1. The Registry Editor
Most
of the changes to the Registry are performed behind the scenes by the
applications that you run, as well as by Windows—settings and other
information are read from and written to the Registry constantly. But
the primary means of editing Registry keys and values directly is the
Registry Editor (open the Start menu, type regedit, and then press Enter), included with all editions of Windows Vista.
Although
the Registry is stored in multiple files on your hard disk, it is
represented by a single logical hierarchical structure, similar to the
folders on your hard disk. When you open the Registry Editor, you'll see
a window divided into two panes (as shown in Figure 1).
The left side shows a tree with folders, and the right side shows the
contents of the currently selected folder. Now, these aren't really
folders—this is just a convenient and familiar method of organizing and
displaying the information stored in your Registry.
Each folder-like object is called a key. Each key can contain other keys, as well as values.
Values contain the actual information stored in the Registry, while
keys are used only to organize the values. Keys are shown only in the
left pane; values are shown only in the right pane (unlike Windows
Explorer, where folders are shown in both panes).
To
display the contents of a key (folder), just click the desired key name
on the left, and the values contained therein will be listed in
alphabetical order on the right side. To expand a certain branch to show
its subkeys, click the tiny arrow to the left of any folder (or
double-click the folder name).
Editing
the Registry generally involves navigating down through branches to a
particular key and then modifying an existing value or creating a new
key or value. For instance, this following Registry path:
HKEY_CURRENT_USER\Software\Microsoft\Windows
points to the location of the Windows key, which you can get to by expanding the HKEY_CURRENT_USER branch, then Software, then Microsoft, and then finally clicking Windows to show its contents on the right.
If you find yourself returning to the same Registry path over and over, use the Favorites
menu to bookmark the item. Better yet, to view two different Registry
locations simultaneously, start a second instance of Registry Editor by
typing regedit /m in the Start menu Search box and pressing Enter. |
|
You
can also rename any key or value just like you'd rename a file in
Windows Explorer: click twice slowly, right-click and select Rename, or highlight and press F2. Likewise, you can delete a key or value by highlighting it and pressing the Del key or by right-clicking it and selecting Delete. (Note that deleting a key will also delete all the values and subkeys it contains.)
You
can't drag-drop keys or values here as you can with files in Windows
Explorer. Of course, there's very little reason to move a key or value
from one place to another in the Registry, as the settings are totally
location-dependent. A value in one key will almost always have a
different meaning than the same value in a different key. There
are times, however, when you'll need to duplicate a key and all its
contents (such as a file type key), which is something you can do with
Registry patches. |
|
To add a new key or value, select New from the Edit menu, select what type of object you want to add (Figure 2), type a name, and press Enter.
You
can create a value (or key) almost anywhere in the Registry and by any
name and type that suits your whim. However, unless Windows or an
application is specifically designed to look for the value, it will be
ignored, and your addition will have absolutely no effect. |
|
2. The Structure of the Registry
There
are five primary, or "root," branches, each containing a specific
portion of the information stored in the Registry. These root keys can't
be deleted, renamed, or moved, because they are the basis for the
organization of the Registry. They are:
HKEY_CLASSES_ROOT
This branch contains the information that comprises your file type associations and the registered software components (called classes) used by Windows and many of your applications.
This entire branch is a symbolic link, or "mirror," of HKEY_LOCAL_MACHINE\SOFTWARE\Classes, but is displayed separately here for convenience and, of course, to confuse you.
HKEY_CURRENT_USER
This branch simply points to a portion of the HKEY_USERS
root key (later in this section) representing the currently logged-in
user. This way, any application can read and write settings for the
current user without having to know which user is currently logged in.
In
each user's branch are the settings for that user, such as Control
Panel settings and Explorer preferences. Most applications store
user-specific information here as well, such as toolbars, high scores
for games, and other personal settings.
The settings for the current user are divided into several categories, such as AppEvents, Control Panel, Identities, Software, and System. The most useful of these branches, Software, contains a branch for almost every application installed on your computer, arranged by manufacturer. Here and in HKEY_LOCAL_MACHINE\SOFTWARE
(discussed later) can be found all of your application settings. As
though Windows was just another application on your system, you'll find
most user-specific Windows settings in HKEY_CURRENT_USER\Software\Microsoft\Windows.
HKEY_LOCAL_MACHINE
This branch contains information about all of the hardware and software installed on your computer that isn't specific to the currently logged-in user. The settings in this branch are the same for all users on your system.
The sub-branch of most interest here is the SOFTWARE
branch, which contains all of the information specific to the
applications installed on your computer. Both this branch and the
aforementioned HKEY_CURRENT_USER\Software
branch are used to store application-specific information. Those
settings that are specific to each user (even if your computer has only
one user), such as toolbar configurations, are stored in the
aforementioned HKEY_CURRENT_USER
branch; those settings that are not user-dependent, such as
installation folders and lists of installed components, are stored in
the HKEY_LOCAL_MACHINE branch. You'll
want to look in both places if you're trying to find a particular
application setting, because most manufacturers (even Microsoft) aren't
especially careful about which branch is used for any given setting.
HKEY_USERS
This
branch contains a sub-branch for the currently logged-in user, the name
of which is a long string of numbers that looks something like this:
S-1-5-21-1727987266-1036259444-725315541-500
This number is the SID
(security identifier), a unique ID for each user on your system (yours
will be different than this one).
