Windows XP Explained

by Abhisek Datta 

////////////////////////////////////////////////////////////////

******* WINDOWS XP EXPLAINED

******* by : Abhisek Datta [abhisek@programmer.net]

******* http://hackersclub.focusindia.com

******* http://abhisek.8m.net

////////////////////////////////////////////////////////////////

Please note that this tutorial is in BETA stage and will be updated soon.

Tutorial Name : Microsoft Windows XP [version 2002] Explained

Contents :

1.Core Kernel

2.Basic Working Structure

3.Important System Files and their workings.

4.Registry Hacking

5.Tips to improve performance.

Author : Abhisek Datta [sweetboycal@yahoo.com]

Date : 4.2.2002

1.Core Kernel

Windows XP uses the same kernel as used by Microsoft Windows 2000.Basically there is not much prior difference between the basic workings of Windows 2000 and Windows XP.

The file kernel32.dll located in C:\windows\system32 folder (considering Windows is installed on C drive) consists of the core kernel of Windows XP operating system. Windows uses this file for any operation involving hardware interaction. Windows XP supports NTFS (New type file system) file system beside the old FAT32 and FAT file system. If you install Windows XP on a newly formatted hard drive then installation of NTFS file system is a part of the setup procedure if the user confirms.

2.Basic Working Structure

Code name : project whistler (theme taken from Mt Whistler, some mountain in some country I don't know.) so it is often referred as windows whistler

Microsoft has developed Windows XP operating system with the main motive of bringing a revolutionary change in the world of Operating systems. I don't know about others but from my point of view I can see only evolutionary change in Windows XP operating system. Apart from interface improvement which was mainly evaluated from the sleek looking interface of Macintosh there are not many prior change in the working structure of this operating system and works almost the same as its predecessors.

Previously Windows 9x series and the early releases of Windows NT used to maintain separate user accounts and their individual settings using the .pwl files. But finally Microsoft has realized that this method wont work anymore cause even a kid with little knowledge of the working structure of the ever popular windows OS series can crack out the password using the .pwl file which is executed during the system startup for performing required functions.

Please note : Passwords are not stored in .pwl files. These files are encrypted file using MC-5 algorithm which is decrypted using the key from the provided password and is executed during system startup for authenticating valid user.

Windows XP maintains separate folders for separate users containing their local settings. The user with system administrator rights can access all the accessible features of windows XP and can also prevent other users access rights.

Important System File and their Workings

1. Kernel32.dll ::: This file is the heart of windows XP operating system.This file consists of the basic core kernel of Windows XP operating system. Windows uses this file to interact directly with the hardware available to the computer system and also obtaining the required operations from the corresponding device.

Path : c:\windows\system32\kernel32.dll

2. explorer.exe ::: Windows OS is different from DOS or UNIX (command base operating systems) because of its UI (user interface). The explorer.exe file located in the c:\windows directory constitute the shell (user interface) of Windows operating system. The kernel interects directly with hardware the the shell interects with the user. The kernel and the shell are the two most important part of any operating system

Note: If you ever get bored of the looks and styles of the user interface of windows operating system ie. The explorer.exe file then you can edit the system registry (for editing system registry see registry hacking part in this article) to change the explorer.exe file with some other software having the same functionality as explorer.exe but with different and customizable look.

For example you can check out Talisman available at http://www.talisman.com (Hey guys I prefer not to replace the explorer.exe file with these kinda utility softwares as they consume much more memory than the original one and further they slows down the system and also prevents many new functions of windows XP OS.)

3. Utility Tools::

C:\WINDOWS\system32\shutdown-r [restart]

C:\WINDOWS\system32\shutdown-s [shutdown]

===============

All programs located in c:\windows\system32 folder

shutdown.exe (shutdown pro)

systeminfo.exe(systeminfo pro)

bootcfg.exe (boot loader info pro)

cipher.exe (NTFS encrypting pro)

4. Shutdown Shortcut::

Now its time for the good'ol ever popular shutdown shortcut trick used widely in windows 98.But the same c:\windows\rundll.exe user.exe,exitwindows trick doesn't work in Windows XP anymore. Well everything is same just a little change in file execution and its mode of execution.

