by April 1, 2000 0 comments

Windows registry is a hierarchical database that contains virtually all
information about your PC’s configuration. Under previous versions of
Windows, these settings were contained in files like config.sys,
autoexec.bat, win.ini, system.ini, control.ini, and so on. The structure of
the registry is similar to the INI file structure. However, it goes beyond
the concept of INI files, as it offers a hierarchical structure similar to
the folders and files on your hard disk. In fact, you access the elements of
the registry the same way you access folders and files.

Here, I examine only the Win
95/98 registry, though the NT registry is also quite similar.

The registry editor
The registry editor–regedit.exe–is a utility that allows you to see,
search, modify, and save the Windows registry database. It doesn’t
validate the values you’re writing, but allows any operation. So you have
to pay close attention while using it to modify your registry.

To launch the registry
editor, run regedit.exe (under Win NT, run regedt32.exe with administrator

The registry editor is
divided into two panes. The one on the left shows you a hierarchical
structure of the database (the screen looks like Windows Explorer), and the
one on the right shows the values.

The registry is organized
into keys and sub keys. Each key contains a value entry, and has a name, a
type or class, and the value itself. The name is a string that identifies
the key. The length and the format of the value depends on the data type.

The registry is divided into
five principal keys–there’s no way to add or delete keys at this level.
Only two of these keys are effectively saved on the hard disk–HKEY_LOCAL_MACHINE
and HKEY_USERS. The others are just branches of the main keys or are
dynamically created by Windows.

This key contains hardware, applications, and services information. A lot of
hardware information is updated automatically when the computer boots. The
data stored in this key is shared with any user. This handle has many sub

Config:  Contains
configuration data for different hardware configurations.

Enum:  This
is the device data. For each device in your computer, you can find
information such as the device type, the hardware manufacturer, device
drivers, and the configuration.

Contains a list of serial ports, processors, and floating-point

Contains network information.

Shows you network security information.

Software: This key
contains data about installed software.

System Contains data that
checks which device drivers are used by Windows and how they’re

Command line registry arguments

merge a .reg file with the registry

/L:SYSTEM To specify the
position of SYSTEM.DAT

/R:USER To specify the position

/e FILENAME.REG [KEY] To export
the registry to a file. If the key is specified, the whole branch will
be exported.

/c FILENAME.REG To substitute
the entire registry with a .reg file

/s To work without prompt
information or Warnings.

This key is an alias of the branch HKEY_LOCAL_MACHINE\Software\Classes and
contains OLE, drag-n-drop, shortcut, and file association information.

This key is also an alias. It contains a copy of the branch HKEY_LOCAL_
MACHINE\Config, with the current computer configuration.

Some information stored in the registry changes frequently, so Windows
maintains part of the registry in memory instead of the hard disk. For
example, this key stores plug-n-play information and computer performance.
This key has two sub keys.

Config Manager This key
contains all hardware information problem codes, with their status. There’s
also the sub key HKEY_LOCAL_MACHINE\Enum, but it’s written in a different

PerfStats It contains
performance data about the system and the network.

This important key contains the sub key .default and another key for each
user who has access to the computer. If there’s only one user, only the
.default key exists. Each sub key maintains the preferences of each user–the
desktop colors, the fonts used, and also the settings of many programs. A
user sub key contains five important sub keys.

AppEvent Contains the path of
audio files that Windows plays on specific events, such as emptying the
recycle bin, etc.

Control panel Contains the
settings defined in the Control Panel. These used to be stored in win.ini
and control.ini.

Keyboard layouts It contains
some advanced code that identifies the actual keyboard disposition and how
it is set into the Control Panel.

Network This key stores sub
keys that describe current and recent network shortcuts.

RemoteAccess The settings of
Remote Access are stored here.

Software Contains all
software settings. This data used to be stored in win.ini and private INI
files earlier. HKEY_CURRENT_USER

This is an alias to the current user of HKEY_USERS. If your computer is not
configured for usage by several users, it points to the sub key .default of

The .reg file
A .reg file is created when you export your registry. You can also write
your own .reg file. Here, I assume that you already have a .reg file on your
hard disk and want to know more about how it’s structured. Don’t double
click the .reg file or its contents will be added to the registry (of
course, a warning message will pop up). To view the properties of the .reg
file, open it in Notepad.

To do so, launch Notepad from

Then, through the open menu,
open the .reg file.

What differentiates .reg
files from other files is the word "REGEDIT4". This is the first
word in all .reg files. If this word is not there, the registry editor can’t
recognize the file as a .reg file.

This word will be followed by
a key declaration. This will be within square brackets and with the full
path. If the key doesn’t exist then it will be created.

After the key declaration,
you’ll see a list of values that have to be set in the particular key in
the registry. The values look like this:

"value name"=type:value

The value name is in double
quotes. "Type" can be absent for string values. dword: is used for
dword values and
hex: for binary values. For all other values, you have to use the code
hex(#):, where "#" indicates the API code of the type.

Here are some examples of

"My string" =
"string value" is a string

"My dword" =
dword:123456789 is a dword

"My binary" =
hex:AA,BB,CC is a standard binary

"My other type"
= hex(2):AA,BB,00 is an expand string

Expand string has API
code=2 and extended string has API code=7.

As you can see, strings are
in double quotes, dword is hexadecimal, and binary is a sequence of
hexadecimal byte pairs, with a comma between each. If you want to add a
backslash into a string, remember to repeat it twice while writing a .reg
file, so the value "c:\Windows" will be "c:\\Windows".

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.