This is a very small and simple program that just writes... something to an underused registry value (tested on Win2k, WinXP). Registry is used in Windows (from version 95 and later) to store information that will be used for several purposes by the operating system or by any other application.
There are entries that perform specific tasks...
Does anyone remember the autoexec.bat or config.sys in old good DOS times? Ok, ok... these files still exists in our disks…. but their modern counterparts located in registry, specifically in keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Anyway, I will not go too far with this, because my purpose is not to explain the use of the above, instead I would like to expose a less known and underused (I suppose) registry value which is:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
The above key has 2 special string values named
(1)LegalNoticeCaption and
(2)LegalNoticeText.
You can go & see the above registry key using the registry editor. You can call it by Start|Run|Regedit. So, if you go in this key normally you will not see the two special strings (1) and (2). Instead you will see other “important & useful keys” but again this is not our goal.
You can Add manually the above string by Right Click| New| StringValue.
Now,…. What is special with those string value….. Hmmm, when the operating system starts & finds these string values it shows a message box with title the value of LegalNoticeCaption and Text the value of LegalNoticeText. …..
Do you get the message[box] ? ;-)
Now…. I am starting thinking positively…. If I write a little exe program that inserts automatically those strings, I can make a good…. but harmless surprise to any… victim’s PC I can run it.
I give you a simple Pascal (Delphi console application actually) program to do this.
program FunnyHack2;
{$APPTYPE CONSOLE}
uses
SysUtils, Registry, Windows;
const
KEY_Hack = 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon';
var
Reg: TRegistry;
begin
Reg := TRegistry.Create;
try
Reg.RootKey := HKEY_LOCAL_MACHINE;
if Reg.OpenKey(KEY_Hack, False) then
begin
Reg.WriteString('LegalNoticeCaption','"GR-Hacks"');
Reg.WriteString('LegalNoticeText','"The Greek Hackers R good Boys..."');
Reg.CloseKey;
end;
finally
Reg.Free;
end;
end.
Remember! Once you have inserted these string into registry, the operating system (Windows NT - that I ‘ve tested) will always display this message box on every restart.
To STOP this happen you ‘ve got to go and delete (manually or… programmatically ;) ) the above registry values!
Happy tricking...
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.