The Windows Registry

The Windows Registry replaces .ini files. It is a place where programs store the data they need to run. Eg, configuration settings.

Some key facts to remember.

Root Keys

[P] – primary key
[A] – alias to some other key in the registry

  1. [A] HKEY_CLASSES_ROOT (HKCR)
    • On Windows 2000 and above, HKCR is a compilation of user-based HKCU\Software\Classes and machine-based HKLM\Software\Classes. If a given value exists in both of the subkeys above, the one in HKCU\Software\Classes takes precedence.
  2. [A] HKEY_CURRENT_USER (HKCU)
    • a link to the subkey of HKEY_USERS that corresponds to the user; the same information is accessible in both locations
  3. [P] HKEY_LOCAL_MACHINE (HKLM)
  4. [P] HKEY_USERS (HKU)
  5. [A] HKEY_CURRENT_CONFIG (HKCC)
    • It is a handle (alias) to the key "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current" (only exists in Windows 9x/Me and NT-based versions of Windows)
  6. HKEY_PERFORMANCE_DATA (only in NT-based versions of Windows, but invisible in the Windows Registry Editor)
  7. HKEY_DYN_DATA (only in Windows 9x/Me, and visible in the Windows Registry Editor)

hive file locations

The Registry is stored in hive files.

Note:

  • %SystemRoot% is usually c:\windows
  • %UserProfile% is usually
    w2k w2003 wxp
    c:\Documents and Settings\[USERNAME]
    Vista w7 w8
    c:\users\[USERNAME]
HKEY_LOCAL_MACHINE\SAM
%SystemRoot%\System32\Config\SAM

  • (SAM stands for “Security Accounts Manager”)
HKEY_LOCAL_MACHINE\SECURITY
%SystemRoot%\System32\Config\SECURITY
HKEY_LOCAL_MACHINE\SOFTWARE
%SystemRoot%\System32\Config\SOFTWARE
HKEY_LOCAL_MACHINE\SYSTEM
%SystemRoot%\System32\Config\SYSTEM
HKEY_USERS\.DEFAULT
%SystemRoot%\System32\Config\DEFAULT
HKEY_USERS\[User SID] (HKEY_CURRENT_USER)
%UserProfile%\NTUSER.DAT
HKEY_USERS\[User SID]_Classes (HKEY_CURRENT_USER\Software\Classes) (part of HKEY_CLASSES_ROOT)
w2k w2003 wxp
%UserProfile%\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (path is localized)
Vista w7 w8
%UserProfile%\AppData\Local\Microsoft\Windows\UsrClass.dat (path is not localized)

Reference: https://en.wikipedia.org/wiki/Windows_Registry

Leave a Reply

Your email address will not be published. Required fields are marked *