Windows Registry, An introduction.
What is Registry?
Registry is a collection of all the settings for Windows and installed Applications.
Registry behaves like a Central Database for all things like, Software, Device Drivers, and File Types etc. Registry can be compared to an Attendance Register of Schools/Colleges, as Attendance Register has names of all students; Registry has entries in it about all the software, devices, file types supported etc.
Why Registry is used by Windows?
Whenever an application is started by a user, Windows looks up to Registry to gather more information about the application, like what type of application is it, what type of Files or Documents it can create or is it a Multimedia application, which may require additional support in the form of Plug-ins, like that
These are referred to as Configuration Settings of the Application.
In older versions of Windows (like 3.1), Registry was not present, and each Application or Device had text based .ini file, known as Configuration file. This .ini file contained all information about the Application/Device. So, whenever a user starts an Application, Windows refers to corresponding .ini file and takes action accordingly.
For example, let's take the configuration file of Opera Web Browser (Opera.ini file). Below only a part of the full file is shown:-
Download Directory=C:\My Documents
Direct History File=C:\PROGRAM FILES\OPERA\profile\opera.dir
From this, we can easily detect some of the Settings or Configurations to be applied when a user starts Opera.
Let's start from the beginning, Whenever Opera is started, main program looks up to this .ini file to know that, Default Download Directory is "My Documents", History File is "Opera.dir" in the specified path, and it also learns that "Wand" is Disabled ( Set to 0 ), Home Page is "Blank Page" and "Special Effects" are Enabled. So it starts Opera Browser with these Settings.
Although, this .ini file way of storing Configuration Settings looks easy, it does not provide a centralized place for storing information of ALL the software and devices, since each of the software and device had its own .ini file. This added further difficulty of missing/changed ini files resulting in errors.
That's why Registry was introduced, to act as a centralized configuration holder. Registry was introduced from Win95 onwards.
The .ini files are not completely eliminated, but they are highly reduced in number due to the presence of Registry.
Structure of Registry:-
Registry can be viewed/edited by running “regedit.exe” or “regedt32.exe” (for XP) in Run dialog box.
The Registry has a hierarchal (Tree structure) structure, like the directories in a Computer. Registry mainly contains Branches; these are the ones you will see on the Left Pane when you open Registry Editor.
Each Branch is called a Key; these are denoted by a Folder like icon.
Each Key can contain other Keys (often called as Sub Keys) within it or it can contain some other information called Values.
Values are the information represented on the Right Pane of the Registry Editor.
Values can be basically of three types (These can be called as Data Types ):-
2] Binary (8 bits)
3] DWORD (Double Word, Word means 16 bits, so DWORD is 32 bits)
String is analogous to the "Path of a Program" stored in .ini file as shown above. And String Data Type is used to store Textual information like Paths, Software Names, Device Names, and User Names etc.
Binary is analogous to the 1 or 0 used to specify Enable or Disable options stored in .ini file. Binary Data Type is generally used to specify/store "Enable/Disable" or "True/False" like information by making use of 0 and 1.This Data Type is also used to store Device Ids, Product Version, Passwords in Encrypted forms etc. Binary Data Types are displayed in Hexadecimal Format in Registry Editor.
DWORD is 32 bit binary data used to specify some Device driver parameters or Services. These are also displayed in Hexadecimal Format in Registry Editor.
But these Data Types (Values) are not only limited to storing Path or Enable/Disable options, they are used to store much more info, like Status of Hardware, Product Versions, Product Ids, Serial Keys etc, Passwords ( in some cases only in encrypted form ) etc.
Now let's see main Branches of Registry one by one.
In Registry, Mainly 6 Branches (5 in Windows 2000 and above) are there in default. These are the branches you will see in the Left Pane when you open Registry Editor.
HKEY_CLASSES_ROOT:- This branch contains all of the File types supported by Windows and by installed Applications. This section has info such as, "Which Application is used to open a file type" and "Where the Application is located" and "What type of Icon is to be used to represent the File with the corresponding File Type" etc.
For Example, It contains a Key named “txtfile”, when you expand this Key, it will have further Sub Keys namely “DefaultIcon” and “Shell” inside which another Key “Open” exists, within that “Command” Key exists.
