Back to Win. XP Registry info. | Back to Bill's Links and More
 

The Windows XP registry is the brain of the computer. Almost everything your computer does is stored in the Registry. This page was designed to give you a basic overview of what the registry is and how it works. This data is presented for informational purposes only. For more detailed information, use your favorite search engine.


The Windows XP registry structure


Windows XP stores data as an atomic structure. The registry is subdivided into components called hives. Registry hives are discrete bodies of keys, subkeys and values rooted at the top level of the registry hierarchy. Registry hives are constant registry components. Hives aren’t created dynamically when the system boots, and aren’t deleted when the system is shut down.

Registry hive data is stored in disk files, stored in the %SystemRoot%\System32\Config (the default on most systems is C:\System32\Config) and %SystemRoot%\Profiles\Username folders.

The registry contains keys. Registry keys can contain subkeys and values. The values contain data. The top level keys are called root keys. The following keys are the root keys:

HKEY_CLASSES_ROOT (HKCR)

HKEY_CURRENT_USER (HKCU)

HKEY_LOCAL_MACHINE (HKLM)

HKEY_USERS (HKU)

HKEY_CURRENT_CONFIG (HKCC)

Some earlier versions of Windows contained an additional root key: HKEY-DYN-DATA (HKDD) – this key contained information that needed continuous updating.

Registry data are parameters that are stored within registry keys. Each parameter has its name, data type and value.

HKEY_CLASSES_ROOT (HKCR) contains information regarding filename association, OLE (Object Linking and Embedding) information associated with COM objects, and file-class associations. It works in conjunction with the HKEY_LOCAL_MACHINE\Software\Classes key.

HKEY_CURRENT_USER (HKCU) contains the user profile of the user who’s currently logged into the system, including environmental variable, desktop settings, network settings and application settings. This key is a reference to the HKEY_USERS\user_SID key (the security ID of the user who’s currently logged on to the computer).

HKEY_LOCAL_MACHINE (HKLM) contains global hardware information and operating system data, including bus type, system memory, device drivers, and other information used during system boot process. It applies to all users who log into the computer. This key works in conjunction with the HKEY_CLASSES_ROOT, HKEY_CURRENT_CONFIG and HKEY_DYN_DATA keys.

HKEY-USERS (HKU) contains active user profiles, including HKEY_CURRENT_USER and default user profiles. Users who access a server through a network don’t have profiles under this key since their profiles are loaded remotely on their workstations. This key also contains other subkeys associated to the Security IDs assigned to users.

HKEY_CURRENT_CONFIG (HKCC) contains configuration data of the current hardware profile. Hardware profiles are sets of modifications introduced into the standard configuration of services and devices set by the Software and System subkeys of the HKEY_LOCAL_MACHINE root key. The HKCC root key only contains changed data. Data contained in this key is also contained in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\HardwareProfiles\Current key.

Note that there are no spaces in any subkeys of the windows registry. This is important when you go to modify the registry.


Registry Data Types


Below is a partial list (there are several more not listed since they're not as relevant) of Registry Data Types and a brief explanation of what they are;

REG_BINARY – Binary data. This data is used by most hardware components. Registry editors display this information in hex (hexadecimal) format.

REG_DWORD – This data is represented as a 4-bye binary value (double word). Most services and device drivers us this data type. Registry editors display this data using binary, hex, or decimal formats.

REG_EXPAND_SZ – Expendable data string. It contains a variable name which can be substituted by a variable value when called on by an application.

REG_MULTI_SZ – Multi string field. Usually all values that actually represent lists of text strings have this data type. A NULL character is used as a separator.

REG_SZ – Text string is user-friendly format. Usually this data type is used for component descriptions.

REG_DWORD_LITTLE_ENDIAN – 32 bit number is little-endian format. Equivalent of the REG_DWORD data type. When using the little-endian format, the lowest bit (little end) appears first when representing the value. For example, the A02Bh hex value will be represented as 2BA0. This format is used by Intel processors.

REG_DWORD_BIG_ENDIAN – 32 bit number in big-endian format. The highest bit (big end) appears first when representing the value.

REG_LINK – Unicode symbolic link. This data type is intended for internal use only by the registry.

REG_NONE – No defined data type.

REG_QWORD – 64 bit value

REG_QWORD_LITTLE_ENDIAN – 64 bit value represented using little-endian notation. Equivalent to the REG_QWORD data type.

REG_RESOURCE_LIST – List of hardware resources, used in the HKEY_LOCAL_MACHINE\HARDWARE key.

REG_FULL_RESOURCE_DESCRIPTOR – Hardware resource handle, used in the HKEY_LOCAL_MACHINE\HARDWARE key.

REG_RESOURCE_REQUIREMENTS_LIST – List of hardware resources, used in the HKEY_LOCAL_MACHINE\HARDWARE key.