's mine (all values in mb):
default: 3.47
SAM: .02
SECURITY: .048
software: 20.99 (although for some reason, the .bak version is 23.19)
system: 8.49
One might assume then, that without any software installed, just the OS,
the registry might be around 10 or 11 mb. Still too large, but you're
right -the software does account for a huge portion of the overall size.
> See which one consumes the most disk space hence the most memory when its
> image gets loaded into memory? Software!
Heh. Calm down, no need to get excited here. We're just trying to figure
out why the registry is so large. Frankly, I'm beginning to think it's a
matter of the way the data in it is formatted -clumsily most likely.
> Look at how much just YOUR user
> profile added to the registry. Those are all the settings for YOUR
> particular instance of the OS to differentiate it from any other Windows
> account also created and used under that same OS.
But of course, there's only me using this computer; there are no other
user accounts on it than mine, not even a guest account.
> Your numbers will be different depending on what software you have
> installed.
>
> Then notice that the 110MB size for me exporting my registry (from its
> memory image) is nowhere close to the total size of these registry files.
> That's because the binary data stored into the .reg file is all text and it
> isn't compressed.
Yes, I know this. Sort of referred to it when I mentioned the ERUNT
backup above.
> You are taking the binary database structure and
> converting them to simple text strings. That causes a lot of bloating.
>
> You sure that 0.5MB e-book that you tout as an example isn't a compressed
> file?
Absolutely sure. I prefer my eBooks in .wpd (WordPerfect) document
format, so I convert them from .lit and palm to .rtf first. Most of them
stay that way until I read them (I don't want to go into the process I
use here because it has nothing to do with what we're talking about *or*
freeware in general.)
> Can you use your reader to save a *text* file copy of the same e-book
> to see how big it grows?
See the above.
> My limited experience with e-books has me believing they are stored in
> compressed format which means when (and if) you saved them as plain
> uncompressed text that they would grow quite a bit.
I never really paid attention to this, but you're probably correct.
Regardless, I was actually talking about the .rtf versions I create by
using these two freeware programs:
http://www.processtext.com/abclit.html
http://www.processtext.com/abcpdf.html (not really freeware any longer)
>> And again, it's my contention and belief that all the necessary settings
>> for the Windows OS and any installed programs should be able to be
>> stored in a file the size of an e-book novel -that is, about a half meg
>> at most.
>
> In the exported .reg file from your registry, just what OS-only
> configuration and operational data do you think should be omitted?
That's simple! Anything less than 256 characters in length *or* anything
without a "/0" embedded in them. *That's* the stuff I want to be able to
take a look at.
However, if you mean that I would have to remove configuraional and
operational data from the Registry in order to get the size down, that's
contrary to what I'm saying. I very clearly said, and I quote, "all the
necessary settings for the Windows OS and any installed programs should
be able to be stored in a file the size of an e-book novel -that is,
about a half meg at most." I don't think I could have been any clearer
about that.
> It's all exposed in the registry
In the unexported Registry, it's not. Anything over 256 characters in
length is hidden when you use Regedit or Regedit32. There can also be
registry keys with \0 embedded in them, making it impossible to find
those entries using the Win32 API but which can be found via the native api:
http://en.wikipedia.org/wiki/Native_API
http://web.archive.org/web/20060315213024/http://www.sysinternals.com/Information/NativeApi.html
but I wouldn't have a clue about how to use that method.
In the exported Registry though, I wouldn't know if it was all there or
not since I don't have a program that will open a 109 mb text (.reg)
file. As I type this, I'm trying to do it in Jarte.
(Five minutes later) Jarte choked on it. Maybe it might have eventually
opened it or maybe if I had a newer computer, it might have opened the
file quickly but I don't. If wishes were dishes, we'd all dine on China.
> and there is a lot of that info to expose.
You're telling me!
> Once you start declaring that parts of it should not get exposed then you
> are touting that Windows should no longer be as configurable or monitorable
> or that isolation between Windows accounts to allow their differentiation
> should be reduced or removed.
Looks to me like you're putting words in my mouth here.
>> Or perhaps the code which is hidden in the Registry *isn't* from some
>> malware infestation, but instead originates from MS and-or the U.S.
