Understanding the Windows Registry Editor
For anybody looking at the Windows Registry for the first time it can be a somewhat scary proposition. Built up in a complex hierarchical structure with menu driven options that make no sense. The names of directories and underlying structure are impossible to use without a solid base of knowledge as to what each hierarchical level does and how subsequent editing of any corresponding values changes the way windows operates.
To the novice user the Windows Registry can be confusing to the point of overwhelming. However, with a simple understanding of each hierarchical element comes a confidence in how each directory deals with windows functionality to provide effective performance. So let’s take a closer look at the windows registry hierarchical structure.
The top level of the Windows Registry hierarchy has five sections called ‘Hives’, which categorize information in two ways - by user and by system. This information is then stored at the core of the windows registry in two files, the system.dat file which contains all hardware and software architecture settings, and the user.dat file which contains all user profile information
The five registry hives that maintain this information are;
HKEY_CLASSES_ROOT ... Data values and configurability of windows file types and controlling user interface operability. i.e. Data structures, disk management, software path names.
HKEY_CURRENT_USER … Data values and configurability of the current user account that is logged into windows. i.e. Software to launch, network connections, hardware devices, personal preferences, user security privileges.
HKEY_LOCAL_MACHINE … Data values and configurability of physical hardware and application software. i.e. storage, multimedia, input and output devices, software installations, drivers and global security.
HKEY_USERS … Data values and configurability of each user profile on the computer. Software to launch, network connections, hardware devices, personal preferences, user security privileges.
HKEY_CURRENT_CONFIG … Data values and configurability of the current hardware setup. Maintaining the computers hardware stability, resource management and delivery, hardware error reporting.
Within each of these hives are multiple ‘Keys’ and ‘Subkeys’, which hold the critical informational settings for Windows configuration. Then, ultimately inside each key are ‘Values’ which contain the code to deliver operability to the windows operating system in pre-defined ways.
The values come in various types;
String value … The most simple registry value to understand and therefore to edit. In plain text and number format. Appears as REG_Z.
Binary value ... Another simple registry value this time in binary format, i.e. 1’s and 0’s. Appears as REG_BINARY.
DWORD value 32 bit … Values represented as a number. Often used to toggle ‘on’ and ‘off’ a specific option. Most common numbers used are ‘1’ and ‘0’ but others deliver the same operability. Appears as REG_DWORD.
QWORD value 64 bit … Similar to the DWORD value but holding larger values. Generally for the more advanced registry editor. Appears as REG_QWORD.
Multi string value … Contains several strings in number and plain text format. Generally for the more advanced registry editor. Appears as REG_MULTI_SZ.
Expandable string value … Holds information pertaining to the location of files. Almost exclusively for advanced registry editors. Enables windows to navigate and deliver corresponding data. Appears as REG_EXPAND_SZ.
So now we know how the Windows Registry is built up. In the next part we take a closer look at editing the registry for our own specific needs.