While it may sound like a good idea to edit the contents of this branch, you should instead use the HKEY_CURRENT_USER branch described earlier, which is a symbolic link (mirror) of this branch:
HKEY_USERS\S-1-5-21-1727987266-1036259444-725315541-500
No matter which user is logged in, HKEY_CURRENT_USER will point to the appropriate portion of HKEY_USERS.
Because
Windows only loads the profile (this portion of the Registry) of the
currently logged-in user, only one user branch will ever be shown here.
However, there will be a few other branches here, such as .default (used when nobody is logged in), and a few other branches that are of little interest to most users. |
|
HKEY_CURRENT_CONFIG
This
branch typically contains a small amount of information, most of which
is simply symbolic links (mirrors) of other keys in the Registry.
There's usually little reason to mess with this branch.
You'll eventually find that everything you'll want to do with the Registry can be done in either HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE.
2.1. The Meat of the Registry: Values
Values are where Registry data is actually stored (while keys are simply used to organize values). The Registry uses several types
of values—eight in all—each appropriate to the type of data it is meant
to hold. Each type is known by at least two different names, the common
name and the symbolic name (shown in parentheses in Table 1).
Table 1. Value types visible in the Registry Editor
Value type
|
Icon used in RegEdit
|
Can be created in RegEdit?
|
---|
String (REG_SZ)
|
|
Yes
|
Multistring/string array (REG_MULTI_SZ)
|
|
Yes
|
Expandable string (REG_EXPAND_SZ)
|
|
Yes
|
Binary (REG_BINARY)
|
|
Yes
|
DWORD 32-Bit (REG_DWORD)
|
|
Yes
|
DWORD 64-Bit (REG_QWORD)
|
|
Yes
|
DWORD (REG_DWORD_BIGENDIAN)
|
|
No
|
Resource List (REG_RESOURCE_LIST, REG_RESOURCE_REQUIREMENTS_LIST, or FULL_RESOURCE_DESCRIPTOR)
|
|
No
|
Although
the Registry Editor allows you to view and edit all eight types of
values, it is only capable of creating the six most common (and not
surprisingly, most useful) types. In practice, you'll typically only
create string, binary, and DWORD values.
String values
String values contain strings
of characters, more commonly known as plain text. Most values of
interest to you will end up being string values; they're the easiest to
edit and are usually in plain English. To edit a string value, just
double-click, type a string of text into the text field (Figure 3), and click OK when you're done.
In addition to standard strings, there are two far less common string variants, used for special purposes:
Multistring/string array values contain several strings, concatenated (glued) together and separated by null
characters. Although the Registry Editor lets you create multistring
values, it's impossible to type null characters (character #0 in the
ASCII character set) from the keyboard. The only way to place a null
character into a Registry value is either through a programming
environment or via cut-and-paste from another application.
Expandable string values
contain special variables, into which Windows substitutes information
before delivering to the owning application. For example, an expandable
string value intended to point to a sound file may contain %SystemRoot%\Media\doh.wav. When Windows reads this value from the Registry, it substitutes the full Windows path for the variable, %SystemRoot%; the resulting data then becomes (depending on where Windows is installed) c:\Windows\Media\doh.wav. This way, the value data is correct regardless of the location of the Windows folder.
If
you were to type data intended for an expandable string value into an
ordinary string value, the variables wouldn't necessarily be expanded
when read by an application. |
|
Binary values
Similar
to string values, binary values hold strings of characters. The
difference is the way the data is viewed and edited. Instead of a
standard text box, binary data is entered with hexadecimal codes in an
interface commonly known as a hex editor.
Each individual character is specified by a two-digit number in base-16
(e.g., 6E is 110 in good-ol' base 10), which allows characters not
found on the keyboard to be entered. See Figure 4 for an example.
You can type hex codes on the left side or normal ASCII characters on the right, depending on where you click with the mouse. |
|
The
purpose of binary values is to hold data that couldn't be easily
represented by ordinary string values. As such, binary values are much
less likely to contain readable text (despite the example value in Figure 4),
but rather simply raw data. Of course, the format and purpose of the
data in any given binary value depends entirely on the application that
created it.
DWORD values
Essentially, a DWORD is a number. Often, the contents of a DWORD value are easy to understand, such as 0 for no and 1 for yes, or 161
for the number of seconds it took you to solve your best game of
Sudoku. A DWORD value is used where only numerical digits are allowed,
whereas a string or binary value can contain anything.
In the DWORD value editor (Figure 5), you can change the base of the number displayed (think back to your grade-school math). For instance, the number 64 in hexadecimal (also known as base 16) is equal to 100 in decimal (base 10).
Type the number in the wrong base, and you'll unwittingly be entering the wrong value. (The Base option doesn't matter for any value of 9 or less.) |
|
In most cases, you'll want to select Decimal
(even though Microsoft didn't bother to make it the default), since
decimal notation is what most humans use for ordinary counting numbers.
Note that if there's already a number in the Value data field, switching the Base converts the number in real time, which incidentally is a good way to illustrate the difference between the two settings.
The
application that creates each value in the Registry solely determines
the particular type and purpose of the value. In other words, no strict
rules limit which types are used in which circumstances or how values
are named. A programmer may choose to store, say, the high scores for
some game in a binary value called High Scores or in a string value called Lard Lad Donuts. All you have to do in your role as Registry hacker is provide the values in the format expected by a given application.
An important thing to notice at this point is the string value named (default) that appears at the top of every key. The default value cannot be removed or renamed, although its contents can be changed; an empty default value is signified by value not set. The (default)
value doesn't necessarily have any special meaning that would
differentiate it from any other value, apart from what might have been
assigned by the programmer of the particular application that uses the
key.