• The Registry has a hierarchal structure; although it looks complicated the structure is similar to the directory structure on your hard disk, with Regedit being similar to Windows Explorer.
• Each main branch (denoted by a folder icon in the Registry Editor) is called a Hive, and Hives contains Keys. Each key can contain other keys (sometimes referred to as sub-keys), as well as Values. The values contain the actual information stored in the Registry. There are three types of values; String, Binary, and DWORD - the use of these depends upon the context.
• There are five main Hives (branches), each containing a specific portion of the information stored in the Registry. They are as follows:
• HKEY_CLASSES_ROOT -
This branch contains all of your file association mappings to support the drag-and-drop feature, OLE information, Windows shortcuts, and core aspects of the Windows user
interface.
• HKEY_CURRENT_USER -
This branch links to the section of HKEY_USERS appropriate for the user currently logged onto the PC and contains information such as logon names, desktop settings, and Start
menu settings.
• HKEY_LOCAL_MACHINE -
This branch contains computer specific information about the type of hardware, software, and other preferences on a given PC, this information is used for all users who log onto this computer.
• HKEY_USERS -
This branch contains individual preferences for each user of the computer; each user is represented by a SID sub-key located under the main branch.
• HKEY_CURRENT_CONFIG -
This branch links to the section of HKEY_LOCAL_MACHINE appropriate for the current hardware
configuration.
Each registry value is stored as one of five main data types:
• REG_BINARY -
This type stores the value as raw binary data. Most hardware component information is stored as binary data, and can be displayed in an editor in hexadecimal format.
• REG_DWORD -
This type represents the data by a four byte number and is commonly used for Boolean values, such as "0" is disabled and "1" is enabled.
• REG_EXPAND_SZ -
This type is an expandable data string that is string containing a variable to be replaced when called by an application.
• REG_MULTI_SZ -
This type is a multiple string used to represent values that contain lists or multiple values, each entry is separated by a NULL character.
• REG_SZ -
This type is a standard string, used to represent human readable text values.
• Each main branch (denoted by a folder icon in the Registry Editor) is called a Hive, and Hives contains Keys. Each key can contain other keys (sometimes referred to as sub-keys), as well as Values. The values contain the actual information stored in the Registry. There are three types of values; String, Binary, and DWORD - the use of these depends upon the context.
• There are five main Hives (branches), each containing a specific portion of the information stored in the Registry. They are as follows:
• HKEY_CLASSES_ROOT -
This branch contains all of your file association mappings to support the drag-and-drop feature, OLE information, Windows shortcuts, and core aspects of the Windows user
interface.
• HKEY_CURRENT_USER -
This branch links to the section of HKEY_USERS appropriate for the user currently logged onto the PC and contains information such as logon names, desktop settings, and Start
menu settings.
• HKEY_LOCAL_MACHINE -
This branch contains computer specific information about the type of hardware, software, and other preferences on a given PC, this information is used for all users who log onto this computer.
• HKEY_USERS -
This branch contains individual preferences for each user of the computer; each user is represented by a SID sub-key located under the main branch.
• HKEY_CURRENT_CONFIG -
This branch links to the section of HKEY_LOCAL_MACHINE appropriate for the current hardware
configuration.
Each registry value is stored as one of five main data types:
• REG_BINARY -
This type stores the value as raw binary data. Most hardware component information is stored as binary data, and can be displayed in an editor in hexadecimal format.
• REG_DWORD -
This type represents the data by a four byte number and is commonly used for Boolean values, such as "0" is disabled and "1" is enabled.
• REG_EXPAND_SZ -
This type is an expandable data string that is string containing a variable to be replaced when called by an application.
• REG_MULTI_SZ -
This type is a multiple string used to represent values that contain lists or multiple values, each entry is separated by a NULL character.
• REG_SZ -
This type is a standard string, used to represent human readable text values.
Post a Comment