Intro

The Window Registry stores settings and options for the Windows operating system (OS). This includes not just configurations for the OS itself, but also many configurations for hardware and software in the system. The Windows Registry consolidated the many configuration files (.ini) that were around before the 32-bit versions of Windows.

WARNING! Messing with the registry can seriously screw up your machine. Do not fiddle with it unless you know what you are doing.

Structure

The Windows Registry consists of name and data pairs (called values) arranged into a hierarchy of folders (called keys). The nomenclature is somewhat misleading because they are carry overs from Windows 3 ( the 16-bit version), when each key had only one string value. Now each key can actually hold multiple values or, in essence, an associative array.

There are several top level keys called hives which all begin with "HKEY". Parts of HKCU, HKLM, and HKU are structured similarly but apply in different scopes.

  1. HKEY_CLASSES_ROOT (HKCR). For registered apps, file associations, and OLE Object Class IDs.
  2. HKEY_CURRENT_USER (HKCU). For the currently logged in user. Also stored in NTUSER.DAT and USRCLASS.DAT files for each user.
  3. HKEY_LOCAL_MACHINE (HKLM). For the machine. For Win NT+, this has several sub-keys. All but HARDWARE also have corresponding files in %SystemRoot%\System32\Config.
    • HARDWARE. Volatile hardware data, i.e. created dynamically and has no corresponding persisted file.
    • SAM
    • SECURITY
    • SOFTWARE. For Windows OS and non-Windows software.
    • SYSTEM. For system hardware drivers and services.
  4. HKEY_USERS (HKU). Like HKCU, but for each user on the machine.
  5. HKEY_CURRENT_CONFIG (HKCC). Volatile runtime data, i.e. created dynamically and has no corresponding persisted file.
  6. HKEY_PERFORMANCE_DATA (HKPD). Performance data by the OS and othe apps. Not visible via the Registry Editor.
  7. HKEY_DYN_DATA (HKDD). Volatile hardware data for Win 95, Win 98, and Win ME only.

The values come in 12 different data types:

  1. REG_NONE
  2. REG_SZ. A fixed-length string.
  3. REG_EXPAND_SZ. A variable-length string. EG: "%windir%\\calc.exe".
  4. REG_BINARY. Shown in Registry Editor in hexadecimal.
  5. REG_DWORD/REG_DWORD_LITTLE_ENDIAN. An 4-byte or 32-bit unsigned integer.
  6. REG_DWORD_BIG_ENDIAN. An 4-byte or 32-bit unsigned integer.
  7. REG_LINK
  8. REG_MULTI_SZ
  9. REG_RESOURCE_LIST
  10. REG_FULL_RESOURCE_DESCRIPTOR
  11. REG_RESOURCE_REQUIREMENTS_LIST
  12. REG_QWORD/REG_QWORD_LITTLE_ENDIAN. An 8-byte or 64-bit integer.

Editing

The typical user access the Windows Registry by running the regedit command, which opens up the Registry Editor. Win 9X had regedit.exe. Win NT and Win 2000 had regedit.exe and regedit32.exe. Win XP combined both versions into a new regedit.exe.

.REG files are text-based human readable files for handling potions of the Window Registry. The reg.exe utility tool can be run from the command line to maniuplate the Windows Registry as well as .REG files.

Here is an example of programmatically accessing the Windows Registry via Windows Script Host (WSH) using JavaScript/JScript.

var WshShell = WScript.CreateObject("WScript.Shell");

// Set/Create/Add key and its default value:
WshShell.RegWrite ("HKCU\\Software\\TEST\\MyKey\\", 1, "REG_BINARY");
// Set/Create/Add/Change value in a key:
WshShell.RegWrite ("HKCU\\Software\\TEST\\MyKey\\MyValue", "foobar", "REG_SZ");

// Get/Read default data of a key:
var bKey =    WshShell.RegRead ("HKCU\\Software\\TEST\\MyKey\\");
// Get/Read data of a value:
WScript.Echo (WshShell.RegRead ("HKCU\\Software\\TEST\\MyKey\\MyValue"));

// Delete value:
WshShell.RegDelete ("HKCU\\Software\\TEST\\MyKey\\MyValue");
// Delete key:
WshShell.RegDelete ("HKCU\\Software\\TEST\\MyKey\\");
// Delete key:
WshShell.RegDelete ("HKCU\\Software\\TEST\\");

WSH can only write these data types: REG_SZ, REG_EXPAND_SZ, REG_BINARY, and REG_DWORD. WSH can only read these data types: REG_SZ, REG_EXPAND_SZ, REG_MULTI_SZ, REG_BINARY, and REG_DWORD.



GeorgeHernandez.comSome rights reserved