Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Tutorial


  • Please log in to reply
3 replies to this topic

#1 foxfire

foxfire

  • Security Colleague
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:16 PM

Posted 03 January 2008 - 12:18 PM

This is a paragraph taken from your HighjackThis tutorial concerning the F2 Section:-

F2 and F3 entries correspond to the equivalent locations as F0 and F1, but they are instead stored in the registry for Windows versions XP, 2000, and NT. These versions of Windows do not generally use the system.ini and win.ini files. Instead of backwards compatibility they use a function called IniFileMapping. IniFileMapping, puts a all the contents of a an .ini file in the registry, with keys for each line found in the .ini key stored there Then when you run a program that normally reads their settings from an .ini file, it will first check the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping for an .ini mapping, and if found will read the settings from there instead. You can see that this key is referring to the registry as it will contain REG and then the .ini file which IniFileMapping is referring to.

QUESTION 1.

What is backward compatibility

QUESTION 2.

The ini files are moved into the Registry. OK

With keys for each line found in the ini key stored there.

I don`t understand that sentence.

Maxpapa

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:16 PM

Posted 03 January 2008 - 02:48 PM

Generally speaking, something new is said to be backward compatible when it has the ability to peform the same action/task which was designed for something older.

Windows NT/2000/XP do not use system.ini and win.ini files that were used by previous operating system versions. Instead they use IniFileMapping which places the same information (contained in these physical .ini files) into Windows Registry subkeys. The pertient keys in the registry are then used to read any .ini mappings from that location as opposed to older versions where the actual .ini files were read directly.

If you open an actual system.ini file, you may see something like this:

; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON

With IniFileMapping, each line from this file would be located in a separate .ini subkey in the registry.

See How .ini Files Are Mapped to the Registry and Use IniFileMapping (scroll down).

Backword compatibility would mean that the newer versions of Windows would have the ability to use system.ini and win.ini files in the same way they were used in prior versions. Since this is not the case, as the newer versions use a different feature (IniFileMapping), they are not considered "backwards compatible". To better understand the concept of Backward compatibility, read here.

In order to fully understand all this, you need an understanding of the Windows Registry and the operating system itself.

Understanding the Registry
Demystifying the Windows Registry
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 foxfire

foxfire
  • Topic Starter

  • Security Colleague
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:16 PM

Posted 03 January 2008 - 03:53 PM

Thank you indeed for the excellent information quietman7.

I should have thought of Wikipedia :-

"Backward compatibility is the special case of compatibility in which the new server has a direct historical ancestral relationship with the old server. If this special relationship does not exist then it not usually spoken of as "backward" compatibility but is instead just "compatible"a consistent interface allowing interoperability between components and products that were each developed separately."

but your version is much easier for a layman to understand.

The registry is a "Black hole" but I will read those tutorials.

Maxpapa

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:16 PM

Posted 03 January 2008 - 05:15 PM

Your welcome. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users