Back to REGISTRY Page
REGISTRY INTRODUCTION
Don't you know anything about configuration registry?


Index

~ Introduction ~

The registry is a hierarchical database that contains virtually all information about your computer's configuration. Under previous version of Windows, those setting where contained in files like config.sys, autoexec.bat, win.ini, system.ini, control.ini and so on. From this you can understand how important the registry is.

Like others parts of Windows, the concept of the registry evolved over time. It was introduced under Windows 3.1, where some information went into the registry and other into ini files.

Windows 95/98 and Windows NT have an identical registry format, but the content is different. The structure of the registry is similar to the ini files structure, but it goes beyond the concept of ini files because it offers a hierarchical structure, similar to the folders and files on hard disk. In fact the procedure to get to the elements of the registry is similar to the way to get to folders and files.

Because of the differences between Win95/98 and Windows NT registry I should write two different documents. At this moment I have no time to do this: so I will examine the Win95/98 registry with just some reference to WinNT.
I'm sorry with all WinNT users (I'm one), and I promise to write something about it in the future ;-) .

back to top



~ The Registry Editor ~

The Registry Editor is a utility that allows you to see, search, modify and save the registry database of Windows. The Registry Editor is for the configuration registry what the Notepad is for text files.

The Registry Editor doesn't validate the values you are writing: it allows any operation. So you have to pay close attention, because no error message will be shown if you make a wrong operation.

To launch the Registry Editor simply run RegEdit.exe ( under WinNT run RegEdt32.exe with administer privileges).

Figure 1a shows you the Registry Editor under Win95/98.

Figure 1a - Registry Editor under Win95/98
Figure 1a - Registry Editor under Win95/98

Under Win95/98, when you launch the registry editor, you see a window divided in two sections: in the left one there is a hierarchical structure of the database, in the right one there are the values.
I'm not going to explain to you how to add and delete values and keys, or how to browse the registry, because I think you will be able to learn it by yourself (if not, please close the registry and don't touch it!)

When you work with the Registry Editor, you will see that each value has an icon. That icon specifies the type of value:

String value
String value
String value
DWORD or Binary value

Other registry editors (such as Norton Registry Editor) have different icons.

Not many people know that the Registry Editor also has several line arguments. Here is a list of them:

FILENAME.REG to merge a .reg file with the registry
/L:SYSTEM to specify the position of SYSTEM.DAT
/R:USER to specify the position of USER.DAT
/e FILENAME.REG [KEY] to export the registry to a file. Specifying a key, its branch will be exported
/c FILENAME.REG to substitute all the registry with a .reg file
/s to work silently, without prompt information

If you need more information about how a .reg file is structured see "How a .reg file is structured" .

back to top



~ The structure of the configuration registry ~


Values

As I told you before, the registry is organized into keys and subkeys. Each key contains a values entry (just values for the future), each one has a name, a type (sometimes called a class) and the value itself. The name is a string that identifies the value to the key.

With the MS Registry Editor you can manage just three types of values, but the registry has ten different types. The length and the format of the value is dependent on the data type. For example a DWORD is always 4 bytes, but others could be 1 Mb. Table 2 describes the principal values available.

String to store string data
DWORD to store numerical data (maximum value could be hex:FFFFFFFF or dec: 4294967295).
Binary to store binary data
Expanded String to store string data that includes environment variables within the string.
Extended String to store several string together in a single registry entry.
Table 2 - Principal value types


The other five types are sub types of these five. Under Registry Editor you will see all values that are not String or DWORD as Binary.


Keys and subkeys

As you can see with the Registry Editor, the registry is divided into five principal keys (handles): there is no way to add or delete keys at this level. Only two of these keys are effectively saved on hard disk: HKEY_LOCAL_MACHINE and HKEY_USERS. The others are simply aliases of branches of these two principal keys or are created dynamically by Windows.
What follows is a short description of each key.

