Right click to The Windows Registry : The basics of Windows Registry explained
The “ini files” were used in the older days instead of Registry. INI files are simple text files with a basic structure. It was really difficult to manage with these files in the older versions of Windows. The configuration information regarding the operating systems, application files, hardware etc were stored in these files and scattered all over the system. The Windows Registry was introduced to overcome this difficulty.
During those days when these ini files were used, while installing an application, various parameters regarding the operating system and available hardware had to be known. However, if there was any change in the hardware or operating system software, that would affect the working of the software and the usage of the ini files.
This issue was resolved with the help of Registry. In quite simple terms, the registry is a hierarchical database that stores information about the hardware, operating system, software application, the user preferences and the system preferences.
This separates the machine, the user and the software information into logically discrete units which helps to track it easily. Any change in the system or software will get reflected in the registry. Windows use the registry to get the configuration data of the software, hardware and other peripherals. A backup copy of the registry is also maintained, with which the system had successfully started up the previous time. This helps in starting Windows using the previous settings (available from the backup).
If any user has got administrator group access, it can install any software as well as modify the registry. So, while assigning the administrator group privileges to a user account, make sure that it is an authorized one.
The Registry information in Windows XP is served in multiple files in the folder: “C:/WINDOWS/system32/config/” (or root) folder of the operating system. These files cannot be edited directly; they have to be accessed through a registry editing program, such as regedit.exe or regedit32.exe.
Table of Contents
- Structure of Windows Registry
- Windows Registry Hives
- Windows Registry Values
- Windows Registry Value Types
- Windows Registry Editor
1. Structure and Working of Windows Registry:
The logical hierarchy of the entire registry is organized in folders and sub folders. The registry is divided into six main hives (or branches). Every hive contains keys, sub keys and sub-sub keys. Each key for the sub keys can also contain values. These values reflect the software and hardware information.
2. Windows Registry Hives
The Registry is split into a number of logical sections, or “hives”.
HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT CONFIG HKEY_PERFORMANCE_DATA HKEY_DYN_DATA
The HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER nodes have a structure that’s similar to each other. Applications typically look up their settings by first checking in “HKEY_CURRENT_USER/SoftwareVendor’s name/Application’s name/VersionSetting name“.
In case, the setting is not found here, it will look under the location “HKEY_LOCAL_MACHINE/SoftwareVendor’s name/Application’s name/VersionSetting name“.
It contains all information related to Windows user interface, File association mapping for drag and drop functionalities, Shortcuts and OLE (Object Linking and Embedding). When a value in the sub key of the same name is resent in both the hives, the one in HKEY_CURRENT_USER is the one that’s used.
It contains all information that’s related to the current user logged in to the system. The information also includes details such as the Desktop settings, login names and other personal specific information. This information is a copy of the currently logged in user’s configuration and other information messages that are relevant to the currently logged in user from the HKEY_USERS hive.
It contains all information regarding the hardware, software and other PC – specific preferences that are common to all the users who login to the machine.
This contains all information related to the specific preferences of an individual user, each identified by a unique security identifier called the SID. The SID is unique for the life of the system. If a user is deleted and another is created with same name, SID will be different for each. A SID value once used will not be used again.
All information regarding each and every user who has ever logged into the system is stored under the SID and copied over to the HKEY_CURRENT-USER hive at login. The particular registry information is stored on the server in case, the user has a roaming profile and is initialized when he logs in from anywhere on the network. If a user should become a part of another domain, a new SID will be created which will also contain the old SID details from the previous domain, along with all information associated with that domain.
e. HKEY_CURRENT CONFIG
It contains all information gathered when the computer boots up, and is copied and merged in from portions of HKEY_LOCAL_MACHINE, that is relevant to the current hardware profile. This information is not saved; it is generated every time the computer starts up.
It contains information that is relevant to the plug and play devices and is linked from relevant portions of HKEY_LOCAL_CONFIG. This information is dynamic and changes when devices are added or removed.
This key adds runtime information into the performance data that is provided by either the NT kernel itself or other programs that provide performance data. This key is not displayed in the Registry Editor, but it is visible through the registry functions in the Windows API.
3. Windows Registry Values
The values of registry contents are categorized into three primary types – DWORD, String and Binary. These are categorized according to their context:
String: Used for human readable text entries.
Binary: Mainly used for hardware and device setting data in raw binary. It is entered in the hexa decimal format.
