Windows system registry Knowledge Completely uncover _ registry

The Windows Registry is a set of data files that help Windows control hardware, software, user environments, and Windows interfaces. The registry is contained in two files System.dat and User.dat in the Windows directory, as well as their backup system.da0 and user.da0. The registry database can be accessed through the Regedit.exe program in the Windows directory. Previously, in earlier versions of Windows (before Win95), these features were implemented by Win.ini,system.ini and other. ini files associated with the application.

In the Windows operating system family, the System.ini and Win.ini two files contain all the control features and application information of the operating system, System.ini managing the computer hardware and Win.ini managing desktops and applications. All drivers, fonts, settings, and parameters are saved in the. ini file, and any new programs will be recorded in the. ini file. These records are referenced in the program code. Because of the size of the Win.ini and System.ini files, programmers Add Auxiliary. ini files to control more applications. Microsoft Excel, for example, has an office Excel.ini file that contains options, settings, default parameters, and other information that is relevant to the normal operation of Excel. In System.ini and Win.ini, you only need to indicate the Excel.ini path and file name.

Early in the era of DOS and win3.x, most applications used the INI file (initialization file) to save some configuration information, such as setting the path, environment variables, and so on. System.ini and Win.ini control the characteristics and access methods of all windows and applications, and it works well in a small number of users and in a few application environments. As the number and complexity of applications increase, you need to add more parameter entries to the. ini file.

In this way, in a changing environment, after the application is installed in the system, everyone changes the. ini file. However, no one has deleted the relevant settings in the. ini file after deleting the application, so the two files System.ini and Win.ini will grow larger. Each additional content can lead to slower system performance. And every time an application is upgraded, the challenge is that the upgrade adds more parameters but never removes the old settings. And there is an obvious problem, the maximum size of an. ini file is 64KB. To solve this problem, the software vendor itself starts to support its own. ini file, then points to a specific INI file such as Win.ini and System.ini files. This way down multiple. ini files affect the system's normal access level settings. If an application's. ini file and the Win.ini file set up a conflict, who is the higher priority?

The registry was originally designed as a data file reference file for an application, and finally expanded to include all of the features for 32-bit operating systems and applications. The registry is a set of files that control the appearance of the operating system and how to respond to external events. These "events" range from directly accessing a hardware device to the interface how to respond to a particular user to how the application runs, and so on. The registry is designed to work specifically for 32-bit applications because of the complexity of its purpose and nature, and the size of the file is limited to about 40MB. The use of a powerful registry database to unify the centralized management of the system hardware facilities, software configuration and other information, thus facilitating the management, enhance the stability of the system. One of the most intuitive examples is why different users under Windows can have their own personalized settings, such as different wallpaper and different desktops. This is done through the registry.

This shows that the registry (Registry) is a core "database" of windows9x/me/nt/2000 operating systems, hardware devices, and client applications that can function and save settings, and is a huge, tree-layered database. It records the relationship between the software that the user installs on the machine and each program, and it contains the hardware configuration of the computer, including the automatically configured Plug and Play devices and the various device descriptions, status attributes, and various status information and data.

　 What does the registry do?

The registry is a data file designed for all 32-bit hardware/drivers and 32-bit applications in Windows NT and WINDOWS95. The 16-bit driver does not work under Windows NT, so all devices are controlled through the registry, which is typically controlled by the BIOS. Under Win9x, 16-bit drivers continue to work in real mode devices, which are controlled using System.ini. 16-bit applications work under NT or Win9x, and their programs still refer to Win.ini and System.ini files for information and control.

In the absence of a registry, the operating system does not get the necessary information to run and control the attached devices and applications and to respond correctly to user input.

The registry in the system is a database that records 32-bit-driven settings and locations. When the operating system requires access to the hardware device, it uses the driver, and even the device is a BIOS-supported device. Devices without BIOS support must be installed with a driver that is independent of the operating system, but the operating system needs to know where to find them, file names, version numbers, other settings, and information, and they cannot be used without the Registry's record of the device.

When a user prepares to run an application, the registry provides the application information to the operating system so that the application can be found, the location of the correct data file is specified, and other settings can be used.

The registry holds location information about the default data and secondary files, menus, button bars, window state, and other optional options. It also saves the installation information (such as date), the user installing the software, the software version number and the date, the serial number, and so on. Depending on the installation software, the information it includes is different.

In general, however, the registry controls all 32-bit applications and drivers, the methods of control are based on the user and the computer, not on the application or the driver, and each registry parameter item controls the function of a user or the computer. User features may include the desktop appearance and user directory. So, the computer function is related to the hardware and software that is installed, so the item is common to the user.

