Saturday, January 24, 2009

The Registry

What is the Registry? Windows Registry is a central database in Windows. The database contains most of the "pointers" and "settings" for Windows, programs, hardware and users. Pointers tell Windows or programs where to find the resources required to perform specific actions. The ways that many actions are (or are not) performed are controlled by settings. Just about any setting that you change -- either in Windows or a program -changes the registry. There are some notable exceptions. Firefox, Thunderbird and many other "wiser" programs avoid the Registry entirely by saving settings, etc. in their own file folders. Almost any time you are using your PC there are a swarm of things going on behind the scenes in the Registry, almost like bees around a hive. (In fact, the major elements of the Registry are called hives.)

Hives
The (last known good) Registry is stored in Registry Hives: Six of them are located in C:\Windows\System32\Config\ default SAM SECURITY software system userdiff There is one more hive for each user located in C:\Windows\\Documents and Settings\\ ntuser.dat However, the hives are not the Registry: The Registry hive files are, strictly speaking, not the Registry. The registry is a dynamic thing that exists in memory only. The Registry only exists when Windows is running. It is built by Windows from the Hives, and other hardware information, during the startup process. The Registry Editor makes the structure of the actual Registry visible as keys and values, in much the same way that Windows Explorer makes folders and files visible. You can also "edit" the keys and values with the Registry Editor, which is similar to editing folders and files with Windows Explorer.

Root Keys
Root Keys: Keys are like folders for files. Each key -- and in turn, each sub-key -- can contain sub-keys, one default value, and as many other values as needed.
HKEY_LOCAL_MACHINE -- (HKLM) contains information about hardware, and settings that apply globally. HKEY_CLASSES_ROOT -- (HKCR) contains file associations, OLE information and other system settings. HKEY_CURRENT_CONFIG -- settings specific to the current hardware configuration. HKEY_USERS -- (HKU) contains settings specific to all "logged on" users of the machine. HKEY_CURRENT_USER (HKCU) -- contains settings specific to the current user (the one with control).

Notice that there are really only 2 root keys. The others are sub-sets or pointers for sections of the 2 root keys. Do not confuse root keys with Registry hives. Hives are where the registry information is stored when Windows is not running. In a sense, the Directory is a dynamic thing that exists only in memory. Building the Registry Windows builds most of the Directory when it boots up, and the rest when you log on. Windows gets most of its information from the registry hive files. Information about hardware is obtained from the hardware and hardware drivers (files) when Windows boots. The registry is dynamic. Changes are retained in memory and recorded in *.log files. Windows also uses the *.log files to write the changes to the hives when you restart Windows. The Registry is primarily there to coordinate the operation of Windows, hardware and the installed programs. Editing is merely a subsidiary aspect of the Registry.

0 comments: