What is Registry?
The Registry is a collection of
all the settings for Windows and installed Applications.
Regisrty behaves like a Central Database for all
things like, Softwares, Device Drivers, File Types etc.
Registry can be compared to an
Attendance Register of Schools/Colleges, as Attendance Register has names of all students, Registry has entries in it about all the softwares, devices, file types supported etc.
Why Registry is used by Windows?
Whenever an application is started by an user, Windows looks up to Registry to gather more information about the application. Like what type of application is it, what type of Files or Documents it can create or is it a Multimedia application, which may require additional support in the form of Plug-ins, like that
These are refered to as Configuration Settings of the Application.
In older versions of Windows (like 3.1), Registry was not present, and each Application or Device had text based
.ini file, known as Configuration file. This .ini file contained all information about the Application/Device. So, whenever an user starts an Application, Windows referes to corresponding .ini file and takes action accordingly.
For example, let's take the configuration file of Opear Web Browser (Opera.ini file). Below only a part of the full file is shown :-
Code:
Download Directory=C:\My Documents
Direct History File=C:\PROGRAM FILES\OPERA\profile\opera.dir
Enable Wand=0
Home URL=
Special effects=1
From this, we can easily detect some of the Settings or Configurations to be
applied when an User starts Opera.
Let's start from the beginning, Whenever Opera is started, main program looks up to this .ini file to know that, Default Download Directory is "My Documents", History File is "Opera.dir" in the specified path, and it also learns that "Wand" is Disabled ( Set to 0 ), Home Page is "Blank Page" and "Special Effects" are Enabled. So it starts Opera Browser with these Settings.
Although, this .ini file
way of storing Configuration Settings looks easy, it does not provide a centralised place for storing information of ALL the softwares and devices, since each softwares and devices had it's own .ini file.This added further difficulty of missing/changed ini files resulting in errors.
That's why Registry was introduced, to act as a Centralised Configuration Holder.Registry was introduced from Win95 onwards.
The .ini files are not completely eleminated, but they are highly reduced in number due to the presence of Registry.
Structure of Registry:-
Registry can be viewed/edited by running
regedit.exe or
regedt32.exe ( for XP ) in Run dialog box.
The Registry has a hierarchal ( Tree structure ) structure, like the directories in a Computer.Regisrtry mainly contains
Branches, these are the ones you will see on the Left Pane when you open Registry Editor.
Each
Branch is called a
Key, these are denoted by a
Folder like icon.
Each
Key can contain other
Key ( often called as Sub Keys ) within it or it can contain some other information called
Values.
Values are the information represented on the Right Pane of the Registry Editor.
Values can be basically of three types ( These can be called as
Data Types ):-
1]String
2]Binary (8 bits)
3]DWORD (Double Word, Word means 16 bits, so DWORD is 32 bits)
String is analogous to the "Path of a Program" stored in .ini file as shown above. And
String Data Type is used to store Textual information like Paths, Software Names, Device Names, User Names etc.
Binary is analogous to the 1 or 0 used to specify Enable or Disable options stored in .ini file.
Binary Data Type is generally used to specify/store "Enable/Disable" or "True/False" like information by maing use of 0 and 1.This Data Type is also used to store Device Ids, Product Version, Passwords in Encrypted forms etc.
Binary Data Types are displayed in HexaDecimal Format in Registry Editor.
DWORD is 32 bit binary data used to specify some Device driver parameters or Services.These are also displayed in HexaDecimal Format in Registry Editor.
But these
Data Types (
Values) are not only limited to storing Path or Enable/Disable options, they are used to store much more info, like Status of Harwdares, Product Versions, Product Ids, Serial Keys etc, Passwords ( in some cases only in encrypted form ) etc.
Now let's see main Branches of Registry one by one.
Branches:-
In Registry, Mainly 6 Branches (5 in Windows 2000 and above) are there in default.These are the branches you will see in the Left Pane when you open Registry Editor.
They are:-
HKEY_CLASSES_ROOT - This branch contains all of the File types supported by Windows and by installed Applications.This section has info such as, "Which Application is used to open a file type" and "Where the is Application located" and "What type of Icon is to be used to represnt the File with the corresponding File Type" etc.
For Example, It contains a Key named
txtfile, when you expand this Key, it will have furthur Sub Keys namely
DefaultIcon and
Shell inside which another Key
Open exists, within that
Command Key exists.
When you click on
DefaultIcon Key, it shows a
Value on the Right Pane, This Value is of
String Data Type, and this stores the Path of Icon file to be used.
When you click on the
Command Key, it shows a
Value on the Right Pane, which is of
String Data Type, and this stores the Path of the Application i.e NotePad which is used to open the file.
So, Windows knows about the different File Types present in the System, Icons for different File Types to be used and also the Programs for different File Types.
The information stored here makes sure that the correct program opens when you open a file by using Windows Explorer.
This Branch is abbreviated as HKCR.
HKEY_CURRENT_USER - This branch is like a subset of another Branch named HKEY_USERS. This branch points to the part of HKEY_USERS
appropriate for the current user.
As the name says, it contains the Configuration Information of the User currently Logged on.
For example, it contains Folder Options used, Screen colour settings, Control Panel Settings customised by the User.
This Branch is generally abbreviated as HKCU.
HKEY_LOCAL_MACHINE - This branch contains information about all of the hardware and software installed on Computer.This Branch is abbreviated as HKLM.
This is one of the important part of the Registry. This part contains important Sub Keys like
Config,
Hardware,
Software etc.
Config Key contains further Sub Keys and Values which determines Display Settings (like Resolution, Colour Mode etc), Fonts used etc.
Hardware Key contains furthur Sub Keys and Values which stores information about
Processor,
Adapters (like Network Adapter, ISA Adapter etc) used in the System and COM ports present in the System.
SoftwareKey is one of the main branch of the HKLM. This contains entries of ALL Softwares, Device Drivers installed in the System.This
Software has
numerous Sub Keys and Values of different Softwares. Here you can find info about every Softwares installed in your System (this is similar to .ini file), like Default folder of the Software, Version Number, Serial Key (Yes!!, in some cases), Default Languages, Passwords and you name it, it's here.
You have to see it to believe it!
This is the main part which replaces the .ini files.
So, you can find your
Windows 98 Serial Key (in case, if you forget it), by navigating to this Key.
HKEY_LOCAL_MACHINE > Software > Microsoft > Windows > CurrentVersion.
Click on CurrentVersion key, and in Right Side Pane, look for a
Value named
ProductKey, that is your Serial Number.(I have not checked this in WinXP).Here, you can change the default location of "Program Files"or "My Documents" too!
HKEY_USERS - This Branch contains certain preferences (such as colours and Control Panel settings) for
all of the users of the computer.This is like a Super Set of HKEY_CURRENT_USER, because it has Settings of all the users.
This Branch is generally abbreviated as HKU.
HKEY_CURRENT_CONFIG - This branch is like a Sub set of
HKEY_LOCAL_MACHINE > Config Key. Because it contains Hardware Information or Configuration of only
Current User (the User who is currently logged on), whereas
Config Key in HKLM contains Settings of All Users.
HKEY_DYN_DATA (Windows 95/98/ME only) - This branch points to a branch in HKEY_LOCAL_MACHINE, which contains information about Plug 'n' Play Hardwares.
This is termed as Dynamic because, Hardware configurations can change since the Hardware is Plu 'n' Play type ( that is, Hardware can be removed/changed/added ).
This branch contains many Sub Keys, which in turn contain Values. Most of these Values are of
Binary or DWORD Data Type, and these are shown in Hexadecimal System. Hence understanding what these Values mean, is difficult.
How the entries are added/removed to Registry?
Whenever any Software is installed or Device Drivers for a Hardware are installed, these softwares make entries to the Registry by themselves.
Also, theoritically whenever any Software is Uninstalled, it should remove the Registry Entries made by it completely. But many softwares fail to do so, and leave some junk info in Registry. This is where Registry Cleaners come into picture.
These Registry Cleaners search the Registry for Obelete/Junk entries which like Path Names which point to an Application which is already Uninstalled, or to a File which is already Deleted.
Popular Registry Cleaners are RegCleaner, RegSupreme, System Mechanic etc.
Where is the Registry in my System?
Registry, in it's hierarchal structure, is itself a File. This is stored as User.dat and System.dat in Win9X/ME Systems. In Win2000 and above, Registry is split and each main Branch has it's own .DAT (like ntuser.dat, system.dat ) File situated in different Folders.
.....i am ending this here, for now...hope this info helps....
An Unofficial Guide To Windows Registry!!!!
Linear Mode
