Windows Registry details

Source: Internet
Author: User
Tags repetition

Registry, the most powerful tool in windows. If the Windows graphical interface is a well, the applicationProgramThe operation is water, so the registry is the bucket for us to fetch water. Without the registry, most programs can only be seen and cannot be used. You can click a program but cannot run it with simple modifications. This makes your various operations extremely slow and leaves all sorts of boring information in your status bar. The Registry sounds very advanced, but it is actually quite simple. It is like your folder. There are subdirectories in the root directory, and the root directory represents the main functions. The subdirectories further refine these main functions, the key value is equivalent to the running program in the last subdirectory. Each key value is a function, and we only need to know the main directories and subdirectories of a function, and finally find the possible key values. In this way, you can explore the secrets of the Registry on your own.

Registry history

In the DOS era, all our hardware devices are connected by the confiis on the boot disk. sys and autoexec. bat two configuration files load the driver at system startup and make it work (this configuration method is also partially retained in Windows), and later windows 3.x, then win. INI, system. INI, control. INI, program. INI and other INI files to save all configuration information about the operating system and applications. However, for security reasons (any text editing tool can modify the INI file, and the INI file is highly readable) and more information needs to be stored, this allows Microsoft to introduce the registry concept to the operating system from Windows 95.
The Registry is a database that centrally manages system hardware facilities, software configurations, and other information. It stores various parameters, it directly controls Windows Startup, hardware driver loading, and running of some Windows applications, and records configuration information of hardware and software related to machines, and the entire system settings and various licenses of networked computers, Association of file extensions and applications, descriptions, statuses and Properties of hardware components, performance records, and other underlying system status information, and other data.
Of course, the registry database cannot be opened with other editing software. It is stored in the system in the Windows folder. dat and user. in the DAT two hidden files, you can only use the "run" command line Regedit in Windows to edit them. Of course, you can also use the editing software to create them. reg.

Registry Structure

The registry information is certainly not arranged in disorder, although it is stored in system. dat and user. dat binary files, but its internal organizational structure is a tree-like structure similar to folder management. Of course, they do not have the title of home directory or sub-directory. They have their own name primary key, sub-key, key value name and key value data (1 ).
The Windows Registry's primary key (equivalent to the main directory) mainly includes six primary keys: HKEY_LOCAL_MACHINE, HKEY_USERS, HKEY_CURRENT_USER, hkey_classes_root, hkey_current_config, and hkey_dyn_data, these six primary keys are inconvenient for all Windows operating systems. The primary keys HKEY_LOCAL_MACHINE and HKEY_USERS are the core of the Registry. HKEY_LOCAL_MACHINE corresponds to system. DAT file, while HKEY_USERS corresponds to user. DAT file.

