|
Editing the Windows Registry (continued...)
The KEYS and Their
Subkeys
Each key contains one or more values. These values are the actual
configuration data that is associated with the particular key.
The data in the values can be represented in three different
ways:
String, Binary and
DWORDS.
String values
are made up of textual entries, words, phrases,letters or any
combination thereof. Strings are always enclosed in quotation
marks.
eg. "Hello World".
Binary values
are just that, a collection of 1s and 0s. These values are not
really limited in size and are, of course, more difficult to
understand.
DWORD values
are 32-bit entries stored in a 4 byte hexidecimal format. Why
is it called a DWORD? It takes 8 bits to make a byte, and a
single byte to hold a character. Two characters are considered
a word, which would take up 2 bytes. 4 bytes will hold 2 words.
DWORD stands for Double Word.
examples:
(Default) (value
not set)
ClassGUID
"{4d36e97d-e325-11ce-de432d-10318}"
0000 01100000101011000000101100001
Capabilities 14 00 00 00
String, Binary and
DWORD are referred to as the data types.
Although you see
6 root keys when you first enter the Registry Editor, only two
of them are actually backed up when you back up the Registry.
HKEY_LOCAL_MACHINE and HKEY_USERS.
HKEY_LOCAL_MACHINE
and all its subkeys, stores the configuration information that
has to do with the computer itself, and the hardware and peripherals
attached. Values might include names, types, settings and resource
allocations for the motherboard, expansion slots, CPU, and other
devices. Anything specific to the computer hardware itself,
that won't change from user to user, even if different profiles
are used.
HKEY_USERS and it's
subkeys store information that has to do with user configurable
settings and preferences. Information stored here determines
if your background is blue and what icons will appear on the
desktop. It includes all the software configuration data that
is specific to each individual user that can log onto the computer.
Let's start with
a quick look at HKEY_LOCAL_MACHINE. Click on the plus sign beside
the key and you'll see several other subkeys:
HKEY_LOCAL_MACHINE\Config
- Stores different hardware profiles when multiple hardware
profiles have been set up for the machine. Each separate profile
will be represented by its own key numbered 0001, 0002, 0003,
etc...
HKEY_LOCAL_MACHINE\Enum
- Stores configuration settings and information on all the devices
that have been installed in the computer, regardless of whether
they are included in each hardware profile or not.
HKEY_LOCAL_MACHINE\Hardware
- Doesn't store too much info. You might find your processor
type and speed in here.
HKEY_LOCAL_MACHINE\Security
- Network security information. You'll find values and settings
that have to do with network connections, administrative information
and file sharing on your computer.
HKEY_LOCAL_MACHINE\Software
- These different keys and values contain information and software
settings that are specific to the computer, and not changed
from user to user. This branch also contains operating system
information and upgrade info and status.
HKEY_LOCAL_MACHINE\System
- This branch contains the different control sets. These are
configurations and settings that determine how Windows starts
up, which device drivers and services to load, keyboard layouts,
shut down and logon information.
These are all branches
that radiate from the one root key, HKEY_LOCAL_MACHINE. If you
follow the branches down, and highlight specific keys, you may
find some interesting information shown in the values in the
right hand pane. Especially HKEY_LOCAL_MACHINE\Enum.
I could elaborate
more here but my intention is to have you understand the branching
process itself and how some of the values are stored and accessed.
Take a look at HKEY_USERS. Follow its branches and subkeys and
see what kind of information it stores in its values.
What about the other
root keys you see,
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_DYN_DATA.
The first three are
called aliases. They are not really separate keys. They are
sections or branches of the first two keys we talked about.
Take a look at HKEY_CLASSES_ROOT,
then check out HKEY_LOCAL_MACHINE\Software\CLASSES. You'll notice
they're the same. This particular branch contains information
on the associations between the different programs and their
file types.
HKEY_CURRENT_CONFIG
will match the information you'll find at HKEY_LOCAL_MACHINE\config\0001,
or the number of the current hardware profile in use.
HKEY_CURRENT_USER
will match the information in the key HKEY_USERS that corresponds
to the user currently logged in.
If you make a change
in the alias keys, you'll find that the change has also been
made in the corresponding branch of the real root key. For this
reason, you'll find that most changes are done in the alias
keys.
The last key, HKEY_DYN_DATA
is not an alias, but it is a dynamic file that is created while
Windows is running and contains information on what's happening
with your computer. Things like hardware status, resources and
performance.
(continued...)
|
