TUCoPS :: Windows :: winxpexp.txt

TUCoPS :: Windows :: winxpexp.txt
Windows XP explained

Windows XP explained by Abhisek Datta

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
******* WINDOWS XP EXPLAINED
******* by : Abhisek Datta [abhisek@programmer.net]
******* http://hackersclub.focusindia.com
******* http://abhisek.8m.net
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Please note that this tutorial is in BETA stage and will be
updated soon.
Tutorial Name : Microsoft Windows XP [version 2002] Explained
Contents :
1.Core Kernel
2.Basic Working Structure
3.Important System Files and their workings.
4.Registry Hacking
5.Tips to improve performance.

Author : Abhisek Datta [sweetboycal@yahoo.com]
Date : 4.2.2002

1.Core Kernel

Windows XP uses the same kernel as used by Microsoft Windows
2000.Basically there is not much prior difference between the
basic workings of Windows 2000 and Windows XP.
The file kernel32.dll located in C:\windows\system32 folder
(considering Windows is installed on C drive) consists of the core
kernel of Windows XP operating system. Windows uses this file for
any operation involving hardware interaction. Windows XP supports
NTFS (New type file system) file system beside the old FAT32 and
FAT file system. If you install Windows XP on a newly formatted
hard drive then installation of NTFS file system is a part of the
setup procedure if the user confirms.

2.Basic Working Structure
Code name : project whistler (theme taken from Mt Whistler, some
mountain in some country I don't know.)
so it is often referred as windows whistler

Microsoft has developed Windows XP operating system with the main
motive of bringing a revolutionary change in the world of
Operating systems. I don't know about others but from my point of
view I can see only evolutionary change in Windows XP operating
system. Apart from interface improvement which was mainly
evaluated from the sleek looking interface of Macintosh there are
not many prior change in the working structure of this operating
system and works almost the same as its predecessors.
Previously Windows 9x series and the early releases of Windows NT
used to maintain separate user accounts and their individual
settings using the .pwl files. But finally Microsoft has realized
that this method wont work anymore cause even a kid with little
knowledge of the working structure of the ever popular windows OS
series can crack out the password using the .pwl file which is
executed during the system startup for performing required
functions.
Please note : Passwords are not stored in .pwl files. These files
are encrypted file using MC-5 algorithm which is decrypted using
the key from the provided password and is executed during system
startup for authenticating valid user.
Windows XP maintains separate folders for separate users
containing their local settings. The user with system
administrator rights can access all the accessible features of
windows XP and can also prevent other users access rights.
Important System File and their Workings

1. Kernel32.dll ::: This file is the heart of windows XP operating
system.This file consists of the basic core kernel of Windows XP
operating system. Windows uses this file to interact directly with
the hardware available to the computer system and also obtaining
the required operations from the corresponding device.
Path : c:\windows\system32\kernel32.dll

2. explorer.exe ::: Windows OS is different from DOS or UNIX
(command base operating systems) because of its UI (user
interface). The explorer.exe file located in the c:\windows
directory constitute the shell (user interface) of Windows
operating system. The kernel interects directly with hardware the
the shell interects with the user. The kernel and the shell are
the two most important part of any operating system
Note: If you ever get bored of the looks and styles of the user
interface of windows operating system ie. The explorer.exe file
then you can edit the system registry (for editing system registry
see registry hacking part in this article) to change the
explorer.exe file with some other software having the same
functionality as explorer.exe but with different and customizable
look.
For example you can check out Talisman available at
http://www.talisman.com (Hey guys I prefer not to replace the
explorer.exe file with these kinda utility softwares as they
consume much more memory than the original one and further they
slows down the system and also prevents many new functions of
windows XP OS.)

3. Utility Tools::
C:\WINDOWS\system32\shutdown-r [restart]
C:\WINDOWS\system32\shutdown-s [shutdown]
===============
All programs located in c:\windows\system32 folder
shutdown.exe (shutdown pro)
systeminfo.exe(systeminfo pro)
bootcfg.exe (boot loader info pro)
cipher.exe (NTFS encrypting pro)

4. Shutdown Shortcut::
Now its time for the good'ol ever popular shutdown shortcut trick
used widely in windows 98.But the same c:\windows\rundll.exe
user.exe,exitwindows trick doesn't work in Windows XP anymore.
Well everything is same just a little change in file execution and
its mode of execution.
Right click on an empty space on the desktop and select New >
Shortcut
In the command line box type that following :
[For shutdown]
C:\windows\system32\shutdown.exe -s -t 00
[For restart]
C:\windows\system32\shutdown.exe -r -t 00

Now click next and your shutdown/restart shortcut is ready to use.