>> government, as I have mentioned several times now in this group. I
>> honestly don't know for sure that this is the case, but I have my
>> suspicions that the situation might exist and I would like to know for
>> sure one way or the other.
>
> Personally I have not found any code blocks stored in the registry using
> various registry utilities.
Just curious, what utilities do you refer to here?
> It would be of little value since a loader
> would have to read that data so it is the loader with which you need to be
> concerned. If Microsoft were in cohoots with NSA to execute secrete code,
> they certainly wouldn't have to waste uncompressed text space in the
> registry.
No, they wouldn't *have to*, but it would indeed be an option. I think
the crux of the matter here is the question:
Is the 256 character limit on viewable entries a bug, slothful
programming or is it actually by design?
> Rather they'd just put in it a .dll that the OS would not permit
> its deletion, alteration, or refuse to load if missing or altered and which
> would always get loaded into memory as part of the OS kernel to ensure that
> these furtive functions were always available.
And also hidden, as in a rootkit. But this is just another *option*.
>>> If some malware is hiding *data* in the registry (even if that
>>> data is code), SOMETHING has to read that data to use it.
>>
>> Perhaps a rootkit could do this then.
>
> Which would operate as a kernel-level file handler to hide its own code
> files, not waste space in the registry. Since any program can use the
> system API
By "system API" do you mean the Win32 API or the Native API?
"There can also be registry keys with \0 embedded in them, making it
impossible to find those entries using the Win32 API but which can be
found via the native api."
> to read all of the registry values, including the 256-char ones
> that regedit.exe won't show, they would still discover the malware code
> block residing there. If someone is going to the effort of writing a
> rootkit, using the registry seems a dumbass move of where to store the
> remainder of their code. Rootkits also want to survive beyond a Repair
> in-place install of the OS or a wipe and reinstall of the OS which means the
> registry starts anew.
But I'm not necessarily *talking* about a rootkit here! It would be
something which security programs would consider to be simply a part of
the standard OS install set.
> In all the years that you have been using Windows, have you ever heard of
> registry-based malware (beyond fucking over the config settings for the OS)
> where they store *code* there?
You misunderstand me. I'm not referring to deliberate malware attacks,
I'm referring to standard Registry inclusions which are not in my best
interests, and which may have originated from MS or the U.S. government.
> There are folks in the *.security newsgroups
> that are far more knowledgeable than I regarding the various infection
> vectors into Windows, so you saying there might be but haven't see it happen
> and me saying that I've never seen it or heard about it and it doesn't make
> sense really isn't going to resolve the matter. You might want to wander
> over into those other newsgroups of greater experts than the both of us to
> find out if any malware has actually stored *code* (not just settings) in
> the registry.
Look, we can argue about this until we're both blue in the face but it's
not going to accomplish anything. It will always remain my intention and
goal to be able to easily view the >256 character length and /0
inclusion registry entries. That's not going to change. I have my
reasons for wanting to do so, and you're not going to talk me out of them.
Period
And now if you want to continue this discussion, feel free but I am done
with it. Sorry, I just don't have the time for this.
VanguardLH
>> Look at how much just YOUR user profile added to the registry. Those are
>> all the settings for YOUR particular instance of the OS to differentiate
>> it from any other Windows account also created and used under that same
>> OS.
>
> But of course, there's only me using this computer; there are no other
> user accounts on it than mine, not even a guest account.
NT-based versions of Windows won't ever know that fact. They are designed
to support multiple accounts. They are NOT designed like the old personal
9x-based versions of Windows where there was just one user (despite the
login which merely kept separate the cached login credentials for the web
browser). Each profile gets its own ntuser.dat registry hive. To permit
all the isolation afforded by having separate Windows logins, all the
user-specific settings get saved here. You have one login now. Windows
doesn't care because there are already more profiles than just your own
account, and you could create more. That you don't create more accounts has
no effect on how Windows will manage the one that you did create.
>> In the exported .reg file from your registry, just what OS-only
>> configuration and operational data do you think should be omitted?
>
> That's simple! Anything less than 256 characters in length *or* anything
> without a "/0" embedded in them. *That's* the stuff I want to be able to
> take a look at.
