swatkat
Technomancer
What is Registry?
The Registry is a collection of all the settings for Windows and installed Applications.
Regisrty behaves like a Central Database for all things like, Softwares, Device Drivers, File Types etc.
Registry can be compared to an Attendance Register of Schools/Colleges, as Attendance Register has names of all students, Registry has entries in it about all the softwares, devices, file types supported etc.
Why Registry is used by Windows?
Whenever an application is started by an user, Windows looks up to Registry to gather more information about the application. Like what type of application is it, what type of Files or Documents it can create or is it a Multimedia application, which may require additional support in the form of Plug-ins, like that
These are refered to as Configuration Settings of the Application.
In older versions of Windows (like 3.1), Registry was not present, and each Application or Device had text based .ini file, known as Configuration file. This .ini file contained all information about the Application/Device. So, whenever an user starts an Application, Windows referes to corresponding .ini file and takes action accordingly.
For example, let's take the configuration file of Opear Web Browser (Opera.ini file). Below only a part of the full file is shown :-
From this, we can easily detect some of the Settings or Configurations to be applied when an User starts Opera.
Let's start from the beginning, Whenever Opera is started, main program looks up to this .ini file to know that, Default Download Directory is "My Documents", History File is "Opera.dir" in the specified path, and it also learns that "Wand" is Disabled ( Set to 0 ), Home Page is "Blank Page" and "Special Effects" are Enabled. So it starts Opera Browser with these Settings.
Although, this .ini file way of storing Configuration Settings looks easy, it does not provide a centralised place for storing information of ALL the softwares and devices, since each softwares and devices had it's own .ini file.This added further difficulty of missing/changed ini files resulting in errors.
That's why Registry was introduced, to act as a Centralised Configuration Holder.Registry was introduced from Win95 onwards.
The .ini files are not completely eleminated, but they are highly reduced in number due to the presence of Registry.
Structure of Registry:-
Registry can be viewed/edited by running regedit.exe or regedt32.exe ( for XP ) in Run dialog box.
The Registry has a hierarchal ( Tree structure ) structure, like the directories in a Computer.Regisrtry mainly contains Branches, these are the ones you will see on the Left Pane when you open Registry Editor.
Each Branch is called a Key, these are denoted by a Folder like icon.
Each Key can contain other Key ( often called as Sub Keys ) within it or it can contain some other information called Values.
Values are the information represented on the Right Pane of the Registry Editor.
Values can be basically of three types ( These can be called as Data Types ):-
1]String
2]Binary (8 bits)
3]DWORD (Double Word, Word means 16 bits, so DWORD is 32 bits)
String is analogous to the "Path of a Program" stored in .ini file as shown above. And String Data Type is used to store Textual information like Paths, Software Names, Device Names, User Names etc.
Binary is analogous to the 1 or 0 used to specify Enable or Disable options stored in .ini file. Binary Data Type is generally used to specify/store "Enable/Disable" or "True/False" like information by maing use of 0 and 1.This Data Type is also used to store Device Ids, Product Version, Passwords in Encrypted forms etc. Binary Data Types are displayed in HexaDecimal Format in Registry Editor.
DWORD is 32 bit binary data used to specify some Device driver parameters or Services.These are also displayed in HexaDecimal Format in Registry Editor.
But these Data Types (Values) are not only limited to storing Path or Enable/Disable options, they are used to store much more info, like Status of Harwdares, Product Versions, Product Ids, Serial Keys etc, Passwords ( in some cases only in encrypted form ) etc.
Now let's see main Branches of Registry one by one.
Branches:-
In Registry, Mainly 6 Branches (5 in Windows 2000 and above) are there in default.These are the branches you will see in the Left Pane when you open Registry Editor.
They are:-
HKEY_CLASSES_ROOT - This branch contains all of the File types supported by Windows and by installed Applications.This section has info such as, "Which Application is used to open a file type" and "Where the is Application located" and "What type of Icon is to be used to represnt the File with the corresponding File Type" etc.
For Example, It contains a Key named txtfile, when you expand this Key, it will have furthur Sub Keys namely DefaultIcon and Shell inside which another Key Open exists, within that Command Key exists.
