• The physical files that make up the registry are stored differently
depending on your version of Windows; under Windows NT/XP/Vista the
files are contained separately in the %SystemRoot%\System32\Config
directory. You cannot edit these files directly, you must use a tool
commonly known as a "Registry Editor" to make any changes.
The Structure of Registry:
• The Registry has a hierarchal structure; although it looks
complicated the structure is similar to the directory structure on your hard
disk, with Regedit being similar to Windows Explorer.
• Each main branch (denoted by a folder icon in the Registry Editor) is
called a Hive, and Hives contains Keys. Each key can contain other keys
(sometimes referred to as sub-keys), as well as Values. The values contain
the actual information stored in the Registry. There are three types of
values; String, Binary, and DWORD - the use of these depends upon the
context.
• There are five main Hives (branches), each containing a specific portion of
the information stored in the Registry. They are as follows:
• HKEY_CLASSES_ROOT - This branch contains all of your file
association mappings to support the drag-and-drop feature, OLE
information, Windows shortcuts, and core aspects of the Windows user
interface.
• HKEY_CURRENT_USER - This branch links to the section of
HKEY_USERS appropriate for the user currently logged onto the PC and
contains information such as logon names, desktop settings, and Start
menu settings.
• HKEY_LOCAL_MACHINE - This branch contains computer specific
information about the type of hardware, software, and other preferences on
a given PC, this information is used for all users who log onto this
computer.
• HKEY_USERS - This branch contains individual preferences for each user
of the computer; each user is represented by a SID sub-key located under
the main branch.
• HKEY_CURRENT_CONFIG - This branch links to the section of
HKEY_LOCAL_MACHINE appropriate for the current hardware
configuration.
• Each registry value is stored as one of five main data types:
• REG_BINARY - This type stores the value as raw binary data. Most
hardware component information is stored as binary data, and can be
displayed in an editor in hexadecimal format.
• REG_DWORD - This type represents the data by a four byte number and
is commonly used for Boolean values, such as "0" is disabled and "1" is
enabled.
• REG_EXPAND_SZ - This type is an expandable data string that is string
containing a variable to be replaced when called by an application.
• REG_MULTI_SZ - This type is a multiple string used to represent values
that contain lists or multiple values, each entry is separated by a NULL
character.
• REG_SZ - This type is a standard string, used to represent human readable
text values.
• The Registry Editor (REGEDIT.EXE) is included with most version of
Windows it enables you to view, search and edit the data within the
Registry. There are several methods for starting the Registry Editor, the
simplest is to click on the Start button, then select Run, and in the Open
box type "regedit".
referred from books and articles
No comments:
Post a Comment