An introduction to the Windows registry

You probably heard about it, but do you really know how it’s structured and how to work with it? If not please continue reading!

windows registry

Just so we are all in the same page I will explain what the registry is, the registry allows the operating system and the applications that reside in it to have a centralized point to store their configuration. A few examples of things we will find here are: user accounts, windows services and auto-start programs, application settings, etc.

Registry structure

The registry is divided in these so called “hive keys”, these keys are backed up by actual files on disk stored in binary format, you can find them in the following path:

%systemroot%\system32\config

They are, in descending file size: SOFTWARE, SYSTEM, SOFTWARE, SAM. And also the ntuser.dat files, one for every user, stored in their user profile.

When the system is running these files are mapped into the actual keys.

HKLM – HKEY Local Machine (software, system, sam, security)

HKCU – HKEY Current User (ntuser.dat)

HKCR – HKEY Classes root

Registry tools

To work with the registry we have a few tools at our disposal, one of the most common ones being regedit.exe. One of the issues with regedit is that it doesn’t offer many features and it can be tedious to find a certain key or do any kind of batch operation.

Meet nirsoft’s RegScanner, this tool while not offering editing capabilities is excellent for searching the registry, since it offers a lot of options to do so and it will present us with a list of the results instead of having to step through each result.

regScanner

In addition we also have the option of navigating the registry via the command-line. Using the reg.exe utility, which is included with most windows installs (if not all). This tool will allow us to do pretty much any operation we need, from updating keys to exporting entire hive keys. We see the different operations available if we call reg /?.

Example command using the reg.exe utility:

reg query HKLM\SYSTEM\CurrentControlSet\services

That’s just a small taste of the windows registry. I hope you enjoyed it!

Leave a Reply

Hello there. Thanks for visiting! My name is Jesus Castello and I'm a Ruby developer. You can find my contact info on the About page.

SUBSCRIBE NOW

Do you want to become a better developer? Then subscribe so you don't miss a single post!
Email *

© 2015 Black Bytes. All rights reserved.
Delicately crafted using Franz Josef theme and WordPress.