Windows Registry knowledge completely disclosed and released

Source: Internet
Author: User

Windows Registry knowledge completely disclosed and released

Windows registry is a set of data files that help windows control hardware, software, user environment and Windows interface. The registry contains two files in the Windows directory: system. dat and user. dat, and their backup system. da0 and user. da0. You can access the registry database through the regedit.exe program in the Windows directory. In earlier versions of Windows (before Win95), these functions were implemented by win. ini, system. ini, and other. ini files associated with applications.
In the Windows operating system family. INI and win. INI files contain all the control functions and application information of the operating system. INI manages computer hardware while win. INI manages desktops and applications. All drivers, fonts, settings, and parameters are stored in the. ini file, and any new programs are recorded in the. ini file. These records will be referenced in the program code. Due to the limited size of win. ini and system. ini files, programmers add auxiliary. ini files to control more applications. For example, Microsoft Excel has an Office Excel. ini file, which contains options, settings, default parameters, and other information related to the normal operation of Excel. In system. ini and win. ini, you only need to specify the path and file name of Excel. ini.
In the era of DOS and win3.x, most applications use INI files (Initialization Files) to save some configuration information, such as setting paths and environment variables. System. ini and win. ini control the features and access methods of all windows and applications. They work well in a few users and application environments. As the number and complexity of applications increase, you need to add more parameter items in the. ini file.
In this way, in a changed environment, after the application is installed into the system, everyone will change the. ini file. However, no one deletes the settings in the. ini file after the application is deleted, so the system. ini and win. ini files become larger and larger. Each added content slows down the system performance. In addition, each application upgrade has the following problem: the upgrade adds more parameter items but never removes the old settings. There is also an obvious problem: the maximum size of A. ini file is 64 KB. To solve this problem, the software vendor starts to support its own. ini file and points to specific INI files such as win. ini and system. ini files. In this way, multiple. ini files affect the system's normal access level settings. If an application's. ini file conflicts with the win. ini file, who has a higher priority?
The Registry was initially designed as a reference file related to the data file of an application, and finally extended to a 32-bit operating system and application that includes all functions. The Registry is a set of files that control the operating system appearance and how to respond to external events. These "events" range from direct access to a hardware device to how interfaces respond to specific users to how applications run. The registry is designed to work specially for 32-bit applications because of its complexity and purpose. The file size is limited to about 40 MB. A powerful registry database is used to centrally manage system hardware facilities, software configurations, and other information, facilitating management and enhancing system stability. The most intuitive example is why different users in windows have their own personalized settings, such as different wallpaper and different desktops. This is achieved through the registry.
Therefore, registry is the core "Database" that allows Windows 9x/ME/NT/2000 operating systems, hardware devices, and customer applications to run and save settings properly "; is a huge tree-layered database. It records the software installed on the machine and the relationship between each program. It contains the hardware configuration of the computer, including automatic configuration of plug-and-play devices and various existing device descriptions, status attributes, and various status information and data.
1. What do the Registry do?
The Registry is a data file designed for all 32-bit hardware/drivers and 32-bit applications in Windows NT and Windows 95. The 16-bit driver cannot work in Windows NT, so all devices are controlled through the registry. These are generally controlled through BIOS. In Win9x, 16-bit drivers will continue to work in real mode, which are controlled by system. ini. 16-bit applications will work in NT or Win9x, and their programs will still obtain information and control by referring to the win. ini and system. ini files.
Without a registry, the operating system does not obtain the required information to run and control the affiliated devices and applications and correctly respond to user input.
In the system, the Registry is a database that records 32-bit driver settings and locations. When the operating system needs to access the hardware device, it uses the driver, and even the device is a BIOS-supported device. Drivers are required for installation of devices without BIOS support. Drivers are independent of the operating system, but the operating system must know where to find them, file names, version numbers, other settings, and information, devices cannot be used without the registry record.
When a user is preparing to run an application, the Registry provides the application information to the operating system so that the application can be found and the correct data file location is specified, other settings can also be used.
The registry stores location information about the default data and auxiliary files, menus, button bars, window statuses, and other options. It also saves the installation information (such as the date), the user who installs the software, the software version number, the date, and the serial number. The information contained in the software varies with the software installation.
However, in general, the Registry controls all 32-bit applications and drivers, and the method of control is based on users and computers rather than applications or drivers, each registry parameter item controls a user's functions or computer functions. User functions may include the desktop appearance and user directory. Therefore, computer functions are related to the installed hardware and software, so the items for users are public.
Some program functions have an impact on users. In some cases, they act on computers rather than personal settings. Similarly, drivers may be user-specified, but in many cases, they are common in computers.
Ii. Structure and relationship of the Registry
The Windows Registry has six keys, which are equivalent to dividing a hard disk into six partitions.
In the run dialog box, enter regedit and click OK to run the Registry Editor.
The data organization structure of the Registry (system. dat, user. dat, config. pol) in Windows 98.
The Registry has six root keys. These root keys are capitalized and prefixed with hkey _. This command Convention is based on the symbol variable of the keyword of the registry function of Win32 API.
