What is Windows Registry
The Windows Registry or Registry is a hierarchical database that contains information, settings, and options about all of the software and hardware installed on the Windows Operating System. It contains information about various users that are created for the system, and the programs and Windows preferences of those users. It also keeps the settings about how Windows behaves.
Windows Registry is the place where most of the new Windows users start their Windows Customization career.
There are five Registry Hives in Windows. A Registry Hive is the first level of Registry Key in Windows Registry. It contains other Registry keys and subkeys. A Registry Hive, unlike Registry keys present within it, cannot be created, deleted or modified. The subkey structure within a Hive is called a tree. A Registry Tree can be 512 levels deep.
- HKEY_CLASSES_ROOT – It contains information about file extensions that is used by the programs installed on the system for the purpose of file associations, and other things. Because of the settings stored in this Hive, Windows recognises which file type to play with which software.
- HKEY_CURRENT_USER – It contains settings only about the currently logged-in user. Each time a user logs into the computer, his profile is loaded in this Hive from the HKEY_USERS Hive, which has profiles/keys for all of the users created on the system.
- HKEY_LOCAL_MACHINE – It also contains all kinds of Hardware and Software related information about the system. It contains settings that are general to all of the users created on the system.
- HKEY_USERS – It contains information about and preferences of all of the users that log on to the system. It has one key for each user created on the system.
- HKEY_CURRENT_CONFIG – It contains all information about the Hardware currently in use.
Analogy of Window File System for Windows Registry
- If you look closely at the Registry structure, you will find it share a resemblance with the Windows file system. The first entry in the Registry Editor titled Computer, which can used to collage or expand the Registry Hives, is like your computer Hard Disk.
- The five Registry Hives under Computer act as Disk Partitions within a Hard Disk. Five Hives contain other Registry keys, subkeys, and values, just like Disk Partitions contain multiple folders and files within them.
- The Registry Keys under Registry Hives, represented with folder icon, act like folders that can contain zero or more files.
- Each key can have multiple subkeys, just like folders within folders.
- The properties of Registry keys and subkeys are displayed on the right pane of the Registry Editor.
Keys and Values
Like previously mentioned, Registry Keys are like folders. They can contain other Keys called Subkeys; or they can contain Values, just like folders contain files. Values are like files stored in a folder. You can edit properties of Values to alter their default behaviour. You can create new keys, delete old keys, rename and modify values of existing keys to tweak Windows.
The Value field contain information such as the location of a program, version of a program, file associations, values assigned to various Windows settings, etc.
So, A Hive contains a tree of Keys, these Keys contain a list of Values, and each Value has following three properties – Name, Type, and Data.
Registry Terminology Example
Hive – Computer\HKEY_CURRENT_USER\Control Panel\Desktop
Key – Computer\HKEY_CURRENT_USER\Control Panel\Desktop
Subkey – Computer\HKEY_CURRENT_USER\Control Panel\Desktop
Value Name – MenuShowDelay
Value Type – REG_SZ
Value Data – 400
Registry Data Types
The most used five Registry Data Types are:
- REG_SZ – It contains human readable text values.
- REG_BINARY – It stores the data in raw binary form – either On or Off (0 or 1); most of the hardware related information is stored in binary format, which can be displayed in Hexadecimal format in Registry editors.
- REG_DWORD – Similar to BINARY, but can store 32-bit values.
- REG_MULTI_SZ – Similar to SZ, but can be used to store values that contain lists or multiple values.
Other seven types of Registry Data Types are:
- REG_EXPAND_SZ – An expandable data string that contains a variable that can be replaced when called by an application. For example, %SYSTEMROOT% is replaced by the actual location of Windows Root.
- REG_NONE – No value is defined in this type.
- REG_LINK – It contains a Unicode symbolic link.
- REG_RESOURCE_LIST – It stores the device-driver resource list.
- REG_QWORD – Similar to DWORD, stores 64-bit values.
- REG_QWORD_LITTLE_ENDIAN – It stores a 64-bit number in little-endian format.
- REG_DWORD_LITTLE_ENDIAN – It stores 32-bit number in little-endian format.
- REG_DWORD_BIG_ENDIAN – It stores a 32-bit number in big-endian format.
Registry Value Types
The Windows Registry Editor lets you create these six types of entries within a Registry Key:
- String Value – It creates a REG_SZ data type key.
- Binary Value – It creates a REG_BINARY data key.
- DWORD Value – It creates a REG_DWORD data key.
- QWORD Value – It creates a REG_QWORD data key.
- Multi-String Value – It creates a REG_MULTI_SZ data key.
- Expandable String Value – It creates a REG_EXPAND_SZ data key.