Some programs have effects on users, some on computers rather than personal settings, and, similarly, drivers may be specified by the user, but in many cases they are common in the computer.

　　 second, the structure of the Registry and the relationship between

Windows has six root keys in the registry, which is equivalent to one hard drive being divided into six partitions.

You can run Registry Editor by entering Regedit in the Run dialog box, and then clicking the OK button.

The data organization structure of the Registry registry (System.dat, User.dat, Config.pol) in the Chinese version of Windows 98.

The registry has a total of six root keys. These root keys are uppercase and are prefixed with HKEY_, which is based on the symbolic variables of the keyword of the registry function of the Win32 API.

Although in the registry, six root keys appear to be in a parallel position and have nothing to do with each other. In fact, the information stored in HKEY_CLASSES_ROOT and Hkey_current_config is part of the information stored in HKEY_LOCAL_MACHINE, and the information stored in HKEY_CURRENT_USER is only HKEY_ Part of the information that users store.

HKEY_LOCAL_MACHINE includes all the information in HKEY_CLASSES_ROOT and HKEY_CURRENT_USER. After each system starts, the system maps out the information in the HKEY_CURRENT_USER, allowing the user to view and edit the information.

In fact, HKEY_LOCAL_MACHINE\Software\Classes is HKEY_CLASSES_ROOT, which is specifically used as a root key for easy viewing and editing by the user. Similarly, hkey_current_config\sy-stem\current control is hkey_local_machine\system\current control.

The user information for the default user and the currently logged-on user is saved in HKEY_USERS. The user information for the currently logged-on user is saved in HKEY_CURRENT_USER.

Hkey_dyn_data saves the dynamic data of the system at run time, which reflects the current state of the system and is not the same at every run, even on the same machine.

According to the above analysis, the information in the registry can be divided into HKEY_LOCAL_MACHINE and HKEY_USERS two categories, the details of these two categories, please see the following introduction.

　　 three or six effects of large root bonds

In the registry, all data is organized into keys and subkeys in a tree-like structure, very similar to the directory structure. Each key contains a specific set of information, and the key name of each key is related to the information it contains. If this key contains a subkey, the left side of the folder representing the key in the Registry Editor window will have a "+" symbol to indicate that there is more content in the folder. If this folder is opened by the user, this "+" will become "-".

1.hkey_users

The root key holds a list of user identities and passwords stored in the local computer password list. The preconfigured information for each user is stored in the HKEY_USERS root key. HKEY_USERS is one of the root keys accessed from the remote computer.

2.hkey_current_user

The root key contains the currently logged-on user information stored in the local workstation, including the user logon username and the temporary password (note: This password is hidden when entered). When a user logs on to Windows 98 o'clock, the information is copied from the corresponding item in the HKEY_USERS to the HKEY_CURRENT_USER.

3.hkey_current_config

The root key holds data that defines the current user's desktop configuration (such as a monitor), the last document list (MRU), and other information about the installation of the current user's Chinese version of Windows 98.

4.hkey_classes_root

The root key indicates the name of its file type, based on the extension of the application installed in the Chinese version of Windows 98.

When you first install the Chinese version of Windows 98, the RTF (Rich Text format) file is associated with WordPad (WordPad) &127;, but word is automatically activated when you double-click an RTF file after you install Chinese Word 6.0 later. The HKEY_CLASSES_ROOT, which is stored in SYSTEM.DAT, replaces the settings in the [extensions]&127; section of the Win.ini file, which links the application to the file name extension and replaces Windows 3. A similar set item in the Reg.dat file in X.

5.hkey_local_machine

The root key holds the local computer hardware data, which is included in SYSTEM.DAT to provide the information required for HKEY_LOCAL_MACHINE, or in a set of keys that are accessible on the remote computer.

Many subkeys in the root key are similar to those set in the System.ini file.

6.hkey_dyn_data

The root key holds the system's Dynamic Data at run time, and this data changes every time it is displayed, so the information under this root key is not placed in the registry.

　　 Iv. key components of the registry

The registry is a large database registry. To analyze the database in detail, it is not one or two pages that can be introduced. I have spent more than half a year analyzing this database structure. The following are just some of the important things.

A Hkey_class_root

1.hkey_class_root/paint.pricture/defaulticon Double-click the default string on the right side of the window, delete the original "key value" in the Open dialog box, and enter% 1. After reboot, in "My Computer" open the Windows directory, select "Big icon", and then you see the BMP file icon is no longer the same mspaint icon, but the outline of each BMP file (if not installed ACDSee, such as look at the map software).

