Windows Registry : Introduction and Structure

Windows Registry : Introduction and Structure

The Windows registry is a directory which stores settings and options for the operating system for Microsoft Windows 32-bit versions, 64-bit versions and Windows Mobile. It contains information and settings for all the hardware, operating system software, most non-operating system software, users, preferences of the PC, etc. Whenever a user makes changes to Control Panel settings, file associations, system policies, or installed software, the changes are reflected and stored in the registry.

Accessing the Windows Registry
You can view the registry files by running the regedit command.
To view the registry files
Click Start > Run...
Type regedit in the Open: box.
Click OK.

Structure

Keys and Values

The registry contains two basic kinds of elements: keys and values.

Registry Keys are similar to folders - in addition to values, each key can contain subkeys, which may contain further subkeys, and so on. Keys are referenced with a syntax similar to Windows' path names, using backslashes to indicate levels of hierarchy. E.g.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows refers to the subkey "Windows" of the subkey "Microsoft" of the subkey "Software" of the HKEY_LOCAL_MACHINE key.

Registry Values are name/data pairs stored within keys. Values are referenced separately from keys. Value names can contain backslashes which would lead to ambiguities were they referred to like paths. The Windows API functions that query and manipulate registry values take value names separately from the key path and/or handle that identifies the parent key.

Hives

HKEY_CLASSES_ROOT

Abbreviated HKCR, HKEY_CLASSES_ROOT stores information about registered applications, such as Associations from File Extensions and OLE Object Class IDs tying them to the applications used to handle these items.

HKEY_CURRENT_USER

Abbreviated HKCU, HKEY_CURRENT_USER stores settings that are specific to the currently logged-in user.

HKEY_LOCAL_MACHINE

Abbreviated HKLM, HKEY_LOCAL_MACHINE stores settings that are general to all users on the computer.

HKEY_USERS

Abbreviated HKU, HKEY_USERS contains subkeys corresponding to the HKEY_CURRENT_USER keys for each user registered on the machine.

HKEY_CURRENT_CONFIG

Abbreviated HKCC, HKEY_CURRENT_CONFIG contains information gathered at runtime; information stored in this key is not permanently stored on disk, but rather regenerated at boot time.

HKEY_PERFORMANCE_DATA

This key provides runtime information into performance data provided by either the NT kernel itself or other programs that provide performance data.