Although in the Registry, the six root keys seem to be in a parallel position and have no relationship with each other. But in fact, the information stored in hkey_classes_root and hkey_current_config is part of the information stored in HKEY_LOCAL_MACHINE, and the information stored in HKEY_CURRENT_USER is only part of the information stored in HKEY_USERS.
HKEY_LOCAL_MACHINE includes all information in hkey_classes_root and HKEY_CURRENT_USER. After each system startup, the system maps the information in HKEY_CURRENT_USER so that you can view and edit the information.
In fact, HKEY_LOCAL_MACHINE/software/classes is hkey_classes_root. To facilitate viewing and editing, the system uses it as a root key. Similarly, hkey_current_config/SY-STEM/current control is HKEY_LOCAL_MACHINE/system/current control.
HKEY_USERS stores the information of the default user and the current user. HKEY_CURRENT_USER saves the user information of the current logon user.
Hkey_dyn_data stores the dynamic data during system running. It reflects the current status of the system, which is different each time, even on the same machine.
According to the above analysis, the information in the registry can be divided into two categories: HKEY_LOCAL_MACHINE and HKEY_USERS. For details about these two categories, see the following introduction.
3. Functions of the six keys
In the registry, all data is organized by a tree structure in the form of keys and subkeys, very similar to the directory structure. Each key contains a specific set of information. The key name of each key is related to the information contained in it. If the key contains a subkey, the "+" symbol is displayed on the left of the folder that represents the key in the registry editor window to show more content in the folder. If the folder is opened by the user, the "+" will be changed to "-".
1. HKEY_USERS
The root key stores the user ID and password list in the password list of the local computer. The pre-configuration information of each user is stored in the HKEY_USERS Root Key. HKEY_USERS is one of the root keys accessed from a remote computer.
2. HKEY_CURRENT_USER
The root key contains information about the currently logged-on users stored in the local workstation, including the User Logon username and temporary password (note: this password is hidden when entered ). When a user logs on to Windows 98, the information is copied from the corresponding items in HKEY_USERS to HKEY_CURRENT_USER.
3. hkey_current_config
The root key stores data that defines the current user's desktop configuration (such as a display), the final used document list (MRU), and other information about the current user's Windows 98 Chinese version installation.
4. hkey_classes_root
The Root Key specifies the name of the file type based on the extension of the application installed in Windows 98.
When Windows 98 Chinese version is installed for the first time, the Rich Text Format File is associated with WordPad & 127;. However, after the Chinese Word 6.0 is installed, when you double-click an RTF file, the word is automatically activated. Stored in system. in dat, hkey_classes_root will replace win. the setting item in the [extensions] & 127; section of the INI file, which associates the application with the file extension and replaces Windows 3. reg. similar settings in the DAT file.
5. HKEY_LOCAL_MACHINE
The root key stores hardware data of the local computer. The sub-keywords under this root key are included in system. dat, used to provide information required by HKEY_LOCAL_MACHINE, or a group of keys that can be accessed on a remote computer.
Many subkeys in the Root Key are similar to those in the system. ini file.
6. hkey_dyn_data
The root key stores the dynamic data during running. The data changes every time it is displayed. Therefore, the information under this root key is not stored in the registry.
4. Important Content of the Registry
The Registry is a large database registry. To analyze the database in detail, we will not be able to cover one or two pages. I used more than half a year to analyze the database structure. The following describes some important topics.
(1) hkey_class_root
1. hkey_class_root/paint. pricture/defaulticon double-click the default string on the right of the window, delete the original "key value" in the displayed dialog box, and enter % 1. After restarting, open the windows directory in "My Computer" and select "Big icon". Then, the icon of the BMP file you see is no longer the same mspaint icon, a thumbnail of each BMP file (provided that ACDSee and other image viewing software are not installed ).
(2) HKEY_CURRENT_USER
1. The new string value menushowdelay = 0 in HKEY_CURRENT_USER/control panel/desktop increases the pop-up speed of the submenu in the Start Menu.
2. In HKEY_CURRENT_USER/control panel/train t-OP/windowsmeterics, create the string value minanimate. The value is 1. Start the animation effect switch window. The value is 0 to cancel the animation effect.
(3) HKEY_LOCAL_MACHINE
1. HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/Explorer/User Shell Folders Save the path of the personal folder and favorites folder.
2. HKEY_LOCAL_MACHINE/system/currentcontrol-set/control/keyboard layouts Save the language used by the keyboard and various Chinese input methods.
3. HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/uninstall Save the uninstall information of installed Windows applications.
4. HKEY_LOCAL_MACHINE/system/currentcontrol-set/services/class save control panel-add hardware device-device type directory.
5. HKEY_LOCAL_MACHINE/system/current-ControlSet/control/update sets the refresh mode. Set the value to 00 to automatic refresh, and 01 to manual refresh [Press F5 in resource manager].
6. HKEY_LOCAL_MACHINE/software/Microsoft/win-dows/CurrentVersion/run saves the name of the program running at startup set by the control panel, and its icon is displayed on the right of the task bar. When the program is running in the "Start" folder, the icon is also on the right of the task bar.
7. HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/policies/ratings Save the password (Data Encryption) set in ie4.0 Chinese edition "security"/"hierarchical review". If you forget the password, delete the data in ratings to solve the problem.
8. HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/Explorer/desktop/namespace save special icons on the desktop, such as the recycle bin, inbox, and MS network.
(4) HKEY_USERS
1. HKEY_USERS/. Default/software/Microsoft/Internet Explorer/typeurls Save the URL list information entered in the address bar of ie4.0 browser. The Document menu is cleared.
2. HKEY_USERS/. Default/so.../mi.../wi.../current-version/ex.../menuorder/startmenu keep program menu sorting information.
3. HKEY_USERS/. Default/so ../Microsoft/Windows/current-version/Explorer/runmru Save the list of programs running in "Start/run. The Document menu is cleared.
4. HKEY_USERS /. default/so .. /Microsoft/Windows/current-version/Explorer/recentdocs save shortcuts for the 15 most recently used documents (deleting the shortcuts can solve the problem of duplicate document names ), the Document menu is cleared.
5. HKEY_USERS/. Default/software/Microsoft/Windows/CurrentVersion/applets Save the record data of Windows applications.
6. HKEY_USERS/. Default/software/Microsoft/Windows/CurrentVersion/run saves the name of the program running when the user-defined computer starts. Its icon is displayed on the right of the job bar.
5. terms related to the registry:

