• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Registry intro

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Windows

View previous topic :: View next topic  
Author Message
The_Real_Gandalf
Trusted SF Member
Trusted SF Member


Joined: 14 Apr 2004
Posts: 0
Location: Athens,Greece

Offline

PostPosted: Tue Oct 11, 2005 4:18 pm    Post subject: Registry intro Reply with quote

We all have heard of registry in windows and many modifications and that many actions should start from there. But what does the term registry , really mean?
It is a small ,essential part of the windows OS ,that is responsible of keeping all necessary info about all the applications installed and running in the windows OS. Each application has a valid key ,that is used when it is "called" to function.But lets take the things from the beginning.

Registry has four sub-parts ,that characterize its structure.

Registry>Trees>Hives>Keys>Values. The functions and the information of each program are stored in a sub-category like this and create a value ,in there.

TREES

HKEY_CLASSES_ROOT.
(associated key to hkey_local_machine\software_classes)

This tree is containing OLE informations ,like system shortcuts and links for files in the system.

HKEY_LOCAL_MACHINE

This tree contains info about the system devices, adjustments for virtual memory, boot parameters ,etc.

HKEY_CURRENT_USER
(hkey_users)

Contains all info about the user's profile in the system, who is logged on at the present time.

HKEY_CURRENT_CONFIG

This tree contains all hardware info about the computer and the network.

Now these trees have as sub-categories some certain hives. For instance HKEY_LOCAL_MACHINE is aparted by
Hardware
Sam
Security
Software
System
The Hives can be stored in two points. Either in the Hard Drive or can be created in the memory each time the OS boots. The two files created for the hives are called registry file and log file. The first one contains all the real data for the registry and the log file just has all the modifications that have been made to these data.

REG KEYS

These are organizational units that can be used as index for your registry. There could be huge number of them in your system's registry. Their architecture is similar to your folders and files. They too are using a same calling symbol for the registry as your files do for the explorer of the system. Those keys are containing data ,values and subkeys which contain also subkeys and values and so on.

VALUES

This is the foundation of the registry part and are specially designed to carry data for a specific API or procedure of windows OS. These values are divided in five basic types of categories.
REG_DWORD some numeric data that have a 32 bits size
REG_BINARY numeric data with various sizes.
REG_EXPAND_SZ alphanumeric data forms of any size. They are modified by the use and the passing of time. They are usually responsible for system and application parameters.
REG_MULTI_SZ same as above ,but now each alphanumeric char is separated from each other by the char NULL. This value is usually responsible for info about lists like the pull down menu.
REG_SZ this contains an alphanumeric value ,with various sizes ,but stable. No changes are applied to them.

Now that a simple explanation of the registry structure has been given ,we can proceed to the way it is used by your OS. The first time your registry is accessed is by the time your OS starts. After that the registry is under constant access by the windows and the changes to it are, too many to be counted.
Modifications to it can be done by the use of control panel and its utilities or by just using a simple application in your computer.
You can also use registry editor and do a manually change of the data in the registry.For win9x you can type regedit at the run prompt field ,for Windows NT,XP,W2K you can go to run command and type mmc or regedit again.

CAUTION!!!: any manually change to the registry can cause serious damage to your system. This is to be done on your own responsibility CAUTION!!!

you should also check in the internet tutorials on how to change,add or remove a key or a value in your registry. Also check on how to take a backup and restore it ,before you proceed in any kind of manually actions in it.
Hope this text has clear out some issues of yours on this topic.If you have any more questions ,I will be pleased to help you out.

Gandalf
Back to top
View user's profile Send private message Visit poster's website AIM Address
Leewy
Just Arrived
Just Arrived


Joined: 27 Oct 2006
Posts: 0


Offline

PostPosted: Sat Oct 28, 2006 4:28 pm    Post subject: Registry intro Reply with quote

Hi

Any idea where are the registry files stored. which directories they are stored?

Thanks
Leewy
Back to top
View user's profile Send private message
mdhyde
Just Arrived
Just Arrived


Joined: 28 May 2008
Posts: 0


Offline

PostPosted: Wed May 28, 2008 8:36 pm    Post subject: Reg file locations Reply with quote

In Windows XP, 2000, and 2003 there are several Registry files. These files are named without a file extension and are stored in the Windows\System32\Config folder. These files are named Software, System, SAM, Security, Default, and UserDiff. There is one more Registry file, NTuser.dat. In Windows XP, 2000 and 2003. NTuser.dat is stored in the users folder under the Documents and Settings folder. Each user has their own NTuser.dat file. The NTuser.dat file stores all settings that each user selects; these settings will override settings stored in the System file.