Right click on an empty space on the desktop and select New > Shortcut

In the command line box type that following :

[For shutdown]

C:\windows\system32\shutdown.exe -s -t 00

[For restart]

C:\windows\system32\shutdown.exe -r -t 00

Now click next and your shutdown/restart shortcut is ready to use.

REGISTRY HACKING

Shut Down without logon:

I am sure you have seen the new feature of Windows XP which offers shut down option without being logged in to the system as a legal user. When you are on the login screen then you can find a option to shut down the computer.

Here's the registry key for it :

REGEDIT 4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

"shutdownwithoutlogon"="DWORD:0"

Note: 0 means disabled 1 means enables

Display of last user name:

By default Windows XP displays the last user name. This may be a security problem for some users who doest want to let others know about there login details. Here's the registry trick to disable it :

REGEDIT 4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

"dontdisplaylastusername"="DWORD:0"

Note: 0 means disabled 1 means enables

Display legal notice on startup:

Wanna tell your friends about the do's and dont's in your computer when they login in your absence. Well you can do it pretty easily by displaying a legal notice at system start up.

REGEDIT 4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

"legalnoticecaption"="enter your notice caption"

"legalnoticetext"="enter your legal notice text"

MSN login details:

By default Windows XP provides communication tool for communicating with your friends over the net using MSN messenger, MSN explorer. But did you ever wanted to know about the servers and protocols MSN uses for communicating your computer so easily and smoothly to the highly crowded MSN servers. Here you can search for info:

just browse to this location..select passport and on the right pane you will see the details..

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport

Default program for files of different extensions:

Browse to this registry key..select extensions and on the right pane view the options..

You can edit the default programe for different extensions simple double clicking the key..

Note: note that there is a ^ sign in between the path and extension of the programe.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Extensions

Automatic Administrator Login:

Well here's the trick which you can use to prove that Windows XP is not at all secure as multi-user operating system. Hacking the system registry from any account having access to system registry puts you in to the administrator account.

REGEDIT 4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"AutoAdminLogon"="1"

Not only this option but you will find many more option in this registry path like changing default user name,auto start of windows shell (by default explorer.exe),option to change the windows default shell.

No Shutdown:

Wanna play with your friends by removing the shutdown option from start menu in their computer.

Just hack it down !!!

Regedit 4

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer

"NoClose"="DWORD:1"

TIPS AND TRICKS

System Restore

System Restore is actually a very handy application that, unless you use your PC expressly for high-performance tasks like gaming, you should probably leave alone. It creates periodic snapshots of your critical system files (like the registry files, COM+ database, user profiles, and such) and stores them as a "restore point." Should you install an application that hoses your system, or if something important gets corrupted, you can revert the computer to the state it was in at a restore point and go on happily using it.

Restore points are automatically created by the System Restore service upon several events, such as when a new application is installed, a Windows update is applied, an unsigned driver is installed, or some other event occurs that could have a negative effect on the operating system. You may create manual restore points through System Restore's main interface, which you can access through Start\Programs\Accessories\System Tools\System Restore.

System Restore does require a service to run in the background that has a minimal performance impact, and its recorded backups take up hard drive space. You can control how much space it's allowed (which affects how many restore points it can create), and shut it down entirely, through the System Restore tab in the System Properties tool.

The System Restore dialog lists each active drive partition. You can adjust the percentage of space that System Restore is allowed to work with on each one. There's also a checkbox that allows you to shut down System Restore entirely for all drives.

System Restore can adversely affect application benchmark software, and might operate during active test periods, so test labs routinely disable System Restore under XP and Me before testing, and you should too when running benchmarks.

