Month: September 2009

REGEDIT: Adding and editing registry entries

source :

http://www.robvanderwoude.com/regedit.php

Adding and editing (importing) registry entries

Adding items to the registry requires a *.REG file:

REGEDIT [ /S ] addsome.REG

The /S swith is optional, it skips the message dialogs before and after the import of the *.REG file.

Since NT 4 .REG files are in readable ASCII, they may be created “on the fly” by our batch files.
This is demonstrated in the DefOpen example in the Examples section.

Owners of a copy of the NT 4 Resource Kit or Windows 2000/XP/Server 2003 can also use REG.EXE to add or edit registry entries.

Removing registry entries

To remove an entire “tree” from the registry using REGEDIT and a .REG file, just add a minus sign before the tree name:

REGEDIT4

[-HKEY_CURRENT_USER\DummyTree]

will remove the entire tree “DummyTree”.

To remove an individual item from the registry, place the minus sign after the equal sign:

REGEDIT4

[HKEY_CURRENT_USER\DummyTree]
"ValueToBeRemoved"=-

will remove the individual value “ValueToBeRemoved” from “DummyTree”.
This is demonstrated in the uniqueid.bat example below, a batch file that forces a new LANDesk agent ID.

How to remove an individual registry key or value using *.INF files and RUNDLL is explained by Bill James.

NT 4 users who own a copy of the NT 4 Resource Kit can also use REG.EXE to remove registry entries.
In Windows 2000 and later REG.EXE is a native tool.

Reading (exporting) from the registry

REGEDIT’s /E switch can be used to export a registry key:

REGEDIT /E d:\path\filename.REG "HKEY_XXXX\Whatever Key"

This will write the registry key “HKEY_XXXX\Whatever Key” and its subkeys to a file named d:\path\filename.REG

The resulting (ASCII or UniCode) file will contain the entries in the format "key"="value", which can be stripped and parsed using Laurence Soucy‘s CHOICE trick (How-to #4, second method) for MS-DOS 6 and Windows 9*, NT’s FOR /F or the more generic TYPE and FIND commands.

Instead of a file name, some device names can be used:

REGEDIT /E PRN "HKEY_XXXX\Whatever Key"

will print the selected key.
Unfortunately, this won’t work for CON (console or display).

NT 4 users who own a copy of the NT 4 Resource Kit can also use REG.EXE to read the registry.
In Windows 2000 and later REG.EXE is a native tool.

Self-contained registry scripts

In .REG files, every line after the first one that starts with a semicolon (;) is treated as comment.
Batch files completely ignore the semicolons before commands.
So the following batch file will use itself as a .REG file:

REGEDIT4

; @ECHO OFF
; CLS
; REGEDIT.EXE /S "%~f0"
; EXIT

[HKEY_CURRENT_USER\Software\Test]
"TestVal"="Succeeded"

The REGEDIT4 line is required, and must be the first line, otherwise REGEDIT.EXE won’t accept the script as a valid .REG file. However, it will generate an error message when running as a batch file, hence the CLS command to wipe the error message from the screen.
To prevent more error messages, EXIT is used to abort the batch file immediately after the REGEDIT.EXE command.

Use this technique to add or remove registry keys and values.

Advertisements

Remove Windows Genuine Advantage Notifications

source :

http://www.mydigitallife.info/2006/04/26/disable-and-remove-windows-genuine-advantage-notifications-nag-screen/

or try : http://www.dogpile.com/dogpile_prefer/ws/results/Web/remove%20xp%20genuine/1/0/0/Relevance/iq=true/zoom=off/_iceUrlFlag=7?_IceUrl=true

Official Method by Microsoft – more information here.

First Method

  1. Lauch Windows Task Manager.
  2. End wgatray.exe process in Task Manager.
  3. Restart Windows XP in Safe Mode.
  4. Delete WgaTray.exe from c:\Windows\System32.
  5. Delete WgaTray.exe from c:\Windows\System32\dllcache.
  6. Lauch RegEdit.
  7. Browse to the following location:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
    Windows NT\CurrentVersion\Winlogon\Notify
  8. Delete the folder ‘WgaLogon’ and all its contents
  9. Reboot Windows XP.

