You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Advanced Scripting » Registry Easter Egg
Register User       Forum List       Calendar       FAQ
Page 1 of 1 1
Topic Options
#133715 - 2005-02-13 10:17 AM Registry Easter Egg
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11625
Loc: CA
This has been around for ever, but recently came across it again so thought I'd write a little script to show the entries for the Explorer\UserAssist\ keys in the Registry.
Count Keys in the Windows Registry

Give the script a test run and see some of what Microsoft is recording about your system.


Break On
Dim $SO,$Pause
$SO=SetOption('Explicit','On')
$SO=SetOption('NoVarsInStrings','On')
$SO=SetOption('WrapAtEOL','On')
 
Dim $K1,$K2,$Key,$KValue,$Value,$Index
$K1='HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count'
$K2='HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count'
; Set the forground color to WHITE and the background color to LIGHT RED 
COLOR 'w+/r+'
? '********************'
? '* [ EASTER EGG 1 ] *'
? '********************'
COLOR 'y+/n'
$KValue=ArrayEnumValue($K1+'\'+$Key)
$Index=0
For Each $Value In $KValue
	? 'Easter Egg: '+$Index + '  ' + Rot13($Value)
	$Index = $Index + 1
Next
; Set the forground color to WHITE and the background color to DARK BLUE 
COLOR 'w+/b'
?
? '********************'
? '* [ EASTER EGG 2 ] *'
? '********************'
COLOR 'y+/n'
$KValue=ArrayEnumValue($K2+'\'+$Key)
$Index=0
For Each $Value In $KValue
	? 'Easter Egg: '+$Index + '  ' + Rot13($Value)
	$Index = $Index + 1
Next
 
COLOR 'w+/r+'
?? 'Press a key to continue...'
Get $Pause
 
Function ArrayEnumValue($RegSubKey)
	Dim $RetCode, $ValueCounter, $CurrentValue, $ValueArray
	If Not KeyExist($RegSubKey)
		Exit 87
	EndIf
	$ValueCounter=0
	Do
		$currentvalue=enumvalue($regsubkey,$valuecounter)
		If Not @ERROR
			ReDim PreServe $ValueArray[$ValueCounter]
			$ValueArray[$ValueCounter]=$CurrentValue
			$ValueCounter=$ValueCounter+1
		EndIf
	Until @ERROR
	$ArrayEnumValue=$ValueArray
	Exit 0
EndFunction
 
Function Rot13($s)
	DIM $i,$c, $o,$u
	$o=SetOption("CaseSensitivity","Off")
	$u = (Ubound($s) >=0)
	If $u  $s=Join($s,@CRLF) EndIf
	For $i = 1 To Len($s)
	  $c = Substr($s,$i,1)
	  Select
	    Case $c >= 'a' And $c <= 'm'
	      $c = Chr(Asc($c)+13)
	    Case $c >= 'n' And $c <= 'z'
	      $c = Chr(Asc($c)-13)
	  EndSelect
	  $Rot13 = $Rot13+$c
	Next
	If $u $Rot13 = Split($Rot13,@CRLF) EndIf
	$o=SetOption("CaseSensitivity",$o)
EndFunction
Top
#133716 - 2005-02-13 05:29 PM Re: Registry Easter Egg
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11165
Loc: Boston, MA, USA
And what was the definition of "not user-identifyable information" again?

Those entries sound pretty identifyable to me.
_________________________
There are two types of vessels, submarines and targets.

Top
#133717 - 2005-02-15 09:48 AM Re: Registry Easter Egg
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11625
Loc: CA
So did anyone try this script and have over 1,000 entries?

Some people have reported entries of up to 5,000 according to some posts on the Web.
Top
#133718 - 2005-02-15 02:56 PM Re: Registry Easter Egg
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
I didn't count the lines, but I had to increase my buffer from 250 lines to 500 then 750 then 800 to show them all.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#133719 - 2005-02-16 12:29 AM Re: Registry Easter Egg
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11165
Loc: Boston, MA, USA
I actually added a pause after every 100 lines and had 1000+ lines of stuff to look at.
_________________________
There are two types of vessels, submarines and targets.

Top
#133720 - 2005-02-17 06:06 AM Re: Registry Easter Egg
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2127
Loc: Tulsa, OK
I guess there is atleast one thing half decent about the Win98 machine im having to use at the moment lol. only 19 values listed under these keys on here.
Top
#133721 - 2005-02-17 09:57 PM Re: Registry Easter Egg
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4673
Loc: The Netherlands
Stops at 244 lines here.
May try at work will probably get some more there.
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#133722 - 2005-02-18 02:14 PM Re: Registry Easter Egg
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
eh...
who says ms is "recording" these values?
_________________________
!

download KiXnet

Top
#133723 - 2005-02-18 07:09 PM Re: Registry Easter Egg
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11625
Loc: CA
Your system is recording them, not Microsoft.

However, Microsoft is the one that implemented the keys. They are there on a clean install of Windows since Windows 98 and still exist on Server 2003 with no 3rd party software installations.

Just not sure exactly what the real purpose is for them as I'm unable to find anyting on Microsoft site or Google that explains the real intent or purpose for them.

I'm not saying their evil, I'm not sure what there for.
Top
#133724 - 2006-01-19 08:39 AM Re: Registry Easter Egg
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11625
Loc: CA
Been a while, but I re-ran this script on my box again and found that it also stores the registration information of a couple of my programs. One of them was QuickTime 7

Supposedly this will disable the logging
Code:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\Settings]
"Instrument"=dword:00000001
"NoEncrypt"=dword:00000001
"NoLog"=dword:00000001


However I'm not positive if it will or not, but using a policy on XP will.

Code:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoInstrumentation"=dword:00000001

 
You will still have to delete the values or keys if you don't want the old history. But then new stuff should not be created.
Top
#133725 - 2006-02-16 09:14 PM Re: Registry Easter Egg
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11625
Loc: CA
Okay, been running this policy for about a month now and I can confirm that it does in fact disable updates to this key structure on my XP Pro and Server 2003 systems.


Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoInstrumentation"=dword:00000001

 
Top
#133726 - 2006-02-16 09:42 PM Re: Registry Easter Egg
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11625
Loc: CA
Recently found this KB that explains some of the Start Menu policies fo XP that can be used.


Policy Settings for the Start Menu in Windows XP
http://support.microsoft.com/kb/292504

SUMMARY
This article provides descriptions of the registry entries for policies that you can apply to the Start menu in Windows XP.
MORE INFORMATION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

You can use the Group Policy editor (Gpedit.msc) under the following location to configure Start menu features:
User Configuration \ Administrative Templates \ Start Menu and Taskbar
Note: Except when noted, all of these registry settings are under the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
The registry entries are DWORD values. A value of 1 is enabled, and a value of 0 is disabled.
Top
#133727 - 2006-02-17 03:13 PM Re: Registry Easter Egg
Björn Offline
Korg Regular
*****

Registered: 2005-12-07
Posts: 953
Loc: Stockholm, Sweden.
Mine stopped at 209 entries on one of my work-machines.

Edited by ewook (2006-02-17 03:14 PM)
Top
Page 1 of 1 1


Moderator:  Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 323 anonymous users online.
details
Newest Members
Audio, Hoschi, Comet, rrosell, PatrickPinto
17880 Registered Users
My Cookies · Mark all read Powered by UBB.threads™ Contact Us · KiXtart.org website · Top

Generated in 0.091 seconds in which 0.051 seconds were spent on a total of 12 queries. Zlib compression enabled.
Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org