I haven't investigated the 256-char problem to know of a registry utility
that looks specifically for registry key or data item names that are that
long, or greater. As for looking for an embedded null character, and
because it's when I want to delete a key that has it (but regedit.exe's
parser won't handle it), I use SysInternals' RegDelNull utility.
> "all the necessary settings for the Windows OS and any installed programs
> should be able to be stored in a file the size of an e-book novel -that
> is, about a half meg at most." I don't think I could have been any
> clearer about that.
Except that is also like asking for "War and Peace" to be contained within
the same size as for some short story you found in Reader's Digest. There
*is* that much more in the registry than in your little e-book novel. Stop
trying to compare a novel to a full encyclopedia set.
Also remember that there are only *two* real hives in the registry:
HKEY_LOCAL_MACHINE and HKEY_USERS. All the others are pseudo-hives that are
compiled on Windows startup from the real two hives. That means when you
export the registry using regedit.exe (I don't know what ERUNT does), you
will get redundant entries. That's why I mentioned looking the actual
registry files on the hard disk (ntuser.dat and under system32\config)
rather than relying on an exported copy. Because of the duplicated data,
the exported version is 110MB while the sum total of ntuser.dat and the
system32\config files was 53.6MB. The exported copy is twice the size of
the real registry's size. I haven't used ERUNT to know if it omits the
pseudo-hives from its exported copy.
Yes, the registry is bigger than your little e-book. There are LOTS of
documents bigger than your tiny 0.5MB e-book that you are striving to use in
your comparison. As a comparison to a tangible document (not some
unidentified short story in e-book form), I downloaded the instruction book
for the 1040 tax form - the same one you get along with the 1040 form - and
whose size is:
PDF file (compressed): 3.3MB
DOC file: 19.6MB
Your wish to make pocket marbles out of boulders ain't gonna happen and is
not realistic.
> Is the 256 character limit on viewable entries a bug, slothful
> programming or is it actually by design?
It is a limit in tool being used: regedit.exe. It is not a limit of the
registry's database files nor of using the system APIs to access those
records.
> By "system API" do you mean the Win32 API or the Native API?
>
> "There can also be registry keys with \0 embedded in them, making it
> impossible to find those entries using the Win32 API but which can be
> found via the native api."
The same API that is afforded to utilities like SysInternals RegDelNull.
Although on my wishlist of books to get and read from my local public
library, I haven't yet delved into the "Windows Internals" book. Too many
other books on my wishlist to first read, plus I'd like to wait until v5 of
the book becomes available (at my library).
> You misunderstand me. I'm not referring to deliberate malware attacks,
> I'm referring to standard Registry inclusions which are not in my best
> interests, and which may have originated from MS or the U.S. government.
But you don't own their software. They give you what they want to give you.
You only get to lease a version of it. Obviously they don't need to do
anything in the registry to do whatever they choose to have their software
do. If Microsoft were trying to perform covert functions within Windows, I
doubt they would expose it to utilities that can read all of the registry.
You can be just as paranoid about open-source Linux distributions and what
they're putting into that, too, because neither of us are OS programmers to
waste our time reviewing every byte of code to see what all the OS does.
Yes, there are a select group of programmers that help develop the Linux
distros but, gee, they could all be part of a cabal of thieves, too.
Whether Windows or Linux or some other OS, it's THEIR code and you can
choose to use it or not. Beyond what THEY afford to you for configurability
and monitoring, you don't get to decide how their code works.
John Corliss
and was getting a little stressed out.
VanguardLH wrote:
> John Corliss wrote:
>
>>> Look at how much just YOUR user profile added to the registry. Those are
>>> all the settings for YOUR particular instance of the OS to differentiate
>>> it from any other Windows account also created and used under that same
>>> OS.
>>
>> But of course, there's only me using this computer; there are no other
>> user accounts on it than mine, not even a guest account.
>
> NT-based versions of Windows won't ever know that fact. They are designed
> to support multiple accounts. (snip) That you don't create more accounts
> has no effect on how Windows will manage the one that you did create.
Yes, I know all this of course. However like most people, I still simply
prefer to refer to my machine as a "computer" instead of a "host".
>>> In the exported .reg file from your registry, just what OS-only
>>> configuration and operational data do you think should be omitted?
>>
>> That's simple! Anything less than 256 characters in length *or* anything
>> without a "/0" embedded in them. *That's* the stuff I want to be able to
>> take a look at.