HKEY_LOCAL_MACHINE
This key contains any hardware, applications and services information. Several hardware information is updated automatically while the computer is booting. The data stored in this key is shared with any user. This handle has many subkeys:
Config
Contains configuration data for different hardware configurations. If a laptop has one configuration when it is alone and one when it is into its docking station, both configurations are stored here.
Enum
This is the device data. For each device in your computer, you can find information such as the device type, the hardware manufacturer, device drivers and the configuration.
Hardware
This key contains a list of serial ports, processors and floating point processors.
Network
Contains network information.
Security
Shows you network security information.
Software
This key contains data about installed software, with file associations and software setting.
System
It contains data that checks which device drivers are used by Windows and how they are configured.

HKEY_CLASSES_ROOT

This key is an alias of the branch HKEY_LOCAL_MACHINE\Software\Classes and contains OLE, drag'n'drop, shortcut and file association information. Some people ask why there is an alias. The answer is: to be compatible with Win311, which has a key called HKEY_CLASSES_ROOT.

HKEY_CURRENT_CONFIG

This key is also an alias. It contains a copy of the branch HKEY_LOCAL_MACHINE\Config, with the current computer configuration.

HKEY_DYN_DATA

Some information stored in the registry changes frequently, so Windows maintains part of the registry in memory instead of on the hard disk. For example it stores PnP information and computer performance. This key has two sub keys:
Config Manager
This key contains all hardware information problem codes, with their status. There is also the sub key HKEY_LOCAL_MACHINE\Enum, but written in a different way.
PerfStats
It contains performance data about system and network.

HKEY_USERS

This important key contains the sub key .Default and another key for each user that has access to the computer. If there is just one user, only .Default key exists. . Each sub key maintains the preferences of each user, like the desktop colors, the fonts used, and also the settings of many programs. If you open a user subkey you will find five important subkeys:
AppEvent
It contains the path of audio files that Windows plays when some events happen.
Control Panel
Here are the settings defined in the Control Panel. They used to be stored in win.ini and control.ini.
Keyboard Layouts
It contains a voice that identify the actual keyboard disposition how it is set into the Control Panel.
Network
This key stores subkeys that describe current and recent network shortcuts.
RemoteAccess
The settings of Remote Access are stored here.
Software
Contains all software settings. This data was stored in win.ini and private .ini files.

HKEY_CURRENT_USER

It is an alias to current user of HKEY_USERS. If your computer is not configured for multi-users usage, it points to the subkey .Default of HKEY_USERS.

Note: you have probably noticed in HKLM and HKUS some more subkeys than what I have described. This is due to your computer configuration (hardware and software).

back to top



~ How a .reg file is structured ~

If you open a .reg file with NotePad (don't double click it or you will add it to the registry) you will see that it is simply an ASCII file, but it has some peculiarities that distinguish it from other files. The first characteristic is that, on the first line, there is the word REGEDIT4. This word is to let the file be recognized by the Registry Editor as a registry file. Then you will find a list of information that is effectively data for the registry.

Any keys are declared in quadric bracket, with full pathname so: [HKEY_USERS\.Default\Software] indicates: "the subkey Software, under .Default, under HKEY_USERS". Any key of the path that doesn't exist will be created.

After the key declaration you will see a list of values that are to be set under that key.
The values look like this:

"value name"=type:value
Value name is in double commas. Type can be absent for string values, dword: for dword values and hex: for binary values. For all other values you have to use the code hex(#): , where # indicate the API code of the type.
So:
"My string" = "string value" is a string
"My dword" = dword:123456789 is a dword
"My binary" = hex:AA,BB,CC is a standard binary
"My other type" = hex(2):AA,BB,00 is an expand string

Note: expand string has API code = 2 and extended string has API code = 7.

As you can see, strings are in double quotes, dword is hexadecimal and binary is a sequence of hexadecimal byte pairs, with a comma between each. If you want to add a back slash into a string remember to repeat it two times, so the value "c:\Windows" will be "c:\\Windows".
Before write a new .reg file, be sure to do it correctly, as it could be very dangerous make an error!

Note: before writing any expanded or extended strings, you need other information, but I don't think you would be interested, unless you are a programmer :-) .

back to top



~ Conclusions ~

My Short registry introduction ends here. My objective was to help everybody understand this mysterious registry thing. If you are a developer, or a registry expert, you probably have not found anything new, but if you are a beginner I hope you have learned something new.

In any case pay attention when modifying the registry, unless you want to reinstall the operating system.

back to top
Back to REGISTRY Page