Windows XP: Activate

What would a Microsoft release be without complaints and conspiracy theories? Windows XP is no exception. The most notable controversy in the days leading up to its release was undoubtedly the new Windows Product Activation (WPA), which is designed to help Microsoft improve compliance with the Windows license agreement. The agreement states that each copy of the operating system can be installed on only one machine at a time. Such a restriction is nothing new, but Microsoft has never been able to enforce it adequately.WPA requires you to activate Windows XP (via the Internet or telephone) within 30 days of installation. If you wait too long, you'll be locked out of the system. To activate Windows XP, WPA creates a nonunique value based on up to ten pieces of information from your video card, network card, SCSI controller, hard drive, CPU, and memory configuration. The tool then uses a combination of the 25-digit product ID code and the nonunique value to create a number, which Microsoft exchanges for a code that activates your copy of the OS.Although discouraging illegal duplication of the OS is reasonable, some believe WPA is invasive. It is not surprising that Big Brother myths like "Microsoft knows who you are" have surfaced. The reality-according to Microsoft-is that when you activate, the only personal information required is your country. Registration-as opposed to activation-requires your name and address, but it is optional.Once your copy of Windows XP is activated, you must reactivate if you substantially change your hardware or install Windows XP on another PC. And if you attempt to activate your copy of the OS on more than one machine, you must call Microsoft and explain. We installed and activated Windows XP, then changed every component (including the motherboard) on our test PC to see what would happen. We changed at least six components before we had to reactivate the operating system. If you add or change only a few items, you shouldn't have a problem. If you reinstall the OS on the same computer, you'll need to reactivate. Since the hardware hasn't changed, you can reactivate through the Internet.Activating through the Internet is surprisingly fast. If you activate by phone, you'll probably have to wait (depending on call volume), but during the beta period, the entire phone call, including wait time, reading the 50-digit number, and receiving the 42-digit activation code, took about 10 minutes.Microsoft has made some concessions to power users. For example, a copy of Windows XP can be reactivated every 120 days, in case you change hardware or systems often.Of course, many users will never experience WPA. Most PC vendors will preactivate Windows XP. In addition, vendors can key Windows XP activation to a single value in the BIOS. You then can change everything in the machine without reactivating if the BIOS doesn't change. And corporate customers can buy volume licenses, which don't require activation.

Registry hack of xp:

Before we start tweaking, I recommend you set up a few things on your operating system. Make sure you have Administrator privileges on the computer you are tweaking as some options may have been disabled for use by standard users. Also, there's ClearType. ClearType basically works to make text on your screen appear much clearer and readable - a massive boon for laptop owners. It works wonders for desktop owners as well - as you can observe from the below pictures...

ClearType Off

ClearType On

To turn ClearType on, just access your Display properties in Control Panel, then click on the 'Appearances' tab. Then click the 'Effects...' button, and you will get a dialog like the one below.

Tick 'Use the following method to smooth edges of screen fonts...' and change the listbox to 'ClearType'. Then just click OK, Apply, and close down your dialogs.

Tweak #1 - MsConfig

Most of you will be familiar with MsConfig, which is basically a built-in system configuration utility for Windows. Open it up by simply going to Start -> Run..., then type 'msconfig' in the box and press enter. Now, the tab we are interested in here is the 'Startup' tab... simply click on it and you should see a screen similar to the one below.

This box displays all of the programs that will be started when Windows boots up. None of these programs are vital for Windows, so don't feel worried about removing some of them in experimentation. You can see from the screenshot that I have disabled both NDetect (ICQ's start-up program) and WinAmpa (WinAmp, obviously). Now, if you've unchecked some boxes, Windows should start up faster and will take less resources by not running these programs in the background.

Tweak #2 - More Startup Tweakage

Now we're going to take the tweak above and go one step futher. Go to Start -> Run again, then type 'services.msc'. You should get:

This is a more detailed list of processes that are starting up with Windows. All those items with 'Automatic' listed next to their names are booting with Windows. Click on the items to find out just what they do. If you decide you don't need a certain service, you can simply right-click on it and change it's properties from 'Automatic' to 'Manual'.

Tweak #3 - Speeding Up Internet Explorer

This is a handy little trick you can use with Internet Explorer 6 (which ships with XP) to make it boot up extremely fast - instantly, on my system :). This should be familiar to those of you who have created shortcuts for Half-Life mods and the like. For those of you who aren't familiar, simply right-click on a shortcut to Internet Explorer (such as the one in the Quicklaunch bar) and add the parameter '-nohome' to the end of the command line, like so:

Tweak #4 - Menu Delays

Another minor and easy tweak to remove any delay from menus sliding out. For this you will need to use regedit (open regedit by going to Start -> Run..., then typing 'regedit' and pressing enter). The key you need to change is located in HKEY_CURRENT_USERControl PanelDesktop. The actual key is called MenuShowDelay - all you have to do is change the value to 0. Remember, you will have to re-boot your computer for this tweak to take effect.

