Posts
In earlier version of windows , Each program used to have .ini files known as initialization files(such as Dektop.ini).Which contains the initialization parameters for the programs.As no of programs increased in the system.Microsoft adapted new technique of using the registry (database).
Registry is a database for all the programs.Where each program stores its info.Apart from that windows uses it for other purpose,such as which programs to start at startup ,and user specfic info and others.
Registry is the most vulnerable thing in windows.All viruses and trojan uses the power of this to spread and infect the systems..
Lets elucdiate it by some examples.
The entry :
a)HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
If you make entry of the any program here , it will start up when windows starts.
b)HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
If you make the entry of your program name here,Your program will execute each time when a executable is Run.
Hmm this is how the virus and trojans use the Registry to spread and infect the system.
To manipulate the registry ,we can do it by using Regedit tool or programmatically we can manipulate it by using the apis(thats what viruses use).
To Know various ways how the virus and trojans make use of registry to affect the system , and how the virus and trojan code is written follow this link.
Trojans and virus working.
Registry is a database for all the programs.Where each program stores its info.Apart from that windows uses it for other purpose,such as which programs to start at startup ,and user specfic info and others.
Registry is the most vulnerable thing in windows.All viruses and trojan uses the power of this to spread and infect the systems..
Lets elucdiate it by some examples.
The entry :
a)HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
If you make entry of the any program here , it will start up when windows starts.
b)HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command
If you make the entry of your program name here,Your program will execute each time when a executable is Run.
Hmm this is how the virus and trojans use the Registry to spread and infect the system.
To manipulate the registry ,we can do it by using Regedit tool or programmatically we can manipulate it by using the apis(thats what viruses use).
To Know various ways how the virus and trojans make use of registry to affect the system , and how the virus and trojan code is written follow this link.
Trojans and virus working.
No comments:
Post a Comment