Note: With this method, you may be prompted to install WGA Notifications again which can still be unselected.

Second Method

Another alternative suggested by dman is by using System Restore to restore the PC to a previous restore point that WGA Notifications hasn’t kicked in, and then carefully stop KB905474 from been applied to the system. To use System Restore, go to Start -> All Programs -> Accessories -> System Tools -> System Restore.

Note: Again, you may be prompted again to install WGA Notification, so it must be bypassed.

Third Method updated

This method involves using a cracked version of LegitCheckControl.dll to replace the original copy of LegitCheckControl.dll, and thus bypass the WGA validation and make Microsoft believes that your copy of Windows is genuine. To get rid of WGA Notifications warning messages, the patched version of WgaLogon.dll and WgaTray.exe to replace the existing files.

To apply the patch by replacing the files manually, try to end the respective processes in the Task Manager before deleting the existing files. Most likely is you will have to restart your PC in Safe Mode in order to replacing the original copy of LegitCheckControl.dll and related files. However, there has been automatic updater and even cracked WGA installer that automatically apply the patched version of WGA files.

Latest Update for WGA version 1.5.708.0 latest

Download cracked and patched version of LegitCheckControl.dll with thanks to Danny.

Latest Update for WGA version 1.5.554.0 latest

Download cracked and patched version of LegitCheckControl.dll, WgaLogon.dll and WgaTray.exe for v1.5.554.0 of Windows Genuine Advantage Validation Tool and WGA Notifications.

John suggested that it may be rolled out to reduce the frequency of ‘phone home’ feature. BetaNews has confirmed this and says Microsoft has completed the pilot phase for WGA Notifications, officially rolling out the anti-piracy reminders to Windows XP users worldwide. Anyway if Notifications Tools is patched, it won’t callbacks at all. Swissboy found that now there are 15 languages supported for KB905474 and offers solution.

General release version of Windows Genuine Advantage Notifications also has updated EULA which says installing of this update is optional. However, once installed, the update will become a permanent part of your Windows XP software, means you can’t uninstall it. The EULA also confirms that information about your system will be sent to Microsoft. You can just skip installing the KB905474 by clicking “I Decline” when shown the EULA. If you don’t want the Automatic Updates or Windows Updates to try install WGA Notifications again, click Don’t ask me to install these updates again at Decline EULA window.

Latest Update for WGA version 1.5.532.2

Version 1.5.532.2 of WGA Validation Tool and WGA Notifications is NOT YET mass released to all Windows system, so your system may not have this version.

WindowsXP-KB905474-ENU-x86-1.5.532.2-noWGA.exe (as suggested by swissboy) is the original setup of KB905474, but with the 3 files as mentioned above replaced with patched version and re-packed. You can view the contents with WinRAR or 7-Zip. Download here or here. (Removed due to compliant from Microsoft)

LegitCheckControl.dll-v1.5.532.2-Jun-02-2006.zip (as suggested by swissboy) contains hacked version of LegitCheckControl.dll which you have to replace manually over the existing dll in \Windows\System32 folder. Download here or here. (Deleted due to complaint from Microsoft)

new More automated WGA removal tool: RemoveWGA

Latest Update for WGA version 1.5.532.0

LegitCheckControl1.5.532.0.muiz.fixed.rar (suggested by Picard) is the patched LegitCheckControl.dll and can be download here or here (removed due to complaint from Microsoft).

If LegitCheckControl.dll alone doesn’t work, try to patch the other two WGA files too, namely WgaLogon.dll and WgaTray.exe. Download the the patches for 3 files here or here (Removed due to complaint from Microsoft). Overwrite the original files with these hacked version in \Windows\System32 folder. The patch should remove notifications nag screen and allows Windows Update.

There are also several automated tools that save the dirty works of have to manually overwrites and replaces the WGA applications.