There is also another set of Registry files which got saved to Windows\Repair during the initial installation. These files never get updated though.

If you use these to repair your registry, it will revert you back to "windows is not setting up" of an install. This is useful if you have backups of keys or intact system restore files.

We used this once to overcome a virus. The virus disabled system restore and corrupted our registry. We used the repair registry files to bring the system online without the virus. We then manually found the system restore files and "went back in time" to a copy of the registry that existed before the virus got hold of the machine.
Back to top
View user's profile Send private message
jacob2287
Just Arrived
Just Arrived


Joined: 09 Oct 2009
Posts: 0


Offline

PostPosted: Fri Oct 09, 2009 8:20 am    Post subject: Reply with quote

By registry editing in HKEY_LOCAL_MACHIN WINDOW LOGON property i can display message as i want , but i want to display an image instead of text so if anybody knows than please let me inform.
Back to top
View user's profile Send private message
prestonwatson
Just Arrived
Just Arrived


Joined: 02 Dec 2009
Posts: 0


Offline

PostPosted: Fri Dec 04, 2009 8:27 am    Post subject: Reply with quote

Hi Gandalf,

It's very true that most of us would have heard about registry in windows. This is because of you that we came to know about it in deep. I didn't had any wide idea about the registry before I have read this comment. The entire credit goes to you. Thanks a lot and keep updating with such new information.
Back to top
View user's profile Send private message Send e-mail
kincean
Just Arrived
Just Arrived


Joined: 04 Dec 2009
Posts: 0


Offline

PostPosted: Fri Dec 04, 2009 11:00 am    Post subject: registry problem Reply with quote

If the obsolete registry hasn't been cleaned in time, it might cause a series of problems like startup failure.

http://ezinearticles.com/?Windows-Xp-Startup-Problems---3-Easy-Ways-to-Fix-Windows-Xp-Startup-Problems&id=3087747
Back to top
View user's profile Send private message
jgt1942
Just Arrived
Just Arrived


Joined: 10 Jan 2010
Posts: 0


Offline

PostPosted: Sun Jan 10, 2010 6:59 am    Post subject: Reply with quote

Good intro for the registry, I have a question for you. I'm attempting to set up a bat file to export a registry key for Outlook (Win7 & OL 2007). I can edit the registry and export the key but I want to export it on a weekly basis thus the bat file.

I read the article at http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/AdminTips/Utilities/XPcommandlineregistrytool.html and based on this I created the following line for my bat file:

REG EXPORT HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook I:\BU\Outlook\Registry\W700-Outlook.reg /y

It fails with a syntax error and I know the path is correct, I copied it from the REG file when I manually did the export. I've also tried the line in a CMD window and again it fails. What the heck am I doing wrong?
Back to top
View user's profile Send private message
arthur38
Just Arrived
Just Arrived


Joined: 01 Apr 2010
Posts: 0


Offline

PostPosted: Tue Apr 06, 2010 2:49 pm    Post subject: afraid to mess with the registry files for start orb Reply with quote

hi all
I've got a question ......... if i want to change my windows vista start orb { start button } i.e replace the trademark windows embellum by something else how should i do it ....... i've followed alot of videos concerning this on youtube , but they are all for windows 7 ...... none for vista , none that i could locate anyway . any suggestion would be much appreciated . thanks in advance .
Back to top
View user's profile Send private message
alexcarlson
Lamer
Lamer


Joined: 13 Apr 2010
Posts: 0


Offline

PostPosted: Thu Apr 15, 2010 6:37 am    Post subject: Reply with quote

I didn't had any wide idea about the registry before I have read this comment. The entire credit goes to you. Thanks a lot and keep updating with such new information.
Back to top
View user's profile Send private message
alexcarlson
Lamer
Lamer


Joined: 13 Apr 2010
Posts: 0


Offline

PostPosted: Fri Apr 16, 2010 12:35 pm    Post subject: Reply with quote

Dear Leewy,
The location of your registry files depends on your version of windows.
If you delete the registry files, then depending on which you delete, something will stop working whether windows, or just some installed software or part of windows.

If you have a virus, you are better off getting and installing a good Anti Virus product and repairing the damage that way.Your other option is to format the hard rive and start over with a clean install of windows.

Good luck.
Back to top
View user's profile Send private message
Groovicus
Trusted SF Member
Trusted SF Member


Joined: 19 May 2004
Posts: 9
Location: Centerville, South Dakota

Offline

PostPosted: Fri Apr 16, 2010 4:12 pm    Post subject: Reply with quote

Not sure if you realized or not, but this post is 4 years old. I doubt Leewy still needs help.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Windows All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register