When you click on DefaultIcon Key, it shows a Value on the Right Pane, This Value is of String Data Type, and this stores the Path of Icon file to be used.
When you click on the Command Key, it shows a Value on the Right Pane, which is of String Data Type, and this stores the Path of the Application i.e NotePad which is used to open the file.
So, Windows knows about the different File Types present in the System, Icons for different File Types to be used and also the Programs for different File Types.The information stored here makes sure that the correct program opens when you open a file by using Windows Explorer.
This Branch is abbreviated as HKCR.
HKEY_CURRENT_USER - This branch is like a subset of another Branch named HKEY_USERS. This branch points to the part of HKEY_USERS appropriate for the current user.
As the name says, it contains the Configuration Information of the User currently Logged on.
For example, it contains Folder Options used, Screen colour settings, Control Panel Settings customised by the User.
This Branch is generally abbreviated as HKCU.
HKEY_LOCAL_MACHINE - This branch contains information about all of the hardware and software installed on Computer.This Branch is abbreviated as HKLM.
This is one of the important part of the Registry. This part contains important Sub Keys like Config, Hardware, Software etc.
Config Key contains further Sub Keys and Values which determines Display Settings (like Resolution, Colour Mode etc), Fonts used etc.
Hardware Key contains furthur Sub Keys and Values which stores information about Processor, Adapters (like Network Adapter, ISA Adapter etc) used in the System and COM ports present in the System.
SoftwareKey is one of the main branch of the HKLM. This contains entries of ALL Softwares, Device Drivers installed in the System.This Software has numerous Sub Keys and Values of different Softwares. Here you can find info about every Softwares installed in your System (this is similar to .ini file), like Default folder of the Software, Version Number, Serial Key (Yes!!, in some cases), Default Languages, Passwords and you name it, it's here. You have to see it to believe it!
This is the main part which replaces the .ini files.
So, you can find your Windows 98 Serial Key (in case, if you forget it), by navigating to this Key.
HKEY_LOCAL_MACHINE > Software > Microsoft > Windows > CurrentVersion.
Click on CurrentVersion key, and in Right Side Pane, look for a Value named ProductKey, that is your Serial Number.(I have not checked this in WinXP).Here, you can change the default location of "Program Files"or "My Documents" too!
HKEY_USERS - This Branch contains certain preferences (such as colours and Control Panel settings) for all of the users of the computer.This is like a Super Set of HKEY_CURRENT_USER, because it has Settings of all the users.
This Branch is generally abbreviated as HKU.
HKEY_CURRENT_CONFIG - This branch is like a Sub set of HKEY_LOCAL_MACHINE > Config Key. Because it contains Hardware Information or Configuration of only Current User (the User who is currently logged on), whereas Config Key in HKLM contains Settings of All Users.
HKEY_DYN_DATA (Windows 95/98/ME only) - This branch points to a branch in HKEY_LOCAL_MACHINE, which contains information about Plug 'n' Play Hardwares.
This is termed as Dynamic because, Hardware configurations can change since the Hardware is Plu 'n' Play type ( that is, Hardware can be removed/changed/added ).
This branch contains many Sub Keys, which in turn contain Values. Most of these Values are of Binary or DWORD Data Type, and these are shown in Hexadecimal System. Hence understanding what these Values mean, is difficult.
How the entries are added/removed to Registry?
Whenever any Software is installed or Device Drivers for a Hardware are installed, these softwares make entries to the Registry by themselves.
Also, theoritically whenever any Software is Uninstalled, it should remove the Registry Entries made by it completely. But many softwares fail to do so, and leave some junk info in Registry. This is where Registry Cleaners come into picture.
These Registry Cleaners search the Registry for Obelete/Junk entries which like Path Names which point to an Application which is already Uninstalled, or to a File which is already Deleted.
Popular Registry Cleaners are RegCleaner, RegSupreme, System Mechanic etc.
Where is the Registry in my System?
Registry, in it's hierarchal structure, is itself a File. This is stored as User.dat and System.dat in Win9X/ME Systems. In Win2000 and above, Registry is split and each main Branch has it's own .DAT (like ntuser.dat, system.dat ) File situated in different Folders.
.....i am ending this here, for now...hope this info helps....
The Registry is a collection of all the settings for Windows and installed Applications.