When you click on “DefaultIcon Key”, it shows a “Value” on the Right Pane, This Value is of String Data Type, and this stores the path of Icon file to be used.
When you click on the “Command Key”, it shows a “Value” on the Right Pane, which is of String Data Type, and this stores the Path of the Application i.e. Notepad which is used to open the file.
So, Windows knows about the different File Types present in the System, Icons for different File Types to be used and also the Programs for different File Types. The information stored here makes sure that the correct program opens when you open a file by using Windows Explorer. This Branch is abbreviated as HKCR.
HKEY_CURRENT_USER:- This branch is like a subset of another Branch named HKEY_USERS. This branch points to the part of HKEY_USERS appropriate for the current user.
As the name says, it contains the Configuration Information of the User currently Logged on.
For example, it contains Folder Options used, Screen color settings, Control Panel Settings customized by the User.
This Branch is generally abbreviated as HKCU.
HKEY_LOCAL_MACHINE:- This branch contains information about all of the hardware and software installed on Computer. This Branch is abbreviated as HKLM.
This is one of the important parts of the Registry. This part contains important Sub Keys like “Config”, “Hardware”, “Software” etc.
Config Key contains further Sub Keys and Values which determines Display Settings (like Resolution, Color Mode etc), Fonts used etc.
Hardware Key contains further Sub Keys and Values which stores information about Processor, Adapters (like Network Adapter, ISA Adapter etc) used in the System and COM ports present in the System.
Software Key is one of the main branches of the HKLM. This contains entries of ALL Software, Device Drivers installed in the System. This “Software” branch has numerous Sub Keys and Values of different Software. Here you can find info about every Software installed in your System (this is similar to .ini file), like Default folder of the Software, Version Number, Serial Key (Yes! in some cases), Default Languages, Passwords and you name it, it's here. You have to see it to believe it!
This is the main part which replaces the .ini files.
So, you can find your Windows 98 Serial Key (in case, if you forget it), by navigating to this Key.
HKEY_LOCAL_MACHINE > Software > Microsoft > Windows > CurrentVersion.
Click on CurrentVersion key, and in Right Side Pane, look for a Value named “ProductKey”, that is your Serial Number. Here, you can change the default location of “Program Files” or “My Documents" too!
HKEY_USERS:- This Branch contains certain preferences (such as colors and Control Panel settings) for all of the users of the computer. This is like a Super Set of HKEY_CURRENT_USER, because it has Settings of all the users.
This Branch is generally abbreviated as HKU.
HKEY_CURRENT_CONFIG:- This branch is like a Sub set of HKEY_LOCAL_MACHINE > Config Key. Because it contains Hardware Information or Configuration of only Current User (the User who is currently logged on), whereas Config Key in HKLM contains Settings of All Users.
HKEY_DYN_DATA (Windows 95/98/ME only):- This branch points to a branch in HKEY_LOCAL_MACHINE, which contains information about Plug 'n' Play Hardware.
This is termed as Dynamic because, Hardware configurations can change since the Hardware is Plug 'n' Play type (that is, Hardware can be removed/changed/added).
This branch contains many Sub Keys, which in turn contain Values. Most of these Values are of Binary or DWORD Data Type, and these are shown in Hexadecimal System. Hence understanding what these Values mean, is difficult.
How the entries are added or removed to Registry?
Whenever any Software is installed or Device Drivers for hardware are installed, these software make entries to the Registry by themselves.
Also, theoretically whenever any Software is uninstalled, it should remove the Registry Entries made by it completely. But many software fail to do so, and leave some junk info in Registry. This is where Registry Cleaners come into picture.
These Registry Cleaners search the Registry for Obsolete/Junk entries which like Path Names which point to an Application which is already uninstalled, or to a File which is already deleted.
Popular Registry Cleaners are RegCleaner, RegSupreme, and System Mechanic etc.
Where is the Registry in my System?
Registry, in its hierarchal structure, is itself a File. This is stored as User.dat and System.dat in Win9X/ME Systems. In Win2000 and above, Registry is split and each main Branch has its own .DAT file (like ntuser.dat, system.dat) situated in different Folders.