REGISTRY HACKING

Shut Down without logon:
I am sure you have seen the new feature of Windows XP which offers
shut down option without being logged in to the system as a legal
user. When you are on the login screen then you can find a option
to shut down the computer.
Here's the registry key for it :
REGEDIT 4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"shutdownwithoutlogon"="DWORD:0"
Note: 0 means disabled 1 means enables

Display of last user name:
By default Windows XP displays the last user name. This may be a
security problem for some users who doest want to let others know
about there login details. Here's the registry trick to disable it
:
REGEDIT 4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"="DWORD:0"
Note: 0 means disabled 1 means enables

Display legal notice on startup:
Wanna tell your friends about the do's and dont's in your computer
when they login in your absence. Well you can do it pretty easily
by displaying a legal notice at system start up.
REGEDIT 4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"legalnoticecaption"="enter your notice caption"
"legalnoticetext"="enter your legal notice text"

MSN login details:
By default Windows XP provides communication tool for
communicating with your friends over the net using MSN messenger,
MSN explorer. But did you ever wanted to know about the servers
and protocols MSN uses for communicating your computer so easily
and smoothly to the highly crowded MSN servers. Here you can
search for info:
just browse to this location..select passport and on the right
pane you will see the details..
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Passport

Default program for files of different extensions:
Browse to this registry key..select extensions and on the right
pane view the options..
You can edit the default programe for different extensions simple
double clicking the key..
Note: note that there is a ^ sign in between the path and
extension of the programe.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Extensions

Automatic Administrator Login:
Well here's the trick which you can use to prove that Windows XP
is not at all secure as multi-user operating system. Hacking the
system registry from any account having access to system registry
puts you in to the administrator account.
REGEDIT 4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]
"AutoAdminLogon"="1"

Not only this option but you will find many more option in this
registry path like changing default user name,auto start of
windows shell (by default explorer.exe),option to change the
windows default shell.

No Shutdown:
Wanna play with your friends by removing the shutdown option from
start menu in their computer.
Just hack it down !!!
Regedit 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
"NoClose"="DWORD:1"

TIPS AND TRICKS

System Restore
System Restore is actually a very handy application that, unless
you use your PC expressly for high-performance tasks like gaming,
you should probably leave alone. It creates periodic snapshots of
your critical system files (like the registry files, COM+
database, user profiles, and such) and stores them as a "restore
point." Should you install an application that hoses your system,
or if something important gets corrupted, you can revert the
computer to the state it was in at a restore point and go on
happily using it.
Restore points are automatically created by the System Restore
service upon several events, such as when a new application is
installed, a Windows update is applied, an unsigned driver is
installed, or some other event occurs that could have a negative
effect on the operating system. You may create manual restore
points through System Restore's main interface, which you can
access through Start\Programs\Accessories\System Tools\System
Restore.
System Restore does require a service to run in the background
that has a minimal performance impact, and its recorded backups
take up hard drive space. You can control how much space it's
allowed (which affects how many restore points it can create), and
shut it down entirely, through the System Restore tab in the
System Properties tool.
The System Restore dialog lists each active drive partition. You
can adjust the percentage of space that System Restore is allowed
to work with on each one. There's also a checkbox that allows you
to shut down System Restore entirely for all drives.
System Restore can adversely affect application benchmark
software, and might operate during active test periods, so test
labs routinely disable System Restore under XP and Me before
testing, and you should too when running benchmarks.

