The Windows Concept Journey — Registry

We can say that the “Registry” is a central hierarchical database used by Windows to store configuration of the operating system/hardware/devices/application/etc (and other types of information). It is referenced by Windows constantly during normal operation for various tasks. The registry replaced most of the text-based “*.ini” files that were in used in Windows 3.x and other files like “config.sys” and “autoexec.bat” in MS-DOS (https://learn.microsoft.com/en-us/troubleshoot/windows-server/performance/windows-registry-advanced-users).

Overall, the registry is composed of hives, that are groups of keys that contain different values. There are 6 different hives (aka root keys): HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, HKEY_USERS, HKEY_CURRENT_CONFIG and HKEY_PRERFORMANCE_DATA (https://en.wikipedia.org/wiki/Windows_Registry) By the way, part of them are virtual hives — more on that and details about each one of them are part of future writeups.

Moreover, there is a limit of 64K in size of values of a key. Each value in a key has one of the following types: binary value (REG_BINARY), dword value (REG_DWORD), expandable string value (REG_EXPAND_SZ), multi-string value (REG_MULTI_SZ), symbolic link (REG_LINK), null terminated string (REG_SZ) and more (https://learn.microsoft.com/en-us/windows/win32/sysinfo/registry-value-types).

Lastly, we can access the registry (for reading/writing data) using different interfaces/tools such as: the Win32 Registry API (https://learn.microsoft.com/en-us/windows/win32/sysinfo/registry-functions), “reg.exe” and “regedit.exe” — as shown in the screenshot below.

See you in my next writeup ;-) You can follow me on twitter — @boutnaru (https://twitter.com/boutnaru). Also, you can read my other writeups on medium — https://medium.com/@boutnaru. You can find my free eBooks at https://TheLearningJourneyEbooks.com.