Ethical Hacking - Overview
Ethical Hacking-Windows Hacking & Security
Creating New Keys and Values
Right-clicking on any key in the left-hand side of the window will give you a set of options, most of which are fairly straightforward and easy to understand.
You can create a new Key, which will show up as a folder on the left-hand side, or a new value, which will show up on the right-hand side. Those values can be a little confusing, but there are really only a couple of values that are used regularly.
⦁ String Value (REG_SZ) – This contains anything that will fit into a regular string. The vast majority of the time, you can edit human-readable strings without breaking everything.
⦁ Binary Value (REG_BINARY) – This value contains arbitrary binary data, and you will almost never want to attempt to edit one of these keys.
⦁ DWORD (32-bit) Value (REG_DWORD) – These are almost always used for a regular integer value, whether just 0 or 1, or a number from 0 to 4,294,967,295.
⦁ QWORD (64-bit) Value (REG_QWORD) – These are not used very often for registry hacking purposes, but it’s basically a 64-bit integer value.
⦁ Multi-String Value (REG_MULTI_SZ) – These values are fairly uncommon, but it works basically like a notepad window. You can type multi-line textual information into a field like this.
⦁ Expandable String Value (REG_EXPAND_SZ) – These variables have a string that can contain environment variables and is often used for system paths. So a string might be %SystemDrive%\Windows and would expand to C:\Windows. This means that when you find a value in the Registry that is set to this type, you can change or insert environment variables and they will be “expanded” before the string is used.
Fun Fact: DWORD is short for “Double Word,” because a “Word” is a term for the default unit of data used by a processor, and when Windows was created that was 16 bits. So a “word” is 16 bits, and a “Double Word” is 32 bits. While modern processors are all 64-bit, the Registry still uses the older format for compatibility.