This site:
http://www.gentlesecurity.com/blog/index.php/2006/11/12/reghide)
says that including a null character in a name string only renders it
un-editable but that it's still visible in Regedit and Regedit32. I
wouldn't know for sure.
> I haven't investigated the 256-char problem to know of a registry utility
> that looks specifically for registry key or data item names that are that
> long, or greater. As for looking for an embedded null character, and
> because it's when I want to delete a key that has it (but regedit.exe's
> parser won't handle it), I use SysInternals' RegDelNull utility.
Hey, that looks like a great utility. However, do you know if changing a
"/0" to a "*" in a registry entry will cause any problems? Is the change
permanent or just long enough to expose the string for possible deletion?
>> "all the necessary settings for the Windows OS and any installed programs
>> should be able to be stored in a file the size of an e-book novel -that
>> is, about a half meg at most." I don't think I could have been any
>> clearer about that.
>
> Except that is also like asking for "War and Peace" to be contained within
> the same size as for some short story you found in Reader's Digest. There
> *is* that much more in the registry than in your little e-book novel. Stop
> trying to compare a novel to a full encyclopedia set.
>
> Also remember that there are only *two* real hives in the registry:
> HKEY_LOCAL_MACHINE and HKEY_USERS. All the others are pseudo-hives that are
> compiled on Windows startup from the real two hives. That means when you
> export the registry using regedit.exe (I don't know what ERUNT does), you
> will get redundant entries.
Well, this is good to know. It certainly accounts for some of the
apparent bloat in the exported version.
> That's why I mentioned looking the actual
> registry files on the hard disk (ntuser.dat and under system32\config)
> rather than relying on an exported copy. Because of the duplicated data,
> the exported version is 110MB while the sum total of ntuser.dat and the
> system32\config files was 53.6MB. The exported copy is twice the size of
> the real registry's size. I haven't used ERUNT to know if it omits the
> pseudo-hives from its exported copy.
Here's a Catfish export of the catalog for the most current ERUNT backup
folder on my computer (slightly modified to make it clearer):
C:\WINDOWS\ERDNT\2010-0~1\
3,551,232 10-03-31 default
673 10-03-31 Erdnt.con
163,328 05-10-20 Erdnt.exe
1,010 10-03-31 Erdnt.inf
2,815 02-09-25 Erdntdos.loc
3,275 02-09-25 Erdntwin.loc
20,480 10-03-31 Sam
49,152 10-03-31 Security
20,537,344 10-03-31 software
8,515,584 10-03-31 system
C:\WINDOWS\ERDNT\2010-0~1\Users\
C:\WINDOWS\ERDNT\2010-0~1\Users\00000001\
204,800 10-03-31 Ntuser.dat
C:\WINDOWS\ERDNT\2010-0~1\Users\00000002\
8,192 10-03-31 UsrClass.dat
C:\WINDOWS\ERDNT\2010-0~1\Users\00000003\
13,750,272 10-03-31 ntuser.dat
C:\WINDOWS\ERDNT\2010-0~1\Users\00000004\
45,056 10-03-31 UsrClass.dat
> Yes, the registry is bigger than your little e-book. There are LOTS of
> documents bigger than your tiny 0.5MB e-book that you are striving to use in
> your comparison. As a comparison to a tangible document (not some
> unidentified short story in e-book form), I downloaded the instruction book
> for the 1040 tax form - the same one you get along with the 1040 form - and
> whose size is:
>
> PDF file (compressed): 3.3MB
> DOC file: 19.6MB
Most people know that at this point, a Microsoft Word document has far
too much formatting bloat in it. Convert such a document to an .rtf or
.txt file and you'll see what I mean.
> Your wish to make pocket marbles out of boulders ain't gonna happen and is
> not realistic.
Maybe not, but I can still wish for it, realistic or not.
>> Is the 256 character limit on viewable entries a bug, slothful
>> programming or is it actually by design?
>
> It is a limit in tool being used: regedit.exe. It is not a limit of the
> registry's database files nor of using the system APIs to access those
> records.
Yes, I know this. Should have made this clearer.
>> By "system API" do you mean the Win32 API or the Native API?