Windows XP: Activate

What would a Microsoft release be without complaints and
conspiracy theories? Windows XP is no exception. The most notable
controversy in the days leading up to its release was undoubtedly
the new Windows Product Activation (WPA), which is designed to
help Microsoft improve compliance with the Windows license
agreement. The agreement states that each copy of the operating
system can be installed on only one machine at a time. Such a
restriction is nothing new, but Microsoft has never been able to
enforce it adequately.WPA requires you to activate Windows XP (via
the Internet or telephone) within 30 days of installation. If you
wait too long, you'll be locked out of the system. To activate
Windows XP, WPA creates a nonunique value based on up to ten
pieces of information from your video card, network card, SCSI
controller, hard drive, CPU, and memory configuration. The tool
then uses a combination of the 25-digit product ID code and the
nonunique value to create a number, which Microsoft exchanges for
a code that activates your copy of the OS.Although discouraging
illegal duplication of the OS is reasonable, some believe WPA is
invasive. It is not surprising that Big Brother myths like
"Microsoft knows who you are" have surfaced. The reality-according
to Microsoft-is that when you activate, the only personal
information required is your country. Registration-as opposed to
activation-requires your name and address, but it is optional.Once
your copy of Windows XP is activated, you must reactivate if you
substantially change your hardware or install Windows XP on
another PC. And if you attempt to activate your copy of the OS on
more than one machine, you must call Microsoft and explain. We
installed and activated Windows XP, then changed every component
(including the motherboard) on our test PC to see what would
happen. We changed at least six components before we had to
reactivate the operating system. If you add or change only a few
items, you shouldn't have a problem. If you reinstall the OS on
the same computer, you'll need to reactivate. Since the hardware
hasn't changed, you can reactivate through the Internet.Activating
through the Internet is surprisingly fast. If you activate by
phone, you'll probably have to wait (depending on call volume),
but during the beta period, the entire phone call, including wait
time, reading the 50-digit number, and receiving the 42-digit
activation code, took about 10 minutes.Microsoft has made some
concessions to power users. For example, a copy of Windows XP can
be reactivated every 120 days, in case you change hardware or
systems often.Of course, many users will never experience WPA.
Most PC vendors will preactivate Windows XP. In addition, vendors
can key Windows XP activation to a single value in the BIOS. You
then can change everything in the machine without reactivating if
the BIOS doesn't change. And corporate customers can buy volume
licenses, which don't require activation.

Registry hack of xp:

Before we start tweaking, I recommend you set up a few things on
your operating system. Make sure you have Administrator privileges
on the computer you are tweaking as some options may have been
disabled for use by standard users. Also, there's ClearType.
ClearType basically works to make text on your screen appear much
clearer and readable - a massive boon for laptop owners. It works
wonders for desktop owners as well - as you can observe from the
below pictures...

ClearType Off

ClearType On

To turn ClearType on, just access your Display properties in
Control Panel, then click on the 'Appearances' tab. Then click the
'Effects...' button, and you will get a dialog like the one below.

Tick 'Use the following method to smooth edges of screen fonts...'
and change the listbox to 'ClearType'. Then just click OK, Apply,
and close down your dialogs.

Tweak #1 - MsConfig

Most of you will be familiar with MsConfig, which is basically a
built-in system configuration utility for Windows. Open it up by
simply going to Start -> Run..., then type 'msconfig' in the box
and press enter. Now, the tab we are interested in here is the
'Startup' tab... simply click on it and you should see a screen
similar to the one below.

This box displays all of the programs that will be started when
Windows boots up. None of these programs are vital for Windows, so
don't feel worried about removing some of them in experimentation.
You can see from the screenshot that I have disabled both NDetect
(ICQ's start-up program) and WinAmpa (WinAmp, obviously). Now, if
you've unchecked some boxes, Windows should start up faster and
will take less resources by not running these programs in the
background.

Tweak #2 - More Startup Tweakage

Now we're going to take the tweak above and go one step futher. Go
to Start -> Run again, then type 'services.msc'. You should get:

This is a more detailed list of processes that are starting up
with Windows. All those items with 'Automatic' listed next to
their names are booting with Windows. Click on the items to find
out just what they do. If you decide you don't need a certain
service, you can simply right-click on it and change it's
properties from 'Automatic' to 'Manual'.

Tweak #3 - Speeding Up Internet Explorer

This is a handy little trick you can use with Internet Explorer 6
(which ships with XP) to make it boot up extremely fast -
instantly, on my system :). This should be familiar to those of
you who have created shortcuts for Half-Life mods and the like.
For those of you who aren't familiar, simply right-click on a
shortcut to Internet Explorer (such as the one in the Quicklaunch
bar) and add the parameter '-nohome' to the end of the command
line, like so:

Tweak #4 - Menu Delays

Another minor and easy tweak to remove any delay from menus
sliding out. For this you will need to use regedit (open regedit
by going to Start -> Run..., then typing 'regedit' and pressing
enter). The key you need to change is located in
HKEY_CURRENT_USERControl PanelDesktop. The actual key is called
MenuShowDelay - all you have to do is change the value to 0.
Remember, you will have to re-boot your computer for this tweak to
take effect.

