Windows Registry Explained
Registry is considered as one of the most brain bombing part of Microsoft Windows OS. From quite some time I am trying to understand it bit by bit. So here I want share what are basics of Windows registry so that next time when you look at it you must scratch your head because you don’t understand a thing.
What is Windows registry?
Windows Registry is hierarchical database of information that Windows OS stores to use and configure system. Registry can be used for by system itself, installed applications as well as system variables and environment. Registry is tree based hierarchical structure to offer access to data stored in any format. Without Registry Windows is nothing but OS with just installed programs with no use at all that means without Registry Windows is just a blank OS. Information stored in Registry comes from installation of system, installation of device drivers, installation or removal of application, from booting and also from manual editing.
Structure Of Windows Registry:
Windows Registry is tree bases hierarchical database in which your computer acts as main stem to other five branches. These five branches are,
HKEY_CLASSES_ROOT, AKA HKCR
HKEY_CURRENT_USER, AKA HKCU
HKEY_LOCAL_MACHINE, AKA HKLM
HKEY_USER, AKA HKU
HKEY_CURRENT_CONFIG, AKA HKCC
As you can see each branch begins with HKEY where HKEY means “hive key” where HKEY is known as hive key handler used for programming. Handles are provided by Application Programming Interface (API) stored as function in winreg.h file. Other terms than HKEY in registry denotes the following,
ROOT: Branch or hive stores all information about system root that includes information about files, extentions and their associations with different programs. It also stores differences between system root files and application files and associations.
CURRENT USER: Branch or hive stores information about active user and his files, folders and permissions. Also stores information about his language preference, keyboard layout, application and file permissions, access to device and controls etc.
LOCAL MACHINE: Branch or hive stores information about current machine information including available components, device, software accessing hardware, hardware access security, information about Hardware Abstraction Layer (HAL).
USER: Branch or hive stores information about default values of setting stored for every user available in system. If you will see CURRENT USER and USER you’ll find most of them have very similar values because one of the most common feature of registry is key duplication. That means the information appearing same at two different levels aren’t different but are same as previous one, so rather than creating it again they create an alias for same key name and point to it via another hive that’s what happens in case of USER and CURRENT USER.
CURRENT CONFIG: Branch or hive contains information about current configuration, system and software information.
After going carefully through registry you’ll find ROOT and LOCAL MACHINE have almost same set of information though they are represented in different forms this is also an example of data duplication.
Data Types For Different Keys Available: Values for keys can be termed as different data-types defined for registry. Though there are many different types of values here we will discus the most used one.
1.String Value: Are easiest values to edit since you just have to type string and done. Can some times be used for directory path and services.
2.Binary Value: Are nothing but binary values defined for program, service or file. May have different set of values but usually denotes only true or false values and can also be represented in hexadecimal form.
3.DWORD Value:
1 Nybble=4 bits= 1/2 byte
1 Byte=8 bits=1/2 word
1 Word=2 bytes= 16 bits
So a DWORD is nothing but a 32 bits hexadecimal or decimal value. Same also applies to QWORD with 64bits value.
4.MULTI STRING Value: Are used for storing multi line string values
5.UNKNOWN Value: It is used when it is not possible to determine data-type.
So here’s basic description of Windows Registry. I tried to explain only basics since real understanding of Registry needs a good practice of playing with these keys. I hope above information becomes useful to you.
What is Windows registry?
Windows Registry is hierarchical database of information that Windows OS stores to use and configure system. Registry can be used for by system itself, installed applications as well as system variables and environment. Registry is tree based hierarchical structure to offer access to data stored in any format. Without Registry Windows is nothing but OS with just installed programs with no use at all that means without Registry Windows is just a blank OS. Information stored in Registry comes from installation of system, installation of device drivers, installation or removal of application, from booting and also from manual editing.
Structure Of Windows Registry:
Windows Registry is tree bases hierarchical database in which your computer acts as main stem to other five branches. These five branches are,
HKEY_CLASSES_ROOT, AKA HKCR
HKEY_CURRENT_USER, AKA HKCU
HKEY_LOCAL_MACHINE, AKA HKLM
HKEY_USER, AKA HKU
HKEY_CURRENT_CONFIG, AKA HKCC
As you can see each branch begins with HKEY where HKEY means “hive key” where HKEY is known as hive key handler used for programming. Handles are provided by Application Programming Interface (API) stored as function in winreg.h file. Other terms than HKEY in registry denotes the following,
ROOT: Branch or hive stores all information about system root that includes information about files, extentions and their associations with different programs. It also stores differences between system root files and application files and associations.
CURRENT USER: Branch or hive stores information about active user and his files, folders and permissions. Also stores information about his language preference, keyboard layout, application and file permissions, access to device and controls etc.
LOCAL MACHINE: Branch or hive stores information about current machine information including available components, device, software accessing hardware, hardware access security, information about Hardware Abstraction Layer (HAL).
USER: Branch or hive stores information about default values of setting stored for every user available in system. If you will see CURRENT USER and USER you’ll find most of them have very similar values because one of the most common feature of registry is key duplication. That means the information appearing same at two different levels aren’t different but are same as previous one, so rather than creating it again they create an alias for same key name and point to it via another hive that’s what happens in case of USER and CURRENT USER.
CURRENT CONFIG: Branch or hive contains information about current configuration, system and software information.
After going carefully through registry you’ll find ROOT and LOCAL MACHINE have almost same set of information though they are represented in different forms this is also an example of data duplication.
Data Types For Different Keys Available: Values for keys can be termed as different data-types defined for registry. Though there are many different types of values here we will discus the most used one.
1.String Value: Are easiest values to edit since you just have to type string and done. Can some times be used for directory path and services.
2.Binary Value: Are nothing but binary values defined for program, service or file. May have different set of values but usually denotes only true or false values and can also be represented in hexadecimal form.
3.DWORD Value:
1 Nybble=4 bits= 1/2 byte
1 Byte=8 bits=1/2 word
1 Word=2 bytes= 16 bits
So a DWORD is nothing but a 32 bits hexadecimal or decimal value. Same also applies to QWORD with 64bits value.
4.MULTI STRING Value: Are used for storing multi line string values
5.UNKNOWN Value: It is used when it is not possible to determine data-type.
So here’s basic description of Windows Registry. I tried to explain only basics since real understanding of Registry needs a good practice of playing with these keys. I hope above information becomes useful to you.
Replies
You are reading an archived discussion.
Related Posts
So this is the second post appearing with evil in its title, the first one appeared for Evil Maid and now for Evil Twin. Hacking community is really evil on...
Bangalore based Notion Ink Design Labs Pvt. Ltd has began the pre-order of its Adam tablet. The response from all over the world is so huge that the devices with...
The campus recruitment season is on and many engineering students are preparing for the recruitment tests and personal interviews. One of the most common questions asked in interview is "What...
While browsing the Internet, I stumbled upon the term 'Precision Engineering'. I wasn't familiar with the term, so decided to find out more information about it. Upon search, I found...
Beijing, China, Dec.17, 2010 – GstarCAD, one of the world leading providers of 2D/3D CAD software, today announced the pre-release of GstarCAD 2011 version for public evaluation on Nov.30. Designed...