WGAPatch905474 (suggested by SilverBullet) contains 905474.exe that will patch Windows to allow access to full (custom) Windows Update and get rid of nag screen. Download 905474.exe here or here (removed due to complaint from Microsoft).

There are also several patched WGANotify KB905474 installation setup which will install KB905474 WGAnotify with the 3 patched WGA files namely LegitCheckControl.dll, WgaLogon.dll and WgaTray.exe. One of them is HotFix windowsxp-kb905474-enu-x86.exe suggested by DeaDMan Walking, which will after install, disable notifications nag screen and allows update. Download here, here or here (removed coz of Microsoft complaint).

WindowsXP-KB905474-ENU-x86-v1.5.532.0-noWGA.exe (suggested by Swissboy) is also the patched KB905474 setup file which is actually the original setup of KB905474, but with the 3 files replaced. Download it here or here (removed due to Microsoft compliant).

Old Updates

Version 1.5.530.0 of cracked LegitCheckControl.dll (suggested by chucko), can also be downloaded here or here (obsolete links, visit here for updates).

Use the latest cracked LegitCheckControl.dll by searching for “Windows.Genuine.Advantage.Validation.v1.5.526.0.CRACKED-ETH0″. Can also be downloaded here (obsolete link, update here). Cracked LegitCheckControl.dll also available here or here (obsolete links, updates available here). Once download the cracked dll, replace the LegitCheckControl.dll in \Windows\System32 folder with the cracked version. You may need to restart your PC in safe mode to replace the files.

Forth Method

Jules found that by disabling and renaming the files ‘WgaLogon.dll’ and ‘WgaTray.exe’ in C:\WINDOWS\system32 folder by using the program Unlocker seems to get rid of all the nags/popups.

Fifth Method

Clear the contents or create a new empty data.dat for WGA, and make data.dat Read-Only and Hidden as detailed here.

The following step basically is the same with the above data.dat method, only different is that you no need to create any file in the WGA data folder:

  1. Launch Windows Explorer and go to C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage\data
  2. Go to Tools -> Folder Option -> View.
  3. Select (click) Show Hidden Files and Folders option.
  4. Unselect (uncheck) Hide Protected Operating System Files option.
  5. Click OK.
  6. Delete everything in the data folder.
  7. Right click on data folder, and select Properties.
  8. Select (Check) Read-Only as the folder’s atributes.
  9. Click OK or Apply.

Update: After 30 May 2006 with the release of WGA 1.5.532.0, this method no longer works. If the data.dat is set to “Read-Only”, WGA may complains that the serial key from the file could not be read, making the WGA validation failed even with the cracked dll files. So just delete the file (and make sure the folder is not set to “Read-Only”), WGA will then automatically regenerate the file and create the key, so you will pass the validation if you have the correct patched dll installed.

Sixth Method

Another alternative suggest that three files are installed Windows XP System Folder for WGA:

\WINDOWS\system32\WgaLogon.dll
\WINDOWS\system32\WgaTray.exe
\WINDOWS\system32\LegitCheckControl.dll

The wgatray.exe process makes the check for genuine windows software. If WgaLogon.dll is denied execution right, that WinLogon is unable to call it to check on Windows validity and display notification package at boot, and since WgaLogon is also responsible for running and maintaining WgaTray.exe, no more tray popups either.

To change and disable the execute bit of WgaLogon.dll:

  1. Turn off Simple File Sharing in Tools -> Folder Options -> View tab.
  2. Right click WgaLogon.dll in Windows Explorer and open the Security Tab.
  3. Click Advanced button.
  4. Uncheck the Inherit box at the bottom.
  5. Click the Copy button.
  6. Click OK.
  7. Go through each listed user/group and remove the “Read & Execute” permission for WgaLogon.dll, leaving the “Read” permission as-is.
  8. Click OK to apply the permission changes.
  9. Close the file properties dialog.
  10. Restart the computer.
  11. Turn “Use simple file sharing” on (optional).

Optionally, steps suggested by PSNet which has the same effect – disabling WgaLogon.dll.