DWORD: Allowed for boolean entries and used where the options are a list of choices. Each of them could include a different behavior according to the relevant section of the operating system, hardware or application.
4. Windows Registry Value Types
REG_DWORD REG_BINARY REG_SZ REG_EXPAND_SZ REG_MUTI_SZ
a. REG_DWORD (DWORD value)
It is usually used for boolean values and is a four byte number. Many device drivers and services use DWORD values to toggle between options. For example, the UpdateMode setting that controls refresh rates, can have the setting as either 0 (disabled) or 1(enabled). If the DWORD value is set to 0, refreshing does not take place. Each setting has a specific default DWORD value that is used by the system.
b. REG_BINARY (binary value)
It is used to store information as raw binary data and is usually used for hardware components.
The string value types however can be expanded to accommodate variables and multiple values. These value types are denoted as:
It is the standard string used to display human readable text.
It represents expandable data strings that permits storing variables which can be replaced by actual values, by the application calling the key.
It is used to store multiple values in lists, each entry being separated by a NULL character. This is analogous to arrays in programming. For example, a registry entry could be created to store the IP addresses of multiple time servers. An application program would then refer to the registry entry and cycle through the list of IP addresses.
5. Windows Registry Editor
Regedit is a program that can be used to create and edit the registry. It can be launched using Run -> regedit. The backup and restore of the Registry contents can be done in two steps as::
- Backup the contents of the entire Registry.
- Export the specific key that you are going to edit.
How to Export the Registry:
- Open Regedit (Run -> regedit)
- Find the key or sub-key that you want to edit
- Click on it and choose File -> Export
Select the location to which the file should be stored and save the file name. If you keep the filename as .reg itself, then clicking on the file itself will overwrite the content. So, it is recommended to save the file as .bak to avoid this problem
How to backup the entire Registry:
All programs -> Accessories -> System tools -> Backup -> Select the check box that says “System state Data”
This will backup the registry, boot files and the COM+ class registration databases. It is simple to restore individual keys. Click on the .reg file that you saved.
To restore the “system state“, you can use the backup utility. You only need to select the corresponding option.
Editing the Registry
Regedit can be used for adding, deleting, editing and renaming sub layer values. To edit the values, navigate to the exact location via “registry.exe” and double click on the values.
To add a Key:
Right Click on the parent key -> New -> Key (key) -> New -> Value (Value) [from the options DWORD,STRING,BINARY etc]
How to create and use .reg files to edit the registry:
The .reg file is actually a text file which will open in any ASCII editor like Notepad. This uses a specific syntax that the registry organizes. The best tool to edit the registry value is “regedit.exe“. You can export and edit the content using it and modify the value by renaming it to .reg and then double clicking it.
You need to make sure that the syntax is correct. If there is mistake in the syntax, it will affect the system on the next reboot of the machine.
Export the key as .reg file using the registry. More details about this is available in Wikipedia. I have mentioned the link in the reference section.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMSelect] "Current"=dword:00000001 "Default"=dword:00000001 "Failed"=dword:00000000 "LastKnownGood"=dword:00000002
To delete and rename the registry key:
Some of the manual registry editing information is mentioned below. If you want to delete the key entries in the registry using the .reg file, you can use the hyphen symbol.
Eg: [-HKEY_CURRENT_USER/Control Panel/Test]
This will delete the test key in the specific path.
To delete values, put a hyphen symbol after the “equal to” sign of the data name.
Eg: [-HKEY_CURRENT_USER/Control Panel/Test]
To rename it, specify the new name immediately after deleting it.
[-HKEY_CURRENT_USER/Software/Test123] [HKEY_CURRENT_USER/Software/TestNew] "TestItem"=DWORD:00000002 "AnotherName"="Previous test" [HKEY_CURRENT_USER/Software/TestNew] "TestItem"=DWORD:00000002 "AnotherName"=-
This article only concentrates on the basics of Windows Registry. Any incorrect edit of the registry will cause problems to the system, which makes it necessary to be careful while doing this. There are many Third party tools that are available for the registry editing purpose.
About the Author :
Joseph Symon has been with Bobcares for more than two years. He has marked his presence in the company through his contributions towards enriching the knowledge level in the company. He is a Linux expert, and specializes in installing and configuring systems and customizing them for specific needs. Joseph is highly passionate about learning new technologies.