What is Windows registry (Registry Keys)

[Guest Omar Abid]

Find this tutorial and more on http://thedotnetsource.blogspot.com

Reason of this project:

I wrote this tutorial in order to help the hundred of programmers

searching on the web for Windows registry.

This is an like introduction, if you are seeking how to use and deploy

the registry keys with Vb.net, just see the next tutorial (It'll be

tutorial 6).

In this tutorial I'll show what is the windows registry system and why

use it.

 

Project details:

1- What is Windows registry and why use it

2- How to read, write and change the registry

3- HIVES and their use

4- Definition of registry values

 

1- What is Windows registry and why use it.

 

You can compare the Windows registry to a database. It stores

informations related to Windows and other installed application on

your system, but also Hardware.

Think now if someone need to change the computer name via programming.

How can he do this?

Programmers can think of files (text files) to store the computer and

windows information. But when file get big and heavy, Database will be

more secure. And then they had (Windows builder) the choice of a

database "Windows Registry".

Microsoft Dot Net Frame 1.1 and higher have implemented a great

solution for registry on their classes. This will replace the hard

work and long lines of code that programmers have to write if they are

using Visual Studio 6.0 for example.

 

2- How to read, write and change the registry

 

Windows has a wonderful tool on it, named "Registry Editor". But you

won't find it, unless you open the System32 folder on the Windows

folder.

But we can easily run it through the execute command it the start

menu. Just type "regedit" (without quotes).

Now the registry editor will open.

Please before doing any changes on your registry make a backup.

To do a windows registry backup: File > Export > Give a name for the

file and select the All option box.

The backup may block your pc from working for a short period of time.

You'll see that there are 5 folder. Those are the main folder (named

hives) and you can't add another main folder.

Now you can select any folder and right click on it, then add a new

sub-folder or value.

By selecting any folder and right clicking, you'll find a list of

action that you can do.

If the action is blended (made not selectable), then either it's

impossible or you don't have the rights to do this action.

You need administrator rights to change registry keys.

 

3- HIVES (main registry folders) and their use

 

The registry is split into a number of logical sections named "hives",

those are the top main folder that can added, edited or renamed.

They all start with "HKEY" prefix.

 

HKEY_CLASSES_ROOT

Stores information about registered applications, such as Associations

from File Extensions and OLE Object Class ID's tying them to the

applications used to handle these items.

HKEY_CURRENT_USER

Stores settings that are specific to the currently logged-in user. The

HKCU key is a link to the subkey of HKEY_USERS that corresponds to the

user; the same information is reflected in both locations. On Windows-

NT based systems, each users' settings are stored in their own files

called NTUSER.DAT and USRCLASS.DAT inside their own documents and

settings subfolder.

HKEY_LOCAL_MACHINE

Abbreviated HKLM, HKEY_LOCAL_MACHINE stores settings that are general

to all users on the computer. On NT-based versions of Windows, HKLM

contains four subkeys, SAM, SECURITY, SOFTWARE and SYSTEM, that are

found within their respective files located in the %SystemRoot%

\System32\Config folder. A fifth subkey, HARDWARE, is volatile and is

created dynamically, and as such is not stored in a file. Information

about system hardware drivers and services are located under the

SYSTEM subkey, whilst the SOFTWARE subkey contains software and

windows settings.

HKEY_USERS

Contains subkeys corresponding to the HKEY_CURRENT_USER keys for each

user registered on the machine.

HKEY_CURRENT_CONFIG

Contains information gathered at runtime; information stored in this

key is not permanently stored on disk, but rather regenerated at boot

time.

 

4- Definition of registry values

 

Binary Value

REG_BINARY

Raw binary data. Most hardware component information is stored as

binary data and is displayed in Registry Editor in hexadecimal

format.

DWORD Value

REG_DWORD

Data represented by a number that is 4 bytes long (a 32-bit integer).

Many parameters for device drivers and services are this type and are

displayed in Registry Editor in binary, hexadecimal, or decimal

format. Related values are DWORD_LITTLE_ENDIAN (least significant byte

is at the lowest address) and REG_DWORD_BIG_ENDIAN (least significant

byte is at the highest address).

Expandable String Value

REG_EXPAND_SZ

A variable-length data string. This data type includes variables that

are resolved when a program or service uses the data.

Multi-String Value

REG_MULTI_SZ

A multiple string. Values that contain lists or multiple values in a

form that people can read are generally this type. Entries are

separated by spaces, commas, or other marks.

String Value

REG_SZ

A fixed-length text string.

Binary Value

REG_RESOURCE_LIST

A series of nested arrays that is designed to store a resource list

that is used by a hardware device driver or one of the physical

devices it controls. This data is detected and written in the

\ResourceMap tree by the system and is displayed in Registry Editor in

hexadecimal format as a Binary Value.

Binary Value

REG_RESOURCE_REQUIREMENTS_LIST

A series of nested arrays that is designed to store a device driver's

list of possible hardware resources the driver or one of the physical

devices it controls can use. The system writes a subset of this list

in the \ResourceMap tree. This data is detected by the system and is

displayed in Registry Editor in hexadecimal format as a Binary Value.

Binary Value

REG_FULL_RESOURCE_DESCRIPTOR

A series of nested arrays that is designed to store a resource list

that is used by a physical hardware device. This data is detected and

written in the \HardwareDescription tree by the system and is

displayed in Registry Editor in hexadecimal format as a Binary Value.

None

REG_NONE

Data without any particular type. This data is written to the registry

by the system or applications and is displayed in Registry Editor in

hexadecimal format as a Binary Value

Link

REG_LINK

A Unicode string naming a symbolic link.

QWORD Value

REG_QWORD

Data represented by a number that is a 64-bit integer. This data is

displayed in Registry Editor as a Binary Value and was introduced in

Windows 2000.

 

This tutorial doesn't contain any source.

See http://thedotnetsource.blogspot.com for the latest tutorials and

updates.

 

The Zip file contains:

-The readme.txt file

-The tutorial.txt file

 

Still have question:

Go to our blog (http://thedotnetsource.blogspot.com). Select the

tutorial post. Post a comment describing your problem.