The Windows Registry replaces .ini files. It is a place where programs store the data they need to run. Eg, configuration settings.
Some key facts to remember.
Root Keys
[P]
– primary key
[A]
– alias to some other key in the registry
[A]
HKEY_CLASSES_ROOT
(HKCR
)
- On Windows 2000 and above, HKCR is a compilation of user-based
HKCU\Software\Classes
and machine-based HKLM\Software\Classes
. If a given value exists in both of the subkeys above, the one in HKCU\Software\Classes
takes precedence.
[A]
HKEY_CURRENT_USER
(HKCU
)
- a link to the subkey of
HKEY_USERS
that corresponds to the user; the same information is accessible in both locations
[P]
HKEY_LOCAL_MACHINE
(HKLM
)
[P]
HKEY_USERS
(HKU
)
[A]
HKEY_CURRENT_CONFIG
(HKCC
)
- It is a handle (alias) to the key
"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current"
(only exists in Windows 9x/Me and NT-based versions of Windows)
HKEY_PERFORMANCE_DATA
(only in NT-based versions of Windows, but invisible in the Windows Registry Editor)
HKEY_DYN_DATA
(only in Windows 9x/Me, and visible in the Windows Registry Editor)
hive file locations
The Registry is stored in hive files.
Note:
%SystemRoot%
is usually c:\windows
%UserProfile%
is usually
- w2k w2003 wxp
c:\Documents and Settings\[USERNAME]
- Vista w7 w8
c:\users\[USERNAME]
HKEY_LOCAL_MACHINE\SAM
%SystemRoot%\System32\Config\SAM
- (
SAM
stands for “Security Accounts Manager”)
HKEY_LOCAL_MACHINE\SECURITY
%SystemRoot%\System32\Config\SECURITY
HKEY_LOCAL_MACHINE\SOFTWARE
%SystemRoot%\System32\Config\SOFTWARE
HKEY_LOCAL_MACHINE\SYSTEM
%SystemRoot%\System32\Config\SYSTEM
HKEY_USERS\.DEFAULT
%SystemRoot%\System32\Config\DEFAULT
HKEY_USERS\[User SID]
(HKEY_CURRENT_USER
)
%UserProfile%\NTUSER.DAT
HKEY_USERS\[User SID]_Classes
(HKEY_CURRENT_USER\Software\Classes
) (part of HKEY_CLASSES_ROOT
)
-
- w2k w2003 wxp
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
(path is localized)
- Vista w7 w8
%UserProfile%\AppData\Local\Microsoft\Windows\UsrClass.dat
(path is not localized)
Reference: https://en.wikipedia.org/wiki/Windows_Registry