Versions Compared

Old Version 1

changes.mady.by.user Evgeniya Kononova

Saved on

compared with

New Version 2

changes.mady.by.user Darya Andryieuskaya

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The registry can be edited by the regedit.exe program included in the standard set of service programs in Windows. The information is stored in two hidden files in a Windows folder: system.dat and user.dat. The registry is a hierarchical tree structure, the branches of which constitute the keys that contain values or subkeys. The registry has six main branches described in the table.

Branch name

Description

HKEY_CLASSES_ROOT

Contains the information of software configuration, including the links from file extensions to programs, drag-and-drop parameters, printer settings and COM port settings.

HKEY_CURRENT_USER

Contains user settings of the system. This section is created and populated from the HKEY_USERS section upon user logon.

HKEY_LOCAL_MACHINE

Contains the parameters of the computer, its drivers and other hardware. The data in this section is shared by all users of the computer.

HKEY_USERS

Contains the information about all users registered on the computer. There are two types of parameters – shared by all users, and specific to each user.

HKEY_CURRENT_CONFIG

Contains the information about current hardware configuration.

HKEY_DYN_DATA

Points to a subsection in the HKEY_LOCAL_MACHINE section related to Plug and Play devices. This section changes upon adding or removing devices to or from the computer.

 The branch structure is visually similar to the structure of the user folders, allowing nested branches. Figure shows the main elements of the registry.

 Image Modified

  1. Branches;
  2. Keys;
  3. Subkeys;
  4. Parameters;

...

The values in the registry can be of particular types. The most commonly used types are described in the table.

Data type

Description

Purpose

REG_DWORD

4 bytes in hexadecimal or decimal format.

Many service or driver parameters are of this type. Example: 0x00000240(576) — decimal value is given in parenthesis.

REG_BINARY

Binary data of an arbitrary form. Maximum length – 16 bytes.

Most data on hardware components is stored as binary. In the regedit.exe window it is displayed in hexadecimal format, for example 01 00 00 00.

REG_SZ

A string ending with a null symbol.

Example: C:\Windows

REG_MULTI_SZ

Multi-line text. An array of strings ending with a null each. An array itself ends with two nulls.

Lists and other records in readable format are of this type. The records are separated by commas and other symbols in the editor.

REG_EXPAND_SZ

Data string of variable length ending with a null.

Undisclosed links to environment variables are of this type.

REG_FULL_RESOURCE
_DESCRIPTOR 

A sequence of nested arrays.

This type is designed for storing the list of device resources and drivers.