This is how a registry file looks like (the .reg's syntax)
RegistryEditorVersion is the version of the registry editor. if you are using windows xp or windows 2000 it should be "Windows Registry Editor Version 5.00". For Windows 98 and NT4.0 systems REGEDIT4 is the version entry in the header of the .reg file .RegistryEditorVersion
Blank line
[RegistryPath1]
"DataItemName1?="DataType1:DataValue1"
Blank line
[RegistryPath2]
"DataItemName2"="DataType2:DataValue2"
"DataItemName3"="DataType3:DataValue3"
The blank line is a must. The Blank line informs the Registry the start of a new Registry path. Before every new path you must add a blank line.
RegistryPath is the path to the location of the particular key or sub-key in the Registry . The enclosed in square brackets is a must and each sub-key level has to be separated by a backslash just like a normal file path or a url.
For example:
[HKEY_CURRENT_USER\Software\viruswriting]
If the subkey does not exist, it will be created. Multiple entries will each start with their own paths separated by blank lines.
The ?DataItemName1?=?DataType1:DataValue1? specfies the values of the key (or sub-key).DataItemName is the specified name of the data.Each key may have more than one name. This is enclosed in quotation marks.
Next is the the data type (DWORD or hexadecimal) , followed by the actual data. Incase of the
data beging of the String type, then no data type is specified. The DataType and DataValue are separated by colons. Quote("") is not necessary for the type:value if they are not string.
Here?s an example.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\viruswriting]
?Current?=?Windows XP?
?PreviewMode?=hex:04,00,00,00
No comments:
Post a Comment