Tweak #5 - GPEDIT.MSC And Autoplay

A great tweaking file that comes with XP is gpedit.msc. Go to
Start -> Run... and then type in 'gpedit.msc' and press enter.
This is effectively the Policies Editor, and it comes in handy
often. For example, if you hate CD autoplay like I do and want to
permanently disable it, you can use this tool to do so. Just run
gpedit.msc, then go to Computer Configuration -> Administrative
Templates -> System. In here you can see the value 'Turn Off
Autoplay'. Right-click on it and then click 'Properties'.

Now you can simply play around with the settings for this and
other values in these folders, customizing appearance and
performance issues.

Tweak6:

Increasing options in add/remove programs:

Not a fan of MSN Messenger? don't want Windows Media Player on
your system? Fair enough, but if you go to Add/Remove Programs in
the Control Panel, by default none of Windows XP's 'built in'
programs are visible. it's fairly easy to change, though... just
open the file X:\Windows\inf\sysoc.inf (where X: is the drive
letter where Windows XP is installed) in Notepad. You should see a
section of the file something like this:

[Components]
NtComponents=ntoc.dll,NtOcSetupProc,,4
WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7
Display=desk.cpl,DisplayOcSetupProc,,7
Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7
NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7
iis=iis.dll,OcEntry,iis.inf,,7
com=comsetup.dll,OcEntry,comnt5.inf,hide,7
dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7
IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7
TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2
msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6
ims=imsinsnt.dll,OcEntry,ims.inf,,7
fp_extensions=fp40ext.dll,FrontPage4Extensions,fp40ext.inf,,7
AutoUpdate=ocgen.dll,OcEntry,au.inf,hide,7
msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7
RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7
IEAccess=ocgen.dll,OcEntry,ieaccess.inf,,7

This is a list of all components installed at the moment. I've
taken the example of MSN Messenger - the program entry called
'msmsgs', third-last line. You can see the word 'hide' highlighted
- this is the string which tells Windows not to display the
component in the Add/Remove Programs list. Fix this up by simply
deleting the word 'hide' like so:

msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7

To this:

msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,,7

Now, after restarting, you should be able to see MSN Messenger in
the Add/Remove Programs list. If you want to be able to quickly
view and remove all components, simply open the sysoc.inf file and
do a global find and replace for the word ",hide" and replace it
with a single comma ",".

Tweak #7 - Disabling Windows File Protection

WARNING: Using this tweak means you will be able to delete vital
Windows files.

here's a quick tweak to be able to totally disable Windows File
Protection, the system that prevent users from deleting system and
program files. Simply find the key SFCDisable in
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
NTCurrentVersionWinlogon and edit it to hold the value 0xFFFFFF9D.

If you want to re-enable File Protection, just re-set the value to
0.

Tweak #8 - Automatically Kill Programs At Shutdown

don't you hate it when, while trying to shut down, you get message
boxes telling you that a program is still running? Making it so
that Windows automatically kills applications running is a snap.
Simply navigate to the HKEY_CURRENT_USERControl PanelDesktop
directory in the Registry, then alter the key AutoEndTasks to the
value 1.

Note: the key 'AutoEndTasks' might not exist. If not, simply
create it with a value of 1. To disable the AutoEndTask feature,
simply change the value back to 0.

There are several memory tweaks that can be performed with Windows
XP - all of them are located in the

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession
ManagerMemory Management

section of the registry.

Disable Paging Executive
In normal usage, XP pages sections from RAM memory to the hard
drive. We can stop this happening and keep the data in RAM,
resulting in improved performance. Note that only users with a
large amount of RAM (256MB+) should use this setting. The setting
we want to change to disable the 'Paging Executive', as it is
called, is called DisablePagingExecutive. Changing the value of
this key from 0 to 1 will de-activate memory paging.