>>
>> "There can also be registry keys with \0 embedded in them, making it
>> impossible to find those entries using the Win32 API but which can be
>> found via the native api."
>
> The same API that is afforded to utilities like SysInternals RegDelNull.
> Although on my wishlist of books to get and read from my local public
> library, I haven't yet delved into the "Windows Internals" book. Too many
> other books on my wishlist to first read, plus I'd like to wait until v5 of
> the book becomes available (at my library).
>
>> You misunderstand me. I'm not referring to deliberate malware attacks,
>> I'm referring to standard Registry inclusions which are not in my best
>> interests, and which may have originated from MS or the U.S. government.
>
> But you don't own their software.
Why state the obvious?
> They give you what they want to give you.
Ditto.
> You only get to lease a version of it.
Ditto.
> Obviously they don't need to do anything in the registry to do whatever
> they choose to have their software do.
Ditto.
> If Microsoft were trying to perform covert functions within Windows, I
> doubt they would expose it to utilities that can read all of the registry.
Of course they would, especially if all those utilities were believing
that what MS and the government hid there actually belonged as part of a
standard registry's "settings" for the OS.
> You can be just as paranoid about open-source Linux distributions and
> what they're putting into that, too, because neither of us are OS
> programmers to waste our time reviewing every byte of code to see what all
> the OS does. Yes, there are a select group of programmers that help develop
> the Linux distros but, gee, they could all be part of a cabal of thieves,
> too. Whether Windows or Linux or some other OS, it's THEIR code and you can
> choose to use it or not. Beyond what THEY afford to you for configurability
> and monitoring, you don't get to decide how their code works.
Let's just stop a second and clarify that word you used, "paranoid". The
WordWeb definition of paranoia is:
"A psychological disorder characterized by delusions of persecution or
grandeur"
Note the word *delusions* here.
In a delusion, a person actually is sure -as in *positive*, as in
HALLUCINATING that some situation *definitely* exists beyond any
reasonable doubt.
This is as opposed to simply believing that the *possibility* of
something exists, as is the case with me here.
I am NOT "paranoid" any more than *you* are an asshole.
It's not paranoid in the least to believe that the government wants to
spy on us, or that MS and-or the U.S. government wants to monitor our
computing and stored data.
Surely you've heard about a little thing egregiously named the "Patriot
Act"? I.e., the raping of our constitutional rights by a president who
also swore to defend the Constitution as part of his presidential oath
of office? The ongoing continuation of that breach of faith by the
current administration? As in, "He who would exchange even a little
freedom for safety, deserves neither freedom or safety"?
How about the existence of these agencies?
http://www.darpa.mil
https://www.cia.gov
http://www.dhs.gov/index.shtm
http://www.secretservice.gov
http://www.census.gov
http://www.fbi.gov
The realistic belief *at the very least* the U.S. government want to be
able to spy on U.S. citizenry and anybody else they can, leads me to
believe the *possibility* exists that various versions of MS operating
systems include code which either makes it easy for them to spy on our
computing activities and stored data, OR actively does so directly on a
continuing basis. It's naive in the extreme (although I'm sure,
entertaining in a fantasy-scenario kind of way) to speculate otherwise.
Over and out, but thanks again for mentioning RegDelNull. And now, I'm
going to kill this thread. I don't want to be tempted to waste another
hour or so of one of my mornings debating semantics and speculation. I'm
sure (at least I hope) you feel likewise.
VanguardLH
> http://www.gentlesecurity.com/blog/index.php/2006/11/12/reghide)
>
> says that including a null character in a name string only renders it
> un-editable but that it's still visible in Regedit and Regedit32. I
> wouldn't know for sure.
In a way that is correct. Since text editors don't show unprintable ASCII
characters, you see the printable ASCII characters and the null character is
missing from the rendered display. Alas, there is no hex editor view to
regedit.exe to see if a string contains a non-printable character. There
are some definite limitations to the regedit.exe that Microsoft gave use
over a decade ago and has not yet updated.
> Hey, that looks like a great utility. However, do you know if changing a
> "/0" to a "*" in a registry entry will cause any problems? Is the change
> permanent or just long enough to expose the string for possible deletion?