Tweak #5 - GPEDIT.MSC And Autoplay

A great tweaking file that comes with XP is gpedit.msc. Go to Start -> Run... and then type in 'gpedit.msc' and press enter. This is effectively the Policies Editor, and it comes in handy often. For example, if you hate CD autoplay like I do and want to permanently disable it, you can use this tool to do so. Just run gpedit.msc, then go to Computer Configuration -> Administrative Templates -> System. In here you can see the value 'Turn Off Autoplay'. Right-click on it and then click 'Properties'.

Now you can simply play around with the settings for this and other values in these folders, customizing appearance and performance issues.

Tweak6:

Increasing options in add/remove programs:

Not a fan of MSN Messenger? don't want Windows Media Player on your system? Fair enough, but if you go to Add/Remove Programs in the Control Panel, by default none of Windows XP's 'built in' programs are visible. it's fairly easy to change, though... just open the file X:\Windows\inf\sysoc.inf (where X: is the drive letter where Windows XP is installed) in Notepad. You should see a section of the file something like this:

[Components]

NtComponents=ntoc.dll,NtOcSetupProc,,4

WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7

Display=desk.cpl,DisplayOcSetupProc,,7

Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7

NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7

iis=iis.dll,OcEntry,iis.inf,,7

com=comsetup.dll,OcEntry,comnt5.inf,hide,7

dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7

IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7

TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2

msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6

ims=imsinsnt.dll,OcEntry,ims.inf,,7

fp_extensions=fp40ext.dll,FrontPage4Extensions,fp40ext.inf,,7

AutoUpdate=ocgen.dll,OcEntry,au.inf,hide,7

msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7

RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7

IEAccess=ocgen.dll,OcEntry,ieaccess.inf,,7

This is a list of all components installed at the moment. I've taken the example of MSN Messenger - the program entry called 'msmsgs', third-last line. You can see the word 'hide' highlighted - this is the string which tells Windows not to display the component in the Add/Remove Programs list. Fix this up by simply deleting the word 'hide' like so:

msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7

To this:

msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,,7

Now, after restarting, you should be able to see MSN Messenger in the Add/Remove Programs list. If you want to be able to quickly view and remove all components, simply open the sysoc.inf file and do a global find and replace for the word ",hide" and replace it with a single comma ",".

Tweak #7 - Disabling Windows File Protection

WARNING: Using this tweak means you will be able to delete vital Windows files.

here's a quick tweak to be able to totally disable Windows File Protection, the system that prevent users from deleting system and program files. Simply find the key SFCDisable in HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon and edit it to hold the value 0xFFFFFF9D.

If you want to re-enable File Protection, just re-set the value to 0.

Tweak #8 - Automatically Kill Programs At Shutdown

don't you hate it when, while trying to shut down, you get message boxes telling you that a program is still running? Making it so that Windows automatically kills applications running is a snap. Simply navigate to the HKEY_CURRENT_USERControl PanelDesktop directory in the Registry, then alter the key AutoEndTasks to the value 1.

Note: the key 'AutoEndTasks' might not exist. If not, simply create it with a value of 1. To disable the AutoEndTask feature, simply change the value back to 0.

There are several memory tweaks that can be performed with Windows XP - all of them are located in the

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory Management

section of the registry.

Disable Paging Executive

In normal usage, XP pages sections from RAM memory to the hard drive. We can stop this happening and keep the data in RAM, resulting in improved performance. Note that only users with a large amount of RAM (256MB+) should use this setting. The setting we want to change to disable the 'Paging Executive', as it is called, is called DisablePagingExecutive. Changing the value of this key from 0 to 1 will de-activate memory paging.