System Cache Boost
Changing the value of the key LargeSystemCache from 0 to 1 will
tell Windows XP to allocate all but 4MB of system memory to the
file system cache, basically meaning that the XP Kernel can run in
memory, greatly improving it's speed. The 4MB of memory left is
used for disk caching, but if for any reason more is needed, XP
allocates more. Generally, this tweak improves performance by a
fair bit but can, in some intensive applications, degrade
performance. As with the above tweak, you should have at least
256MB of RAM before attempting to enable LargeSystemCache.

Input/Output Performance
This tweak is only really valuable to anyone running a server - it
improves performace while a computer is performing large file
transfer operations. By default, the value does not appear in the
registry, so you will have to create a REG_DWORD value called
IOPageLockLimit. The data for this value is in bytes, and defaults
to 512KB on machines that have the value. Most people using this
tweak have found maximum performance in the 8 to 16 megabyte
range, so you will have to play around with the value to find the
best performance. Remeber that the value is measured in bytes, so
if you want, say, 12MB allocated, it's 12 * 1024 * 1024, or
12582912. As with all these memory tweaks, you should only use
this if you have 256MB or more of RAM.

Tweak #10 - Speeding Up Share Viewing

This is a great tweak. Before I found it, I was always smashing my
head against the table waiting to view shares on other computers.
Basically, when you connect to another computer with Windows XP,
it checks for any Scheduled tasks on that computer - a fairly
useless task, but one that can add up to 30 seconds of waiting on
the other end - not good! Fortunately, it's fairly easy to disable
this process. First, navigate to
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current
Version/Explorer/RemoteComputer/NameSpace in the Registry. Below
that, there should be a key called
{D6277990-4C6A-11CF-8D87-00AA0060F5BF}. Just delete this, and
after a restart, Windows will no longer check for scheduled tasks
- mucho performance improvement!

Tweak #11 - Prioritizing Individual Processes

This is so simple it's not funny, but it leads into the next
tweak... anyway, if you press Control+Alt+Delete, then click on
the 'Processes' tab, you should get a dialog like the one above.
You can see a list of all the processes running at the time. Now,
if you are running a program that you want to dedicate more
processing time to - eg, 3D Studio Max, as in my example, you can
just right-click on the process, move your cursor down to 'Set
Priority >', then select how high you want that program
prioritized. While I'm checking my email, I might want a Normal
priority for Max, but if I leave my Computer, I can increass it to
'RealTime' to get the most rendering done. Easy!

Tweak #12 - Prioritizing IRQs

The last tweak for this guide - and a good one. The main
components of your computer have an IRQ number assigned to them.
With this tweak we can increase the priority given to any IRQ
number, thereby improving the performance of that component. The
most common component this tweak is used for is the System
CMOS/real time clock, which improves performance across the board.
First of all, decide which component you want to give a
performance boost to. Next, you have to discover which IRQ that
piece of hardware is using. To do this, simply go to Control
Panel, then open the System panel (You can also press the shortcut
of Windows+Break). Click the 'Hardware' tab, then on the 'Device
Manager' button.

Now, right click on the component you want to discover the IRQ for
and click 'Properties', then click on the 'Resources' tab.

You can plainly see which IRQ this device is using (if there is no
IRQ number, select another device). Remember the number and close
down all of the dialog boxes you have opened, then start up
RegEdit. Navigate to
HKEY_LOCAL_MACHINESystemCurrentControlSetControlPriorityControl in
the registry. Now, we have to create a new DWORD value - called
IRQ#Priority (where '#' is the IRQ number), then set the data to
1. For example, the IRQ of my System CMOS is 8, so I would create
the key IRQ8Priority.

Now, after restarting, you should notice improved performance in
the component you tweaked. I would strongly recommend the CMOS, as
it improves performance around the board. Also note that you can
have multiple IRQ prioritized, but it is fairly inefficient and
can cause instability. To remove this tweak, simply delete the
value you created.

BY
ABHISEK DATTA
abhisek@programmer.net
http://abhisek.8m.net
http://hackersclub.focusindia.com

NOTE: THE TIPS AND TRICKS PART IS NOT WRITTEN ENTIRELY BY ME.
ARTICLE TAKEN FROM CNN NETWORK AND CONTRIBUTE BY AJIT
RAY(member@http://hackersclub.focusindia.com). ARTICLE EDITED AND
PROVIDE WITH SOME MORE VALUABLE INFORMATION BY ME