Windows Registry has been one of the most fascinating part of an Operating System. Each Operating system has its own way of storing important data related to User accounts, System Configuration and information related to the Software’s installed. In the earlier times when DOS was one of the main Operating system, it used to store its important data in file named CONFIG.SYS.
With the beginning of the Windows era, a stronger method was required to store the System related Data. Windows had a configuration file named SYSTEM.INI (initialization files) and WIN.INI and mostly every application had its own INI file.
The drawback of INI files was that they had a limited file size of 64KB only and each program could have only one INI file, making it a lot difficult to store settings for different users and hence Microsoft introduced Windows Registry in Windows 95 and since then Windows have always had its backbone, it Registry. Here I’ve described the basics of the Windows registry.
THE WINDOWS REGISTRY- Begins
1) win key+r or start>run
2) type “regedit.exe” or “regedit” (without quotes)
Apart from the Windows Registry Editor there are a lot of third party editors but I prefer the Windows Registry Editor.
When you open the Windows Registry Editor, it shows you the Windows Registry in a Tree form, which is very similar to folder and sub-folder structure. The registry is divided into 6 hives or branches or Root keys and each Root key holds information of a special class.
Important: Microsoft assigned a maximum size of 1MB of any object stored in a key in registry and if the data has to more than 1MB than it is stored in a separate file and a pointer is made in the registry which points to that file. This is what makes the registry small in size (mine is 131kb in size). But in Windows XP, both system and application software’s store data into the same registry and hence making the size of registry larger and as the size increases, the time required to find data in registry increases and hence the speed of system decreases.
The Root Keys: As I told there are 6 Root keys in Windows Registry and they are:
1) HKEY_CLASSES_ROOT: This branch hold information related to the file types and the actions which can be performed on them and installed software components.
“it is a mirror of the corresponding sub-branch of HKEY_LOCAL_MACHINE which is made accessible by itself as a root key for compatibility reasons”
“n Windows XP, it is a compilation of the information present in HKEY_CURRENT_USER\Software\Classes and HKEY_LOCAL_MACHINE\Software\Classes”- From Fast Track to Windows Registry.
2) HKEY_LOCAL_MACHINE: It holds information related to the System i.e. information related to installed drivers, software, configuration table of software’s etc.
I read in a book:
“Also stored here is information about software components installed in the computer. Windows supports an object-based architecture that allows software components to be used by any application. This technology has evolved since it was introduced in Windows 3 and has been known as Object Linking and Embedding (OLE), ActiveX and Component Object Model (COM). Components installed on the computer are registered in the Registry so that other programs know they are there and are able to make use of them. An example of this is Internet Explorer, whose browser component can be used by any program that needs to display web pages or other HTML-formatted data.”
3) HKEY_CURRENT_USER: This branch holds the information about the currently logged in user which includes desktop settings and other personalised information about the users settings.
4) HKEY_USER: It contains the user configuration data which realted the system users but mostly, all the applications access the users settings throught HKEY_CURRENT_USER. Each user is identified via SID i.e security identifier (SIDs differ even when two users have\had the same name)
5) HKEY_CURRENT_CONFIG: It holds all the information collected at system boot and hence this key is regenerated every time the system boots ot reboots.
6) HKEY_DYN_DATA: This branch is not found in Windows XP and Windows Vista® Home Basic and most probably other versions also(I have not yet got my hands on other Vista version’s). It holds the information related to performance and status information of different components of system. The data shown here is not stored in any file and keeps on refreshing and updated mostly by Windows Kernel or software driver. For example: when you open task manager, you can find the CPU usage, memory usage (RAM usage), Network Adapter etc and all this is fetched from this Key and displayed in Graphical form by the Task Manager. It also holds the information related to plug-n-play devices. For Windows XP and Windows Vista®, the plug-n-play data is directely merged in the main registry.
Value Types: Each Root Key in Windows Registry has sub-keys and these sub-keys have data stored in them. The Data which is stored in these keys and sub-keys is different than the normal type of Data. The data in these keys and sub-keys is stored in Binary, String and DWORD form.
1) DWORD (32 bit): It is a Four Byte to Eight Byte(16 bit to 32 bit) ranging data type generally used for BOOLEAN VALUE. Each service or component has its own default DWORD value set but mostly ‘0’ means to STOP or DISABLE and ‘1’ means to CONTINUE or START or ENABLE.
2) QWORD (64 bit): It is nothing but the DWORD value with 16 byte(64 bit) data type and was first introduced in Windows 2000.
3) STRING: It is used to store normal text.
4) BINARY: It is used to store the Binary data and used mostly for hardware components. If you have used a HEX EDITOR then you will easily understand how the data is stored in Binary form here.
5) MULTI-STRING VALUE: It is used to store a list of data seperated by ‘’ or null character. If you have used array in C++ or other programing language, you can understand the concept behind it. It is mostly used to store list of similar data which have to be fetched from a single place.
6) EXPANDABLE STRING VALUES: It is used to stored data variable which can be replaced by their value as assigned by the application using it.
Hi-ii reader's this post is very use full for any person interested in Windows Registry its the basic knowledge of Registry in further posts I'll tell you all how to edit the registry make you system work according to you.
Fast Track To Windows Registry is a good book for further consultation.
Helpful link: Wikipedia
Should also see: Registry Editing
Helpful link: Wikipedia
Should also see: Registry Editing
No comments:
Post a Comment
C & C are welcome.