Actually I haven't bothered to change the null character to a different
character. Every time, and I mean *EVERY* time that I've found a null
character anywhere in a registry key or data item name, it has been for some
copy protection scheme for a game (I think SecuROM uses the null), a
corrupted entry (so it isn't usable even with the null removed because the
key or data item name is still unusable), or something malware-like (I've
rarely been hit by malware but have seen legit programs that have decided to
employ malware schemes to protect their registry entries).
In most cases, the location of the null-containing string gave away to what
software it belonged. When I got done playing the games that used SecuROM
(and after uninstalling the games while also using Zsoft's Uninstaller to
monitor the install so I could do a more thorough cleanup for the later
uninstall), I used SecuROM's own uninstaller to cleanup the registry which
got rid of those null-containing entries (but I was prepared to do more
searching to find anything mentioning how to completely erase SecuROM from
my host). Other than that, all null-containing key names were remnants
(orphans) from a malware removal.
I haven't yet found a null-containing key name that I wanted to keep. I
suppose if there was one that you wanted to keep that you would simply
delete the "*" that had replaced the null character. You won't have the
null character anymore but the program accessing that registry key wouldn't
be specifying the null character, anyway. They add it to deliberately
thwart editing using regedit.exe, not because it is actually used as part of
the key name they use when accessing the registry.
> Well, this is good to know. It certainly accounts for some of the
> apparent bloat in the exported version.
I, too, don't yet have a text editor that will yet handle the 110MB for the
exported version of my registry; however, the ntuser.dat and system32\config
files are less than half that size. So I suspect that the export from
regedit.exe includes the 2 real hives and all the pseudo-hives. It's a
waste of time for the export and a waste of disk space.
I had assumed that ERUNT actually copied the disk files for the registry as
the backup, not export the registry. This seems to be the case when I read
the detailed info on ERUNT, which said:
Next, select the backup options:
- System registry: The current system registry, usually consisting of
the files DEFAULT, SAM, SECURITY, SOFTWARE, and SYSTEM.
- Current user registy: The registry files for the currently logged-on
user, usually NTUSER.DAT and USRCLASS.DAT.
- Other open user registries: Sometimes Windows has a few other user
registries in memory. Examples for this are "generic" registries,
e.g. for user "EVERYONE", or registries of other users if you use
Fast Task Switching in Windows XP. Check this option to backup all
these additional user registries (if found) as well.
So I would think the backup created by ERUNT would be the same size as all
the actual registry's files, not like regedit.exe's export.
Yep, so ERUNT is saving the registry's binary database files (and its own
executables for use in Recovery Console mode) rather than exporting a bunch
of text lines for the real and pseudo-hives.
My guess is that Users\00000003 is for your user profile for your Windows
account. I don't know why ERUNT isn't tracking them by the account SID to
make sure it matches up with the SAM database.
>> PDF file (compressed): 3.3MB
>> DOC file: 19.6MB
>
> Most people know that at this point, a Microsoft Word document has far
> too much formatting bloat in it. Convert such a document to an .rtf or
> .txt file and you'll see what I mean.
Damn, I knew there was a conversion that I forgot. After conversion of the
PDF to RTF, that file was 4.8MB - a lot bigger than your half-meg e-book.
Of course, that booklet is just to let the average Joe figure out how to do
his taxes. The tax code on which it is based is H-U-G-E (and I don't mean
the pamphlets the IRS agents are taught with which is not only incomplete
but actually misleading and deliberately so).
>> Your wish to make pocket marbles out of boulders ain't gonna happen and is
>> not realistic.
>
> Maybe not, but I can still wish for it, realistic or not.
Yeah, maybe one day Microsoft will decide to do better with the registry but
my guess is that they will replace it with something different that is as
night-and-day as was switching from .ini files to the registry. If we're
really lucky, and perhaps following Apple's change, Microsoft might decide
to dump their Windows kernel and replace the OS with a Linux distro. Of
course, the GUI will still look like Windows. We can all wish.
>
>>> You misunderstand me. I'm not referring to deliberate malware attacks,
>>> I'm referring to standard Registry inclusions which are not in my best
>>> interests, and which may have originated from MS or the U.S. government.
I'm pretty sure that anyone producing any goods are doing so in their own
best interests. The interests of their consumers comes second. Altruism
only goes so far before it becomes to expensive for survival of a business.