Two HKey_Current_User

The new string value name menushowdelay=0 in the 1.hkey_current_user\control Panel\Desktop can increase the popup speed of the "Start" menu's Neutron menu.

2. Create a new string value MinAnimate in HKEY_CURRENT_USER\Control Panel\deskt-op\windowsmeterics with a value of 1 to start the animation effect Switch window with a value of 0 to cancel the animation effect.

(iii) HKEY_LOCAL_MACHINE

1.hkey_local_machine\software\microsoft\windows\currentversion\explorer\user Shell Folders Save the path to your personal folders, favorites.

2.hkey_local_machine\system\currentcontrol-set\control\keyboard Layouts saves the language used by the keyboard and various Chinese input methods.

3.hkey_local_machine\software\microsoft\windows\currentversion\uninstall to save installed Windows application uninstall information.

4.hkey_local_machine\system\currentcontrol-set\services\class Save Control Panel-Add Hardware device-device type directory.

5.hkey_local_machine\system\current-controlset\control\update sets the refresh mode. A value of 00 is set to refresh automatically, and 01 is set to manually refresh [press F5 in Explorer].

6.hkey_local_machine\software\microsoft\win-dows\currentversion\run saves the name of the program that runs when the computer that is set up by the control Panel is started, and its icon appears to the right of the task bar. The icon also appears to the right of the taskbar when the Startup folder program runs.

7.hkey_local_machine\software\microsoft\windows\currentversion\policies\ratings saves the password set in the IE4.0 Chinese version of security \ Rating Advisor ( Data encryption), if the password is forgotten, delete the data in the ratings can solve the problem.

8.hkey_local_machine\software\microsoft\windows\currentversion\explorer\desktop\namespace Save special icons on your desktop, such as Recycle Bin, inbox, MS network and so on.

(d) HKEY_USERS

1.hkey_users\. Default\software\microsoft\internet explorer\typeurls saves the URL address list information entered in the IE4.0 browser's address bar. Clears the document menu when it is cleared.

2.hkey_users\. Default\so.. \mi.. \wi.. \current-version\ex.. \menuorder\startmenu The Retention Program menu ordering information.

3.hkey_users\. Default\so.. \microsoft\windows\current-version\explorer\runmru saves the list of programs running in "Start \ Run ...". Clears the document menu when it is cleared.

4.hkey_users\. Default\so.. \microsoft\windows\current-version\explorer\recentdocs saves a shortcut to a recently used 15 document (removing the problem of duplicate document names) and clears the document menu.

5.hkey_users\.default\software\microsoft\windows\currentversion\applets saves the record data for a Windows application.

6.hkey_users\.default\software\microsoft\windows\currentversion\run saves the name of the program that runs when the user-set computer starts, and its icon appears to the right of the taskbar.

　 v. Terminology relating to the registry:

①, registry: is a tree-layered database. Physically, it is the System.dat and User.dat two files; Logically, it is the configuration data that the user sees in Registry Editor.

②, hkey: "Root Key" or "primary key", its icon is somewhat similar to the icon in the folder in Explorer. Windows98 divides the registry into six parts and is called hkey_name, which means a handle to a key.

③, Key (key): It contains additional folders and one or more values.

④, subkey (subkey): The key (subkey) that appears below a key (parent key).

⑤, Branch (branch): Represents a specific subkey and everything it contains. A branch can start at the top of each registry, but is usually used to describe a key and all its contents.

⑥, Value entry (Value entry): An ordered value with a name and a value. Each key can contain any number of value items. Each value entry consists of three parts: name, data type, data.

★ Name: Any combination of characters, numbers, representations, spaces that do not include the backslash. You cannot have the same name in the same key.

★ Data type: including string, binary, double word three kinds.

String (REG_SZ): As the name suggests, a string of ASCII code characters. such as "Hello World", is a string of words or phrases. In the registry, string values are typically used to represent the description of the file, the identity of the hardware, and so on. Usually it consists of letters and numbers. The registry always displays a string within quotation marks.

Binary (REG_BINARY): such as F03D990000BC, is a binary value without a length limit, in Registry Editor, binary data is displayed in 16-way.

Double Word (REG_DWORD): Literal understanding should be double word, double-byte value. Made up of 1-8 hexadecimal data, we can edit it in 16 or decimal terms. such as D1234567.

★ Data: The value item's concrete value, it can occupy to 64KB.

⑦, Default (default): Each key includes at least one value item, known as the default value, which is always a string.