Registry intro

Networking/Security Forums -> Windows

Author: The_Real_GandalfLocation: Athens,Greece PostPosted: Tue Oct 11, 2005 4:18 pm    Post subject: Registry intro
    ----
We all have heard of registry in windows and many modifications and that many actions should start from there. But what does the term registry , really mean?
It is a small ,essential part of the windows OS ,that is responsible of keeping all necessary info about all the applications installed and running in the windows OS. Each application has a valid key ,that is used when it is "called" to function.But lets take the things from the beginning.

Registry has four sub-parts ,that characterize its structure.

Registry>Trees>Hives>Keys>Values. The functions and the information of each program are stored in a sub-category like this and create a value ,in there.

TREES

HKEY_CLASSES_ROOT.
(associated key to hkey_local_machine\software_classes)

This tree is containing OLE informations ,like system shortcuts and links for files in the system.

HKEY_LOCAL_MACHINE

This tree contains info about the system devices, adjustments for virtual memory, boot parameters ,etc.

HKEY_CURRENT_USER
(hkey_users)

Contains all info about the user's profile in the system, who is logged on at the present time.

HKEY_CURRENT_CONFIG

This tree contains all hardware info about the computer and the network.

Now these trees have as sub-categories some certain hives. For instance HKEY_LOCAL_MACHINE is aparted by
Hardware
Sam
Security
Software
System
The Hives can be stored in two points. Either in the Hard Drive or can be created in the memory each time the OS boots. The two files created for the hives are called registry file and log file. The first one contains all the real data for the registry and the log file just has all the modifications that have been made to these data.

REG KEYS

These are organizational units that can be used as index for your registry. There could be huge number of them in your system's registry. Their architecture is similar to your folders and files. They too are using a same calling symbol for the registry as your files do for the explorer of the system. Those keys are containing data ,values and subkeys which contain also subkeys and values and so on.

VALUES

This is the foundation of the registry part and are specially designed to carry data for a specific API or procedure of windows OS. These values are divided in five basic types of categories.
REG_DWORD some numeric data that have a 32 bits size
REG_BINARY numeric data with various sizes.
REG_EXPAND_SZ alphanumeric data forms of any size. They are modified by the use and the passing of time. They are usually responsible for system and application parameters.
REG_MULTI_SZ same as above ,but now each alphanumeric char is separated from each other by the char NULL. This value is usually responsible for info about lists like the pull down menu.
REG_SZ this contains an alphanumeric value ,with various sizes ,but stable. No changes are applied to them.

Now that a simple explanation of the registry structure has been given ,we can proceed to the way it is used by your OS. The first time your registry is accessed is by the time your OS starts. After that the registry is under constant access by the windows and the changes to it are, too many to be counted.
Modifications to it can be done by the use of control panel and its utilities or by just using a simple application in your computer.
You can also use registry editor and do a manually change of the data in the registry.For win9x you can type regedit at the run prompt field ,for Windows NT,XP,W2K you can go to run command and type mmc or regedit again.

CAUTION!!!: any manually change to the registry can cause serious damage to your system. This is to be done on your own responsibility CAUTION!!!

you should also check in the internet tutorials on how to change,add or remove a key or a value in your registry. Also check on how to take a backup and restore it ,before you proceed in any kind of manually actions in it.
Hope this text has clear out some issues of yours on this topic.If you have any more questions ,I will be pleased to help you out.

Gandalf

Author: Leewy PostPosted: Sat Oct 28, 2006 4:28 pm    Post subject: Registry intro
    ----
Hi

Any idea where are the registry files stored. which directories they are stored?