> It's not paranoid in the least to believe that the government wants to
> spy on us, or that MS and-or the U.S. government wants to monitor our
> computing and stored data.
>
> Surely you've heard about a little thing egregiously named the "Patriot
> Act"? I.e., the raping of our constitutional rights by a president who
> also swore to defend the Constitution as part of his presidential oath
> of office? The ongoing continuation of that breach of faith by the
> current administration? As in, "He who would exchange even a little
> freedom for safety, deserves neither freedom or safety"?
Patriot I and II. Victory Act I and II. Laws that circumnavigate the Posse
Comitatus Act (http://en.wikipedia.org/wiki/Posse_Comitatus_Act) that
prohibits interference or intermingling of the military with the civilian
police and further evidenced by Obama wanting to establish a civilian based
military enforced by a draft and under control of the Exec branch along with
arming our police with military weapons that are designed to quell the mass
riots expected later. Random road checkpoints and stopping cars to get the
populace used to the police committing any action without cause.
Establishing NAFTA as a preliminary to the North American Union and
contemplating replacing the US dollar with the aero as a further step
towards federated statehood in a world gov't with the UN policing the
non-federated 3rd-world countries by depressing their economies with the
likes of the global warming scam and a Carbon Tax paid to a world bank fund
(which will introduce over 50 more taxes to Americans who already pay
double, triple, and quadruple taxes on goods to effect a current 52% tax
rate on them). The US gov't gave up control over their money to foreigners
by establishing the Federal Reserve (which is NOT part of the US gov't but a
world bank operated by foreign investors and which cannot be audited) which
prints our money for a fee and gives loans to the gov't for which we are
taxed to pay (and ALL our taxes only pay the interest on these loans and
none of it goes towards the services afforded by the gov't so the gov't has
to get more loans to continue operating). That we went off the gold
standard so our money is backed by nothing and its value will float, allow
for the generation of fiat money, and let banks operate on a "reserve"
rather than have full deposits on store. Google receives over 50 demands
each day to hold records for "suspect" users. This is not a court order so
the FBI cannot get at the records but they can demand Google to hold those
records for up to 90 days. Your bank account can be frozen on just an order
by the FBI as the banks will honor the *notice of intent* to freeze assets
rather than wait until a court ordered writ is received. FEMA can't handle
Katrina but manages to get funding to buy land and build concentration camps
for expected riots and revolution when our money collapses and/or due to
hyperinflaction caused by not controlling our own money, and FEMA builds
half a million 3-person coffins for an internal war that hasn't started yet
because of the complacency of citizens (by encroaching on their comfort
level only a little at a time). Incrementalism works very well. The
stupidity and loss of control continues to dissolve our country while
collapse becomes ever more inevitable where everyone but a small elite are
poor and powerless. It's for our own good, uh huh. I haven't seen a novel
yet that came close to similarly describing the death of a republic. The
country your grandfather knew doesn't exist anymore, and in another 30 years
it won't be the country you know today.
I hardly think solving anything in Windows is going to resolve the
incrementalism that has worked so successfully in destroying the US
Constitution, the rights of Americans in their own country, destroying the
middle class through taxation to remove their ability to financially defend
themselves, destroying small business that provides the most jobs, moving
power to an elite that is worldwide and hence foreign to the USA, and so on.
When the dam is breaking apart, chewing gum in the tiny holes isn't the
solution. We need a new dam and get rid of the old one, or maybe destroy
the new dam that been incrementally built to usurp the old dam and go back
to the old dam. The "Great Firewall of China" is indicative of the abusive
power that their gov't has. It is an effect. Fix the cause and the effect
disappears.