Registry Usage Details
Because Windows Registration is composed of six primary keys, we also explain the Registry in detail according to the structure of the six primary keys.
Hkey_classes_root
Open this key and you will find many subkeys named as .c0000.doc and. dll. It is actually very simple.
Hkey_classes_root is a shortcut under HKEY_LOCAL_MACHINE \ SOFTWARE \ classes. You can also perform operations under HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes. In its primary key, it records the associations between various types of files in the system and their applications, it includes thousands of keys and values associated with programs and files, as well as storage of ActiveX classes, making it the largest branch of the Registry.
Tip: I believe you will not be unfamiliar with Windows connections. When we double-click a file in the system in resource manager, the system will automatically open a program and open it. If you double-click a Word file, Microsoft Word is automatically called. If you double-click BMP, the drawing program is automatically called. This is Association. What you don't know is that, after double-clicking a file, Windows will first find the extension of this type of file under this primary key, then, based on the file type information in the subkey of the extension, find the application information corresponding to the file type, and use the corresponding program to open the file we double-click. Secret sub-Key (2), we will find that its default record is "Microsoft Word Document E ", its shell-open-command sub-key records the default value of the command sub-key "C: \ windows \ system32 \ mspaint. EXE % 1 "indicates that it calls c: \ windows \ system32 \ mspaint. EXE program to open the BMP file we double-click.
The subkeys under the hkey_classes_root primary key are simple and mainly include two types: File Extension subkeys and file type subkeys. The file extension sub-keys mainly include the file extension set in the system and the Application self-stored extension. "starts with", followed by the file extension. It can contain any number of characters. "*" subkeys and others do not start with ". the sub-keys starting with "are the sub-keys of the class storage, including the file type, class identifier, and program identifier. The file name extension sub-key specifies the associated file type and opening method of this type of file.
Meanings of common subkeys under file-type subkeys in the hkey_classes_root primary key:
Defaulticon: the default display icon of this type of files, that is, the icon we see in the folder.
Shell: Child key of the program Shell
Shell \ open \ command: opens the shell program for this type of files. The default value is the path, name, and parameters of the corresponding program.
Shell \ edit \ command: edit the shell program for this type of files. The default value is the path, name, and parameters of the corresponding program.
Shell \ Print \ command: prints the shell program of this type of files. The default value is the path, name, and parameters of the corresponding program.
Hkey_classes_root also has an important sub-key "CLSID", which records all registered system class identifiers.
2. HKEY_USERS
This primary key records the settings of all users in Windows. The value varies depending on whether the user configuration file is activated on the computer. If the user configuration file is not activated, you can see that. A single sub-Key of default, which includes various settings related to all users and. the DAT file is used together. If the user configuration file is activated and the logon is performed correctly, there is a sub-Key of "User Name", which is the user login name. The key values related to the user name are placed in HKEY_CURRENT_USER.
3. HKEY_CURRENT_USER
The HKEY_CURRENT_USER primary key stores all the configuration information of the currently logged-on user. It also changes automatically, depending on the user currently logged on. It is actually a shortcut under the HKEY_USERS \ User name key, of course, if our machine does not activate the user configuration, it is HKEY_USERS \. default shortcut. (3)
As shown in 3, there are eight subkeys under the primary key. Their functions are as follows:
(1) appevents
The sub-key stores the sound settings of system events. There are two subkeys "eventlabels" and "schemes" below. The subkey eventlabels stores the identifier and name of each event, while the subkey schems associates with each event and sound. There are two subkeys, "apps" and "name", below, the system event sound settings are stored under the "apps" subkey. Generally, each event has two subkeys. current and. default indicates the location of the current sound file and the default sound file respectively. The "name" sub-key stores the name of the Sound dubbing solution. You can also double-click the "sound" item in the control panel, then, you can see it in the solution options in the displayed sound Properties window.
(2) control panel
The sub-key stores the settings of the system desktop, cursor, icon, keyboard and mouse. The following subkeys are generally used:
"Accessibility": it appears only after the Windows system auxiliary options are installed, it includes the high-contrast display setting subkey "highcontrast", the keyboard setting subkey "keyboardresponse", the mouse setting subkey "mousekeys", the serial key setting subkey "serialkeys", and the sound display. set the sub-key "showsounds", the sound guard sub-key "soundsentry", the sticky key to set the sub-key "stickykeys", the auxiliary option sub-key "timeout", and the switch key to set the sub-Key "ToggleKeys ", they are all settings in the auxiliary options.