①. Registry: a tree-layered database. Physically, it is a system. dat file and a user. dat file. Logically, it is the configuration data that you see in the Registry Editor.
②. Hkey: "Root Key" or "primary key". Its icon is a bit similar to the icon in the folder in the resource manager. Windows 98 divides the Registry into six parts, known as hkey_name, which means a one-click handle.
③ Key: it contains the attached folder and one or more values.
④ Subkey: the subkey that appears under a key (parent key ).
⑤ Branch: represents a specific sub-key and everything it contains. A branch can start at the top of each registry, but is usually used to describe a key and all its contents.
6. Value entry: an ordered value with a name and a value. Each key can contain any number of value items. Each value item consists of three parts: name, data type, and data.
★Name: Any combination of characters, numbers, symbols, and spaces of the backslash. The same key cannot have the same name.
★Data Type: including string, binary, and double-character.
String (reg_sz): a string of ASCII characters, as the name suggests. For example, "Hello world" is a string of words or phrases. In the registry, string values are generally used to indicate the file description and hardware identification. It generally consists of letters and numbers. The Registry always displays strings in quotation marks.
Binary (reg_binary): for example, f03d991_bc is a binary value without length restrictions. In the Registry Editor, binary data is displayed in hexadecimal format.
Double Word (REG_DWORD): literally, it should be double word, double byte value. It consists of 1-8 hexadecimal data, which can be edited in hexadecimal or decimal format. For example, d1234567.
★Data: The specific value of the value item, which can occupy 64 KB.
7. Default: each key contains at least one value, which is called the default value. It is always a string.

This article Reprinted from the feet home: http://www.jb51.net/html/200610/90/3328.htm

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.