Regisrty behaves like a Central Database for all things like, Softwares, Device Drivers, File Types etc.
Registry can be compared to an Attendance Register of Schools/Colleges, as Attendance Register has names of all students, Registry has entries in it about all the softwares, devices, file types supported etc.
Why Registry is used by Windows?
Whenever an application is started by an user, Windows looks up to Registry to gather more information about the application. Like what type of application is it, what type of Files or Documents it can create or is it a Multimedia application, which may require additional support in the form of Plug-ins, like that
These are refered to as Configuration Settings of the Application.
In older versions of Windows (like 3.1), Registry was not present, and each Application or Device had text based .ini file, known as Configuration file. This .ini file contained all information about the Application/Device. So, whenever an user starts an Application, Windows referes to corresponding .ini file and takes action accordingly.
For example, let's take the configuration file of Opear Web Browser (Opera.ini file). Below only a part of the full file is shown :-
Code:
Download Directory=C:\My Documents
Direct History File=C:\PROGRAM FILES\OPERA\profile\opera.dir
Enable Wand=0
Home URL=
Special effects=1From this, we can easily detect some of the Settings or Configurations to be applied when an User starts Opera.
Let's start from the beginning, Whenever Opera is started, main program looks up to this .ini file to know that, Default Download Directory is "My Documents", History File is "Opera.dir" in the specified path, and it also learns that "Wand" is Disabled ( Set to 0 ), Home Page is "Blank Page" and "Special Effects" are Enabled. So it starts Opera Browser with these Settings.
Although, this .ini file way of storing Configuration Settings looks easy, it does not provide a centralised place for storing information of ALL the softwares and devices, since each softwares and devices had it's own .ini file.This added further difficulty of missing/changed ini files resulting in errors.
That's why Registry was introduced, to act as a Centralised Configuration Holder.Registry was introduced from Win95 onwards.
The .ini files are not completely eleminated, but they are highly reduced in number due to the presence of Registry.
Structure of Registry:-
Registry can be viewed/edited by running regedit.exe or regedt32.exe ( for XP ) in Run dialog box.
The Registry has a hierarchal ( Tree structure ) structure, like the directories in a Computer.Regisrtry mainly contains Branches, these are the ones you will see on the Left Pane when you open Registry Editor.
Each Branch is called a Key, these are denoted by a Folder like icon.
Each Key can contain other Key ( often called as Sub Keys ) within it or it can contain some other information called Values.
Values are the information represented on the Right Pane of the Registry Editor.
Values can be basically of three types ( These can be called as Data Types ):-
1]String
2]Binary (8 bits)
3]DWORD (Double Word, Word means 16 bits, so DWORD is 32 bits)
String is analogous to the "Path of a Program" stored in .ini file as shown above. And String Data Type is used to store Textual information like Paths, Software Names, Device Names, User Names etc.
Binary is analogous to the 1 or 0 used to specify Enable or Disable options stored in .ini file. Binary Data Type is generally used to specify/store "Enable/Disable" or "True/False" like information by maing use of 0 and 1.This Data Type is also used to store Device Ids, Product Version, Passwords in Encrypted forms etc. Binary Data Types are displayed in HexaDecimal Format in Registry Editor.
DWORD is 32 bit binary data used to specify some Device driver parameters or Services.These are also displayed in HexaDecimal Format in Registry Editor.
But these Data Types (Values) are not only limited to storing Path or Enable/Disable options, they are used to store much more info, like Status of Harwdares, Product Versions, Product Ids, Serial Keys etc, Passwords ( in some cases only in encrypted form ) etc.
Now let's see main Branches of Registry one by one.
Branches:-
In Registry, Mainly 6 Branches (5 in Windows 2000 and above) are there in default.These are the branches you will see in the Left Pane when you open Registry Editor.
They are:-
HKEY_CLASSES_ROOT - This branch contains all of the File types supported by Windows and by installed Applications.This section has info such as, "Which Application is used to open a file type" and "Where the is Application located" and "What type of Icon is to be used to represnt the File with the corresponding File Type" etc.
For Example, It contains a Key named txtfile, when you expand this Key, it will have furthur Sub Keys namely DefaultIcon and Shell inside which another Key Open exists, within that Command Key exists.
