7/25/2019 8793443 Registry Disassembled a Basic Tutorial
1/3
Registry Disassembled a basic tutorial
The registry is a hierarchical database that contains virtually
all informationabout your computer's configuration. Under previous
version of Windows, thosesetting where contained in files like
config.sys, autoeec.bat, win.ini,system.ini, control.ini and so on.
!rom this you can understand how important the
registry is. The structure of the registry is similar to the ini
files structure,but it goes beyond the concept of ini files because
it offers a hierarchicalstructure, similar to the folders and files
on hard disk. "n fact the procedure toget to the elements of the
registry is similar to the way to get to folders andfiles."n this
section " would be eaming the Win#$%#& registry only although T
is (uitesimilar.
The Registry )ditorThe Registry )ditor is a utility by the
filename regedit.ee that allows you tosee, search, modify and save
the registry database of Windows. The Registry )ditordoesn't
validate the values you are writing* it allows any operation. +o
you haveto pay close attention, because no error message will be
shown if you make a wrong
operation.To launch the Registry )ditor simply run Reg)dit.ee
under WinT runReg)dt-.ee with administer privileges/.The registry
editor is divided into two sectios in the left one there is
ahierarchical structure of the database the screen looks like
Windows )plorer/ inthe right one there are the values.
The registry is organi0ed into keys and subkeys. )ach key
contains a value entry ,each one has a name, a type or a class and
the value itself. The name is a stringthat identifies the value to
the key. The length and the format of the value isdependent on the
data type.
1s you can see with the Registry )ditor, the registry is divided
into five
principal keys* there is no way to add or delete keys at this
level. 2nly two ofthese keys are effectively saved on hard disk*
34)567281769183") and 34)56U+)R+.The others are :usr branches of
the main keys or are dynamically created byWindows.
34)567281769183")This key contains any hardware, applications
and services information. +everalhardware information is updated
automatically while the computer is booting. Thedata stored in this
key is shared with any user. This handle has many subkeys*
8onfig8ontains configuration data for different hardware
configurations.)num
This is the device data. !or each device in your computer, you
can findinformation such as the device type, the hardware
manufacturer, device drivers andthe configuration.3ardwareThis key
contains a list of serial ports, processors and floating
pointprocessors.etwork8ontains network information.+ecurity+hows
you network security information.+oftware
7/25/2019 8793443 Registry Disassembled a Basic Tutorial
2/3
This key contains data about installed software.+ystem"t
contains data that checks which device drivers are used by Windows
and how theyare configured.
34)56871++)+6R22TThis key is an alias of the branch
34)567281769183")%+oftware%8lasses andcontains 27), drag'n'drop,
shortcut and file association information.
34)568URR)T682!";This key is also an alias. "t contains a copy
of the branch34)567281769183")%8onfig, with the current computer
configuration.
34)56D56D1T1+ome information stored in the registry changes
fre(uently, so Windows maintainspart of the registry in memory
instead of on the hard disk. !or eample it stores