Thanks
Leewy

Author: mdhyde PostPosted: Wed May 28, 2008 8:36 pm    Post subject: Reg file locations
    ----
In Windows XP, 2000, and 2003 there are several Registry files. These files are named without a file extension and are stored in the Windows\System32\Config folder. These files are named Software, System, SAM, Security, Default, and UserDiff. There is one more Registry file, NTuser.dat. In Windows XP, 2000 and 2003. NTuser.dat is stored in the users folder under the Documents and Settings folder. Each user has their own NTuser.dat file. The NTuser.dat file stores all settings that each user selects; these settings will override settings stored in the System file.

There is also another set of Registry files which got saved to Windows\Repair during the initial installation. These files never get updated though.

If you use these to repair your registry, it will revert you back to "windows is not setting up" of an install. This is useful if you have backups of keys or intact system restore files.

We used this once to overcome a virus. The virus disabled system restore and corrupted our registry. We used the repair registry files to bring the system online without the virus. We then manually found the system restore files and "went back in time" to a copy of the registry that existed before the virus got hold of the machine.

Author: jacob2287 PostPosted: Fri Oct 09, 2009 8:20 am    Post subject:
    ----
By registry editing in HKEY_LOCAL_MACHIN WINDOW LOGON property i can display message as i want , but i want to display an image instead of text so if anybody knows than please let me inform.

Author: prestonwatson PostPosted: Fri Dec 04, 2009 8:27 am    Post subject:
    ----
Hi Gandalf,

It's very true that most of us would have heard about registry in windows. This is because of you that we came to know about it in deep. I didn't had any wide idea about the registry before I have read this comment. The entire credit goes to you. Thanks a lot and keep updating with such new information.

Author: kincean PostPosted: Fri Dec 04, 2009 11:00 am    Post subject: registry problem
    ----
If the obsolete registry hasn't been cleaned in time, it might cause a series of problems like startup failure.

http://ezinearticles.com/?Windows-Xp-Startup-Problems---3-Easy-Ways-to-Fix-Windows-Xp-Startup-Problems&id=3087747

Author: jgt1942 PostPosted: Sun Jan 10, 2010 6:59 am    Post subject:
    ----
Good intro for the registry, I have a question for you. I'm attempting to set up a bat file to export a registry key for Outlook (Win7 & OL 2007). I can edit the registry and export the key but I want to export it on a weekly basis thus the bat file.

I read the article at http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/AdminTips/Utilities/XPcommandlineregistrytool.html and based on this I created the following line for my bat file:

REG EXPORT HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook I:\BU\Outlook\Registry\W700-Outlook.reg /y

It fails with a syntax error and I know the path is correct, I copied it from the REG file when I manually did the export. I've also tried the line in a CMD window and again it fails. What the heck am I doing wrong?

Author: arthur38 PostPosted: Tue Apr 06, 2010 2:49 pm    Post subject: afraid to mess with the registry files for start orb
    ----
hi all
I've got a question ......... if i want to change my windows vista start orb { start button } i.e replace the trademark windows embellum by something else how should i do it ....... i've followed alot of videos concerning this on youtube , but they are all for windows 7 ...... none for vista , none that i could locate anyway . any suggestion would be much appreciated . thanks in advance .

Author: alexcarlson PostPosted: Thu Apr 15, 2010 6:37 am    Post subject:
    ----
I didn't had any wide idea about the registry before I have read this comment. The entire credit goes to you. Thanks a lot and keep updating with such new information.

Author: alexcarlson PostPosted: Fri Apr 16, 2010 12:35 pm    Post subject:
    ----
Dear Leewy,
The location of your registry files depends on your version of windows.
If you delete the registry files, then depending on which you delete, something will stop working whether windows, or just some installed software or part of windows.

If you have a virus, you are better off getting and installing a good Anti Virus product and repairing the damage that way.Your other option is to format the hard rive and start over with a clean install of windows.

Good luck.

Author: GroovicusLocation: Centerville, South Dakota PostPosted: Fri Apr 16, 2010 4:12 pm    Post subject:
    ----
Not sure if you realized or not, but this post is 4 years old. I doubt Leewy still needs help.



Networking/Security Forums -> Windows


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group