The registry is a hierarchical database that contains virtually all information about your computer's configuration. Under previous version of Windows, those setting where contained in files like config.sys, autoexec.bat, win.ini, system.ini, control.ini and so on. From this you can understand how important the registry is.
Like others parts of Windows, the concept of the registry evolved over time. It was introduced under Windows 3.1, where some information went into the registry and other into ini files.
Windows 95/98 and Windows NT have an identical registry format, but the content is different. The structure of the registry is similar to the ini files structure, but it goes beyond the concept of ini files because it offers a hierarchical structure, similar to the folders and files on hard disk. In fact the procedure to get to the elements of the registry is similar to the way to get to folders and files.
Because of the differences between Win95/98 and Windows NT registry I should
write two different documents. At this moment I have no time to do this: so I
will examine the Win95/98 registry with just some reference to WinNT.
I'm sorry with all WinNT users (I'm one), and I promise to write something about
it in the future ;-) .
The Registry Editor is a utility that allows you to see, search, modify and save the registry database of Windows. The Registry Editor is for the configuration registry what the Notepad is for text files.
The Registry Editor doesn't validate the values you are writing: it allows any operation. So you have to pay close attention, because no error message will be shown if you make a wrong operation.
To launch the Registry Editor simply run RegEdit.exe ( under
WinNT run RegEdt32.exe with administer privileges).
Figure 1a shows you the Registry Editor under
Win95/98.
Under Win95/98, when you launch the registry editor, you see a window divided
in two sections: in the left one there is a hierarchical structure of the
database, in the right one there are the values.
I'm not going to explain to you how to add and delete values and keys, or how
to browse the registry, because I think you will be able to learn it by
yourself (if not, please close the registry and don't touch it!)
When you work with the Registry Editor, you will see that each value has an
icon. That icon specifies the type of value:
![]() String value |
![]() DWORD or Binary value |
Other registry editors (such as Norton Registry Editor) have different icons.
Not many people know that the Registry Editor also has several line arguments.
Here is a list of them:
FILENAME.REG | to merge a .reg file with the registry |
/L:SYSTEM | to specify the position of SYSTEM.DAT |
/R:USER | to specify the position of USER.DAT |
/e FILENAME.REG [KEY] | to export the registry to a file. Specifying a key, its branch will be exported |
/c FILENAME.REG | to substitute all the registry with a .reg file |
/s | to work silently, without prompt information |
If you need more information about how a .reg file is structured see
"How a .reg file is structured"
.
As I told you before, the registry is organized into keys and subkeys. Each key contains a values entry (just values for the future), each one has a name, a type (sometimes called a class) and the value itself. The name is a string that identifies the value to the key.
With the MS Registry Editor you can manage just three types of values, but the
registry has ten different types. The length and the format of the value is
dependent on the data type. For example a DWORD is always 4 bytes, but others
could be 1 Mb. Table 2 describes the principal values available.
String | to store string data |
DWORD | to store numerical data (maximum value could be hex:FFFFFFFF or dec: 4294967295). |
Binary | to store binary data |
Expanded String | to store string data that includes environment variables within the string. |
Extended String | to store several string together in a single registry entry. |
As you can see with the Registry Editor, the registry is divided into five
principal keys (handles): there is no way to add or delete keys at this level.
Only two of these keys are effectively saved on hard disk: HKEY_LOCAL_MACHINE
and HKEY_USERS. The others are simply aliases of branches of these two
principal keys or are created dynamically by Windows.
What follows is a short description of each key.
HKEY_LOCAL_MACHINE
This key contains any hardware, applications and services information. Several hardware information is updated automatically while the computer is booting. The data stored in this key is shared with any user. This handle has many subkeys: |
|||||||||
|
|||||||||
HKEY_CLASSES_ROOT This key is an alias of the branch HKEY_LOCAL_MACHINE\Software\Classes and contains OLE, drag'n'drop, shortcut and file association information. Some people ask why there is an alias. The answer is: to be compatible with Win311, which has a key called HKEY_CLASSES_ROOT. |
|||||||||
HKEY_CURRENT_CONFIG This key is also an alias. It contains a copy of the branch HKEY_LOCAL_MACHINE\Config, with the current computer configuration. |
|||||||||
HKEY_DYN_DATA Some information stored in the registry changes frequently, so Windows maintains part of the registry in memory instead of on the hard disk. For example it stores PnP information and computer performance. This key has two sub keys: |
|||||||||
|
|||||||||
HKEY_USERS This important key contains the sub key .Default and another key for each user that has access to the computer. If there is just one user, only .Default key exists. . Each sub key maintains the preferences of each user, like the desktop colors, the fonts used, and also the settings of many programs. If you open a user subkey you will find five important subkeys: |
|||||||||
|
|||||||||
HKEY_CURRENT_USER It is an alias to current user of HKEY_USERS. If your computer is not configured for multi-users usage, it points to the subkey .Default of HKEY_USERS. |
If you open a .reg file with NotePad (don't double click it or you will add it to the registry) you will see that it is simply an ASCII file, but it has some peculiarities that distinguish it from other files. The first characteristic is that, on the first line, there is the word REGEDIT4. This word is to let the file be recognized by the Registry Editor as a registry file. Then you will find a list of information that is effectively data for the registry.
Any keys are declared in quadric bracket, with full pathname so: [HKEY_USERS\.Default\Software] indicates: "the subkey Software, under .Default, under HKEY_USERS". Any key of the path that doesn't exist will be created.
After the key declaration you will see a list of values that are to be set
under that key.
The values look like this:
"My string" = "string value" is a string |
"My dword" = dword:123456789 is a dword |
"My binary" = hex:AA,BB,CC is a standard binary |
"My other type" = hex(2):AA,BB,00 is an expand string |
My Short registry introduction ends here. My objective was to help everybody understand this mysterious registry thing. If you are a developer, or a registry expert, you probably have not found anything new, but if you are a beginner I hope you have learned something new.
In any case pay attention when modifying the registry, unless you want to
reinstall the operating system.