Does anyone out there have some details about how Shareaza records configuration settings? Specifically my case involves v2.5 (old-school). I've read the threads on this forum and many others and they don't have the info I am looking for. Inside the application the user has the option to turn off their "shared" folders to the network. [Tools/Shareaza Settings/Library/"Allow others to browse shares"] I have not been able to locate where this option gets recorded. I have toggled the option on/off and reviewed the Registry and config files. Just a visual search of plain text. A monitor on Shareaza's IRC mentioned looking in the shareaza.db3. I'm not seeing it. I would have guessed the Registry or library1.dat. Being able to prove the application was set to share will be important to my case.
Thanks
Have you tried creating a VMware of the machine and looking at the application?
Have you tried creating a VMware of the machine and looking at the application?
I have not tried that. On Friday some guy in Sharaza's IRC chat got me turned onto the right thing. The setting for making your folders available or unavailable for others to download is stored in the Registry. I tested it on a WinXP Pro x32 machine.
Using AccessData's Registry Viewer I found it in the user's NTUSER.DAT file. Shareaza creates a big (much larger than emule anyway) registry key upon installation. [NTUSER.DAT\Software\Shareaza]. The entry for [NTUSER.DAT\Software\Shareaza\Shareaza\Community\ServeFiles] changes from 1 to 0 when the user disables sharing. The default at install is to share folders (a value of 1 in the ServeFiles key) on the network. I believe in the live Windows world that would be the CurrentUser hive.
The bonus I found was Shareaza stores user-entered search terms in the Registry [NTUSER.DAT\Software\Shareaza\Shareaza\Search]. I don't know the max number it will record but my guy had 21 entries there. None of them are good times.
Thanks.
Just for the future you could use a program like regmon to observe the behavior of the registry upon changing the shared folder option.
For the future, creating a VMware is an excellent way of finding if sharing is set in a P2P program, its very simple and nothing is as convincing for me as a screenshot of the program in a VMware showing that sharing is enabled and where. Also works well for anti-forensic tools such as CCleaner as you can screenshot exactly what it cleans.
I am testing Shareaza v2.6 for a case, and I am trying to determine where the GUID is stored in the settings files or the registry. I have discovered that a profile.xml file is created when a user generates a new GUID; the GUID is stored in plain text in that file. But, I have not yet found where the original GUID is stored. OP, were you able to discover this element in your research?
inspectaneck, I'm faced with the same issue. Any progress as of yet?