Regedit help

Hellburner · Feb 4, 2001

I'm working on an easy "hidden" install for the S@H CLI client. I can not get regedit to consistently autoinstall a new string value in the ...\Run key.

here is the .reg file:

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Keybd"="c:\keyboard\keyboard.lnk"

I managed to get it to work on one machine using this format:

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]\
"Keybd"="c:\\keyboard\\keyboard.lnk"

It hasn't worked on a couple other machines, all are win98.

Any advice other than to dump windows?

Viztech · Feb 4, 2001

"Keybd"="c:\\keyboard\\keyboard.lnk"

Do I see an extra \ in there?

viz

Hellburner · Feb 4, 2001

Yes you do, \'s have some special meaning/purpose in regedit so sometimes you have to double them up for some reason???

Viztech · Feb 4, 2001

Well, so much for an easy answer.

I was looking at the Seti FAQ, and it looks like Seti log is the way to do it.

viz

Hellburner · Feb 4, 2001

I'm using SETILog to hide the CLI, I want to launch it from the registry run key. Automating the registry hack is where I'm stuck. Tossing it in the startup folder would be real easy, but far more likely to be tampered with.

Robor · Feb 4, 2001

I've been using the SetiLog method and it works fine but it still takes a few minutes to setup a client. Having a simple .reg file to install it would be awesome. This is a great idea! You could put all the necessary files on a shared network folder or even a floppy and make the setup a one step process. You could even create a small .zip/.rar file and Email it to friends who are interested.

How are you setting it up, Hellburner? By that I mean, what folder are you putting the CL client in and would we be able to easily modify the install so we could change the destination folder, add switches to point to a SetiQ server, and rename the client to seti.exe? What I do now is add the /s (to rename the client) and /h (to hide it) and create a shortcut to the SetiLog.exe program. I rename the shortcut to "Start" and drop it into the startup folder. Like you said, not the best way to get it running but it's quick and I've only had 2 people (both programmers) ask about the "Start" program.

Sorry for asking questions instead of offering advice but I'm no registry whiz.

Rob

Orange Kid · Feb 4, 2001

HB;
I think if you pm or email, office boy he can probably help you

I havent seen him on here in a while though

Hellburner · Feb 4, 2001

sysdll.exe = setiathome-3.03.i386-winnt-cmdline.exe
keyboard.exe = SETILog.exe
keyboard.lnk = uses the same command parameters as SETILog
Conagent.pif = "fixes" error in win9x during shutdown/reboot with CLI.
runkey.reg = makes registry entry so everything starts on boot.
install.bat = gets everything ready to work.

Ideally you run the install.bat, setup your S@H account info, d/l a workunit then the next time you boot it starts up invisibly.

Reality is I can't get the .reg file to consistently enter the registry key, so the best bet would be to enter it manually. Alternately you could copy the Keyboard.lnk to the startup folder.

The Keyboard.lnk file is setup for a direct connect, to change that to proxy connect change the command line to C:\keyboard\keyboard.exe -proxy address : port /h /ssysdll.exe (no spaces around the second colon)

For individual use user_info.sah could be added to the install files.

Here is the install.bat file:

copy conagent.pif c:\windows\system
md c:\keyboard
copy keyboard.exe c:\keyboard
copy keyboard.lnk c:\keyboard
copy sysdll.exe c:\keyboard
regedit /s runkey.reg
cd c:\keyboard
c:\keyboard\sysdll.exe

The above shrinks down to ~89k in a zip file. You can fit all S@H files including a workunit uncompressed on a floppy, you would need to modify the install.bat to copy all the files over and replace "c:\keyboard\sysdll.exe" with "c:\keyboard\keyboard.lnk", then the seti should be installed and running invisibly without the reboot. The registry key would most likely still need to be enter manually or keyboard.lnk added to the startup folder.

Sukhoi · Feb 4, 2001

Wow, that's a good idea Hellburner. Sorry I can't help you though. I would talk to Office Boy if you can find him.

Assimilator1 · Feb 4, 2001

I think I might be able to get him here

Hellburner · Feb 4, 2001

I've figured out part of the trouble, the way I'm doing it you have to merge the entire key, not just the single new value.

How do you add just a single value?

TheApe · Feb 4, 2001

Just an Idea but for even less tampering will be involved if you put it in the win.ini in the run= section, however here is a test registry file I used for this that worked fine

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hidden"="G:\\test\\hidden.exe"

One warning, dont put it in the default key as a lot of AV packages pick that up as virus like behaviour.... give me a mail if this dont work and I'll write u a little app to do it if all else fails..... Ohe yeah you wanna change the Version string to whatever release (4.00 I think for 9x)

EDIT : Just noticed what's wrong with your reg file,

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]\
"Keybd"="c:\\keyboard\\keyboard.lnk"

Take the \ off the end of the Run]\ part and that should be ok....

EDIT : Actually I'm feeling generouse, If you mail me with the bit's and bobs you want installed, tell me where you want them put and the like and what needs setting up I'll create you an install package and mail it back... cant say more than that

Hope that helps

Hellburner · Feb 4, 2001

That's basically what I've been beating my head against,

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Keybd"="c:\\keyboard\\keyboard.lnk"

only works on some machines, if I export the entire key, add the above value then merge it, it works...???