If Microsoft were doing covert operations within Windows, there are enough
intelligent users around that are monitoring their network traffic using
packet sniffers or router appliances to see what is in the traffic generated
by Windows, as well as [hex] editors that can let us see anything put into a
file. However, as to educating lazy users so they can actually be deemed
adminstrators of their OS for which they are unwilling to pay an expert to
administer, well, that's a whole other cause. Consumers don't want to pay
for support either as an included cost in the purchase price or as a
separate charge later. Alas, there are more and more experts that are not
experts and you see them here trying to find help so they can pretend they
are an expert to their paying customer ("I have some users with a problem",
"I have a friend", "A workstation", and so on which exhibits they are using
us to build their pretense as an expert to someone else). There are so many
folks probing and monitoring Windows that Microsoft is constantly getting
embarrased as to their shortcomings. They're busy trying to patch the holes
with chewing gum than of fixing the root cause. They're a business so it's
the dollars they're after. With incrementalism working so well over over
the last hundred years, Microsoft will simply wait until citizens accept new
commands from their federal gov't regarding further banishment of more of
their rights. That might evolve from similar another coalition of private
businesses lobbying the gov't to allow for more control, like how DRM
punishes all while prosecuting few.
"NSA helped with Windows 7 development - Uh oh!"
http://www.redicecreations.com/article.php?id=8774
Right now, it's more like the NSA is trying to get Microsoft to produce an
OS that is more stable for the needs of the gov't. Like any large[est]
customer of a software vendor, they have an interest in getting the best
product they can so they wield their wealth as a means of control in
influencing the product maker. Right now it's not security that I'm worried
about. It's that the gov't is the biggest customer of Microsoft. Obviously
any company whose survival is focused on one customer is susceptible to
influence exercised by that customer. The gov't is just too damn big and
becoming more dangerous to its own citizens.
Johnw
> I, too, don't yet have a text editor that will yet handle the 110MB for the
> exported version of my registry;
Have you looked at these.
MadEdit
http://www.softpedia.com/get/Office-tools/Text-editors/MadEdit.shtml
http://www.softpedia.com/progScreenshots/MadEdit-Screenshot-76925.html
http://madedit.sourceforge.net/
nPad2 Source Editor/Viewer
http://www.softpedia.com/get/Programming/File-Editors/nPad2-Source-Editor-Viewer.shtml
http://www.softpedia.com/progScreenshots/nPad2-Source-Editor-Viewer-Screenshot-52224.html
http://www.zeraha.org/file.36.html
VanguardLH
> http://madedit.sourceforge.net/
In a virtual machine running Windows XP Pro SP-3 as the guest OS, the
exported .reg file created by regedit.exe was 53MB in size and capable of
viewing in Notepad. So I hunted around. The only registry keys that got
exported were:
HKEY_LOCAL_MACHINE
HKEY_USERS
Those are the real hives. The pseudo-hives were not included. So, at
least, regedit.exe wasn't bloating the output by including duplicated hive
data. It appears converting to text is what bloats the exported .reg file
compared to the binary database files actually used for the registry. For
example, rather than containing the binary data within the record structure
for a database, the .reg file will have something like:
[HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Battery\Presets\relativelycalm\PostShiftInfo\0]
"dbl1"="45"
"dbl2"="0"
"dbl3"="0"
"dbl4"="384"
"dbl5"="0"
"dbl6"="0"
"dbl7"="0"
"dbl8"="0"
So you have delimiters in the text output that aren't there in the records
in the database along with equal signs that aren't needed to show
association between fields within a record. Some text tries to show hex
strings but insert commas between each byte which aren't there in the
field's actual value inside the registry. Also, the 2-character display
using text uses more bits than the actual binary value being represented.
There may be other compression within the binary database files themselves
of which I'm not aware. In addition, there are entries that are merely used
for navigation to show under where an entry is located. So unrolling the
binary database into text results in doubling the size of the output. So
the presentation shown in the text output generated by regedit.exe tries to
show what is in the registry but necessarily has to bloat it with additional
structure to make it human readable. A series of records with binary digits
would mean nothing to us humans.
Considering every tiny details of the OS, drivers, software, and the users
use of the host, I'm really not surprised the registry is as big as it is
(in the form of its disk files, not how regedit.exe exports that data).
While Corliss wants to find entries with embedded or trailing null
characters, I've never found any that I needed to keep. They were remnants
of software uninstallations or malware-like behavior (by copy protection
schemes, games, CD emulators). However, I will be interested in finding a
registry utility that can expose or export registry keys or data names (but
not data item values) that exceed the 256-character rendering limit in
regedit.exe. Something more on which to waste my free time.
George Orwell
> Establishing NAFTA as a preliminary to the North American Union and
> contemplating replacing the US dollar with the aero...
You mean 'amero', I think.
Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it