The Structure of the Windows Registry?

The Structure Windows Registry

Increase your knowledge of the Windows Registry. This article uncovers the nature of the structure of the Windows Registry.

The registry database is stored in a hierarchical structure as may be seen from the screen shot below. It may be best to conceive the registry as a tree divided into a number of areas or branches. Depending on your Windows version, the Registry comprises four to six sub-trees of keys called hives (also referred to as discrete files).

Each hive contains a Registry sub-tree, which has a key that serves as the root (i.e., starting point) of the tree. A registry hive is a group of keys, subkeys, and values in the registry that has a set of supporting files containing backups of its data. Subkeys and their values reside beneath the root. The values contain the actual information stored in the Registry.

The majority of the information in the Registry is placed there automatically by Windows when the operating system is installed. The rest comes from applications and hardware via installation routines.

It is also possible to edit Registry data manually, allowing you to tweak, enable or fix certain settings.

Any changes you make to the registry using Registry Editor are permanent, there is no “undo” button, so be very careful what you do.

Only edit the registry if you know what you are doing: the consequences of your mistakes could be rather extreme - at its worst, you will need to re-install Windows from scratch.

Edit at your own risk, and as a rule of thumb always make a backup.

The following screen-shots are taken from the Windows Registry Editor (type 'regedit.exe'
at the Start Menu->Run prompt).

Folders represent keys in the registry (files represent hives) and are shown in the navigation area on the left side of the Registry Editor window. In the topic area on the right, the entries in a key are displayed. When you double-click a entry, it opens an editing dialog box.

As such, what you need to remember is that there are six root keys, each of which contains specific registry information:

HKEY_CLASSES_ROOT contains file associations and OLE information necessary to launch applications. Associations define what program runs when you double-click on a file
name, what Context menu items appear when you right-click on the file. For example
the root stores information about Active X controls, the names of all drivers, icons used for applications and documents, information supporting the drag-and-drop feature, all the extensions and the associations between applications and documents, shortcuts, COM sections and crucial features of the Windows user interface. The root key controls all the data files.

HKEY_CURRENT_USER contains the configuration information for the user who is currently logged on the machine. This portion of the registry links to the relevant area in the HKEY_USERS branch and cannot be edited.

The HKEY_USERS branch contains the profiles (including all the specific data) of all the users of the particular computer. This includes such items as screen savers, start menu settings and desktop preferences, fonts, event sounds, the recent start/run entries and folder view preferences for each user including default settings for new users.

HKEY_LOCAL_MACHINE has computer-specific configuration information used for all users who log onto computer. This key contains five-sub keys namely

Hardware (including the system hardware database generated during boot-up, all device drivers to be loaded, IRQ hooks and DMA settings and all resource allocations for each driver).
Security Accounts Manager (SAM) containing the user and group account database.
Security containing security policy information.
Software containing all configuration definitions and data for all software installed on the computer including the operating system. You will see sub-keys for each software
title installed on the system.
System information.

HKEY_CURRENT_CONFIG contains all the relevant information relating to the hardware
installed on the particular computer. This information is used by the computer at
system start-up.

HKEY_DYN_DATA stores all plug and play information on the computer. Since this configuration information requires fast modification and retrieval by Windows, it is sent to RAM since the system cannot wait for the registry to send it to the hard drive. The information in this key is created afresh every time Windows is started and is thus dynamic also changing as devices are added and removed from the system.

Each registry value is stored as one of six main data types:

REG_BINARY: The data is in raw binary. Most of the information relating to hardware components is stored in this format and may be displayed by the Windows Registry Editor in hexadecimal format.

REG_DWORD this indicates that the data type is stored in a double word, always displayed as a four-byte number. Device drivers and services parameters are often of this type and can be viewed in binary, hexadecimal, or decimal using the Registry editor.

REG_EXPAND_SZ relates to a data string of variable length. This data type includes variables that are resolved when a program or service uses the data.

REG_MULTI_SZ is a multiple string. Values of this type of data usually contain list or multiple values that users are able to read.

REG_SZ relates to a fixed length text string.

REG_FULL_RESOURCE_DESCRIPTOR are used in hardware registry keys.

Other data types exist however these are not available through the standard registry editors.

Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on your computer.