"Appearance": This sub-key stores various color settings available in the system. We can see the corresponding solution on the "appearance" tab in the Display Properties window.
"Cursors": This subkey stores the cursor pattern used in the system. We can see it in the options on the pointer page in the mouse Properties window.
"Desktop": This sub-key stores system desktop and window settings, such as window boundaries, titles, icons, menus, and scroll bars. There are many key values under it. You can see it after reading its English name. In addition, the desktop subkeys include "resourcelocale" and "windowmetrics". The "resourcelocal" subkeys store the time zone values in the display format of desktop data; "windowsmetrics" stores various settings in the System window, which does not seem difficult. I will not go into details.
"Input Method": This subkey stores the settings for the input method switch key. The key value "show status" determines whether the input method status is displayed.
"International": This subkey stores information about region settings.
"Keyboard": This subkey stores the repetition delay and repetition rate of the keyboard keys.
"Powercfg": This sub-key stores settings related to power management.
(3) identities
The sub-key stores and stores settings related to Outlook Express.
(4) installlocationsmru
Including the path for installing software or hardware device drivers. Each key value represents a path, and its key value name is a lowercase letter, such as "a" and "D, the key value "mrulist" indicates the order of a path, such as "daebc ".
(5) keyboard layout
This sub-key stores the keyboard layout settings in windows.
(6) Network
The sub-key stores the network settings of the current user.
(7) RemoteAccess
The sub-key stores the dial-up network configurations of the current user.
(8) Software
The sub-key stores the configuration information of various software in the system. It is the primary sub-key under the HKEY_CURRENT_USER primary key and also the user. in the main part of the DAT file, the subkeys under the primary key vary greatly with different machines, but in any case, the subkeys under the primary key have basically the same structure.
4. HKEY_LOCAL_MACHINE
The core primary key of the Registry on HKEY_LOCAL_MACHINE records all hardware and software configurations on the computer. It consists of eight parts, and each part has many corresponding subkeys.
(1) Config Key
The Windows configuration file is stored in the key value, and the number of sub-keys under it depends on the machine, for example, 0001,0002. Each sub-key represents a hardware configuration file. Each sub-key contains the display, Enum, infrared, software, and system sub-Keys. The Enum key includes the configuration data of each device installed on the machine. Its content varies with different machines. It corresponds to multiple sub keys:
(1) BIOS: includes multiple devices integrated on the motherboard. Each device is in an EISA format (for example, * pnp0001 ). Microsoft assigns a certain range to certain device types. These users do not have to ask questions. Therefore, we skipped this issue. If you need such information, you can search for it online.
(2) ESDI: indicates the hard disk type and drive characters.
(3) flop: flop indicates the floppy disk drive.
(4) htree: no device is included. The reserver sub-key under it retains the list of resources saved in device management.
⑸ Isapnp: ISA plug-and-play device.
⑹ Infrared: infrared interface. You can see the sub-keys of each virtual device connected to this port.
⑺ Lptenum: The plug-and-play printer exists only when it is installed on the parallel port.
Effecmf: includes the sub-keys of each multi-functional device installed on the computer.
⑼ Ult_monitor: usually contains a single subkey. default_monitor, indicating the current display.
Protocol Network: network protocol, usually see the following sub-keys: fastir-infrared protocol, MSTCP-TCP \ IP, vredir-Microsoft Network Customer, vserver-file and printer sharing
⑾ Pci: includes each PCI device.
⑿ PCMCIA: The PC Card device installed on the computer.
Hardware root: hardware detected by the computer or not correctly installed by adding new hardware.
Dedicated SCSI: Each SCSI device installed on a computer.
⒂ Serenum: The device connected to the serial interface.
USB: The device connected to the USB interface.
⒄ Vpowerd: power management.
(2) Hardware key
Some uncertain information about computer hardware configuration is stored in this key value.
(3) network key
This key value stores the security provider and the current user name and group policy.
(4) Security Key
This key value stores information about each user and group with administrative permissions.
(5) software key
Settings of software installed on the computer. Each software program uses the organization of company name, software name, and software version. The settings in this section are useful for troubleshooting and system customization.
(6) system key
This key value stores information such as the device driver in the system.
5. hkey_current_config:
Is the shortcut of HKEY_LOCAL_MACHINE \ config.
6. hkey_dyn_data:
Dynamic Data of the system.

After learning about the significance of these keys, you can study the problems and find the primary key and subkey and modify the changes. Of course, do not forget to back up. In fact, Windows automatically backs up the registry every time it is started, and stores the rb00x in Windows \ sysbckup. in the cab file, an error occurs in the Registry. In dos, use extract/E to expand and copy it back. Of course, you can copy system. dat and user. dat directly for backup.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.