TheApe · Feb 4, 2001

Odd, email me the stuff and I'll put together a setup application for it using InstallShield then maybe more people could use it if they want? make it a group type thing, the idea is goo, and at least with installshield we have some majour control over what and how it does, I used to write all the installshield scripts for one of my previous companies so this shouldnt be all that much of a problem.

I'm having a quick look at it now on mine, I need to know where to get the conagent.pif file from though (use NT dont need it).... cheers..... Oh apc@ashleigh-paul.demon.co.uk or ashleigh_charlesworth@hotmail.com.......

Oh it would probly be more secure if you put the 'hidden' directory in something like c:\windows\system\keyboard or something as people will not go digging too deep then.....

Hellburner · Feb 4, 2001

Sent it out a few minutes ago.

TheApe · Feb 4, 2001

On it's way, tested it on my laptop, but give it a go, anyone up for hosting this if anyone else want's it? I have a version with an uninstaller (risk for nosey users) or a version without. If there's enough demand I'll improve the setup script so it can be placed wherever you like as at the moment it just gets put in c:\keyboard, up to you guys? runs at about 800k in one file.

Hellburner · Feb 5, 2001

TheApe's InstallShield wizard does get the registry key in.

Just a little chunky for us poor dialup folks.

I've given up on regedit for the moment, but have had some success using .INF files

Still have some work to do...

I'll let you know if it comes to anything.

Hellburner · Feb 5, 2001

I've got a functional zip package at ~89k or the do it your selfer can create a hide.inf as follows:

<<
[Version]
Signature=$Chicago$
SetupClass=BASE
Compatible=1

[DefaultInstall]
AddReg=KB.Add.Reg.95
Copyfiles=System,keyboard

[KB.Add.Reg.95]
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\run","keyboard",0,"c:\keyboard\keyboard.lnk"

[KB.Add.Reg.ntx86]
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\run","keyboard",0,"c:\keyboard\keyboard.lnk"

[SourceDisksNames]
1=%DiskName%,,0

[SourceDisksFiles]
sysdll.exe=1
keyboard.exe=1
keyboard.lnk=1
Conagent.pif=1

[DestinationDirs]
System=11
keyboard=30,"keyboard"

[System]
Conagent.pif

[keyboard]
keyboard.exe
keyboard.lnk
sysdll.exe
>>

along with the following info:

<<
sysdll.exe = setiathome-3.03.i386-winnt-cmdline.exe
keyboard.exe = SETILog.exe
keyboard.lnk = uses the same command parameters as SETILog
Conagent.pif = "fixes" error in win9x during shutdown/reboot with CLI.
Hide.inf = right click and select install

Next you either run c:\keyboard\sysdll.exe and go through your setup and d/l a wu then shut it down, or you can copy the *.sah files from your current directory. Once that's done double click the c:\keyboard\keyboard.lnk (the one with the shortcut arrow) and you should be up and running in stealth mode.

The keyboard.lnk file is setup for a direct connect, to change that to proxy connect change the command line to C:\keyboard\keyboard.exe -proxy addressort /h /ssysdll.exe

Uninstall or remove your current program, otherwise you will be running two copies.

To kill the program ctrl-alt-delete and kill the keyboard process.
>>

that

is a : p (no blank). All the files go into the same folder before installing.

Robor · Feb 6, 2001

I *really* like the idea of a method that has a simple install and an uninstall option. Even if the uninstall is only in the directory (not listed on the Programs menu) it would make it easier if say someone blows up about SETI clients on PC's and demands they be removed. For example, I'm still in charge of my LAN at work but when the Corporate office moves up here I'm going to have a Director above me who could easily figure out a hidden program "hogging" 100% of the CPU.

Plus, think of how nice it would be to have a simple <1MB file to do a completely hidden service install with a simple uninstall. Are Hellburner and/or TheApe still working toward this?

Rob

TheApe · Feb 7, 2001

Yeah, It's just about done, let me know if you want it, and I'll find somewhere to host it

Hellburner · Feb 7, 2001

rename the S@H client to Idle.exe or System Idle Process.exe

While you're at it if they are NT/2000 machines remove the memory usage column from the task manager display. You might also want to change the icon on the client to that system cog icon

Hmmm, I wonder, what's the feasibility of patching the kernel to actually use S@H as the system idle process. :Q

ElFenix · Feb 7, 2001

i don't think M$ would like us patching the kernel... they don't seem to keen on that sorta thing.

Hellburner · Feb 7, 2001

Other than M$'s trouble with it I suspect there are major technical hurdles involved with messing with the kernel, especially NT/2000.

Wiz · Feb 7, 2001

TheApe, if by "host it" you mean serving the file for download on a webserver I would be willing.
I don't see that there would be a noticable bandwidth hit by something like this, and after all
I own a hosting firm and all so I can do anything I want with it.

PM or email me the details.

Regedit help

Senior Member <br>Elite Member

Platinum Member

Senior Member <br>Elite Member

Platinum Member

Senior Member <br>Elite Member

Elite Member

Elite Member

Senior Member <br>Elite Member

Elite Member

Elite Member

Senior Member <br>Elite Member

Member

Senior Member <br>Elite Member

Member

Senior Member <br>Elite Member

Member

Senior Member <br>Elite Member

Senior Member <br>Elite Member

Elite Member

Member

Senior Member <br>Elite Member

Elite Member

Senior Member <br>Elite Member

Diamond Member