When you click on DefaultIcon Key, it shows a Value on the Right Pane, This Value is of String Data Type, and this stores the Path of Icon file to be used.
When you click on the Command Key, it shows a Value on the Right Pane, which is of String Data Type, and this stores the Path of the Application i.e NotePad which is used to open the file.
So, Windows knows about the different File Types present in the System, Icons for different File Types to be used and also the Programs for different File Types.The information stored here makes sure that the correct program opens when you open a file by using Windows Explorer.
This Branch is abbreviated as HKCR.
HKEY_CURRENT_USER - This branch is like a subset of another Branch named HKEY_USERS. This branch points to the part of HKEY_USERS appropriate for the current user.
As the name says, it contains the Configuration Information of the User currently Logged on.
For example, it contains Folder Options used, Screen colour settings, Control Panel Settings customised by the User.
This Branch is generally abbreviated as HKCU.
HKEY_LOCAL_MACHINE - This branch contains information about all of the hardware and software installed on Computer.This Branch is abbreviated as HKLM.
This is one of the important part of the Registry. This part contains important Sub Keys like Config, Hardware, Software etc.
Config Key contains further Sub Keys and Values which determines Display Settings (like Resolution, Colour Mode etc), Fonts used etc.
Hardware Key contains furthur Sub Keys and Values which stores information about Processor, Adapters (like Network Adapter, ISA Adapter etc) used in the System and COM ports present in the System.
SoftwareKey is one of the main branch of the HKLM. This contains entries of ALL Softwares, Device Drivers installed in the System.This Software has numerous Sub Keys and Values of different Softwares. Here you can find info about every Softwares installed in your System (this is similar to .ini file), like Default folder of the Software, Version Number, Serial Key (Yes!!, in some cases), Default Languages, Passwords and you name it, it's here. You have to see it to believe it!
This is the main part which replaces the .ini files.
So, you can find your Windows 98 Serial Key (in case, if you forget it), by navigating to this Key.
HKEY_LOCAL_MACHINE > Software > Microsoft > Windows > CurrentVersion.
Click on CurrentVersion key, and in Right Side Pane, look for a Value named ProductKey, that is your Serial Number.(I have not checked this in WinXP).Here, you can change the default location of "Program Files"or "My Documents" too!
HKEY_USERS - This Branch contains certain preferences (such as colours and Control Panel settings) for all of the users of the computer.This is like a Super Set of HKEY_CURRENT_USER, because it has Settings of all the users.
This Branch is generally abbreviated as HKU.
HKEY_CURRENT_CONFIG - This branch is like a Sub set of HKEY_LOCAL_MACHINE > Config Key. Because it contains Hardware Information or Configuration of only Current User (the User who is currently logged on), whereas Config Key in HKLM contains Settings of All Users.
HKEY_DYN_DATA (Windows 95/98/ME only) - This branch points to a branch in HKEY_LOCAL_MACHINE, which contains information about Plug 'n' Play Hardwares.
This is termed as Dynamic because, Hardware configurations can change since the Hardware is Plu 'n' Play type ( that is, Hardware can be removed/changed/added ).
This branch contains many Sub Keys, which in turn contain Values. Most of these Values are of Binary or DWORD Data Type, and these are shown in Hexadecimal System. Hence understanding what these Values mean, is difficult.
How the entries are added/removed to Registry?
Whenever any Software is installed or Device Drivers for a Hardware are installed, these softwares make entries to the Registry by themselves.
Also, theoritically whenever any Software is Uninstalled, it should remove the Registry Entries made by it completely. But many softwares fail to do so, and leave some junk info in Registry. This is where Registry Cleaners come into picture.
These Registry Cleaners search the Registry for Obelete/Junk entries which like Path Names which point to an Application which is already Uninstalled, or to a File which is already Deleted.
Popular Registry Cleaners are RegCleaner, RegSupreme, System Mechanic etc.
Where is the Registry in my System?
Registry, in it's hierarchal structure, is itself a File. This is stored as User.dat and System.dat in Win9X/ME Systems. In Win2000 and above, Registry is split and each main Branch has it's own .DAT (like ntuser.dat, system.dat ) File situated in different Folders.
.....i am ending this here, for now...hope this info helps....