System Cache Boost

Changing the value of the key LargeSystemCache from 0 to 1 will tell Windows XP to allocate all but 4MB of system memory to the file system cache, basically meaning that the XP Kernel can run in memory, greatly improving it's speed. The 4MB of memory left is used for disk caching, but if for any reason more is needed, XP allocates more. Generally, this tweak improves performance by a fair bit but can, in some intensive applications, degrade performance. As with the above tweak, you should have at least 256MB of RAM before attempting to enable LargeSystemCache.

Input/Output Performance

This tweak is only really valuable to anyone running a server - it improves performace while a computer is performing large file transfer operations. By default, the value does not appear in the registry, so you will have to create a REG_DWORD value called IOPageLockLimit. The data for this value is in bytes, and defaults to 512KB on machines that have the value. Most people using this tweak have found maximum performance in the 8 to 16 megabyte range, so you will have to play around with the value to find the best performance. Remeber that the value is measured in bytes, so if you want, say, 12MB allocated, it's 12 * 1024 * 1024, or 12582912. As with all these memory tweaks, you should only use this if you have 256MB or more of RAM.

Tweak #10 - Speeding Up Share Viewing

This is a great tweak. Before I found it, I was always smashing my head against the table waiting to view shares on other computers. Basically, when you connect to another computer with Windows XP, it checks for any Scheduled tasks on that computer - a fairly useless task, but one that can add up to 30 seconds of waiting on the other end - not good! Fortunately, it's fairly easy to disable this process. First, navigate to

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Explorer/RemoteComputer/NameSpace in the Registry. Below that, there should be a key called {D6277990-4C6A-11CF-8D87-00AA0060F5BF}. Just delete this, and after a restart, Windows will no longer check for scheduled tasks - mucho performance improvement!

Tweak #11 - Prioritizing Individual Processes

This is so simple it's not funny, but it leads into the next tweak... anyway, if you press Control+Alt+Delete, then click on the 'Processes' tab, you should get a dialog like the one above. You can see a list of all the processes running at the time. Now, if you are running a program that you want to dedicate more processing time to - eg, 3D Studio Max, as in my example, you can just right-click on the process, move your cursor down to 'Set Priority >', then select how high you want that program prioritized. While I'm checking my email, I might want a Normal priority for Max, but if I leave my Computer, I can increass it to 'RealTime' to get the most rendering done. Easy!

Tweak #12 - Prioritizing IRQs

The last tweak for this guide - and a good one. The main components of your computer have an IRQ number assigned to them. With this tweak we can increase the priority given to any IRQ number, thereby improving the performance of that component. The most common component this tweak is used for is the System CMOS/real time clock, which improves performance across the board. First of all, decide which component you want to give a performance boost to. Next, you have to discover which IRQ that piece of hardware is using. To do this, simply go to Control Panel, then open the System panel (You can also press the shortcut of Windows+Break). Click the 'Hardware' tab, then on the 'Device Manager' button.

Now, right click on the component you want to discover the IRQ for and click 'Properties', then click on the 'Resources' tab.

You can plainly see which IRQ this device is using (if there is no IRQ number, select another device). Remember the number and close down all of the dialog boxes you have opened, then start up RegEdit.

Navigate to HKEY_LOCAL_MACHINESystemCurrentControlSetControlPriorityControl in the registry. Now, we have to create a new DWORD value - called IRQ#Priority (where '#' is the IRQ number), then set the data to 1. For example, the IRQ of my System CMOS is 8, so I would create the key IRQ8Priority.

Now, after restarting, you should notice improved performance in the component you tweaked. I would strongly recommend the CMOS, as it improves performance around the board. Also note that you can have multiple IRQ prioritized, but it is fairly inefficient and can cause instability. To remove this tweak, simply delete the value you created.

BY

ABHISEK DATTA

abhisek@programmer.net

http://abhisek.8m.net

http://hackersclub.focusindia.com

NOTE: THE TIPS AND TRICKS PART IS NOT WRITTEN ENTIRELY BY ME. ARTICLE TAKEN FROM CNN NETWORK AND CONTRIBUTE BY AJIT RAY(member@http://hackersclub.focusindia.com). ARTICLE EDITED AND PROVIDE WITH SOME MORE VALUABLE INFORMATION BY ME