Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

The Windows Registry

advertisement 
The Windows Registry
• Working with the registry can be
dangerous even if you know what you are
doing.
• Making a wrong change can cause
problems severe enough that they cannot
be solved short of a reinstall.
About
• The Windows Registry is a database of settings used by
Windows and the individual applications that run on the
machine
• It is stored on your hard drive.
– This database stores different settings for your applications,
hardware, users, and preferences for Windows itself.
• Ever wonder how Windows remembers
–
–
–
–
Your screen resolution even after you restart your computer?
Or how about the size and position of your windows?
The version of windows reported by right-clicking My Computer
All that is stored in the Registry, and more.
Microsoft does not like you tampering with the registry....... so lets do it !
Lets see who is talking to the
registry
• Freeware tool called Regmon from
http://www.sysinternals.com/Utilities/Regmon.html
C:\RegistryMonitor\Regmon.exe
History
• It first appeared in Windows 3.1
– win 3.1 was termed “operating environment”
• performs the same functions as an OS except for booting
and handling storage.
– DOS was still used for these functions.
– The registry was a
single file (Reg.dat)
while configuration
data was held in
INI files
– Win.ini and
– System.ini
Exercise #1
Find and examine Win.ini and System.ini on your machine
The modern registry
•
The registry (as found in Win
9x and NT onwards) displays
information, previously held in
Reg.dat and the INI files, in
one hierarchical, centralized
location.
•
The majority of the
information displayed by the
registry is held in a series of
files on your hard-disk
sometimes referred to as
Hives.
•
The Hive is also the name
given to a complete subbranch of a root key
The Hives and Files
Examine and modify the registry
• The registry can be modified
– By software
– By the OS
– Using the registry editor; regedit.exe
Keys, Hives and Values
Now you see the "folders"
HKEY_CLASSES_ROOT,
HKEY_CURRENT_USER,
HKEY_LOCAL_MACHINE,
HKEY_USERS, and
HKEY_CURRENT_CONFIG
Some basic terminology
The five main "folders" are called
root keys [or top level key]
Their subfolders are called keys
A hive is a portion of the Registry
tree structure from any subkey under
a root key on down (e.g. the
SOFTWARE “hive” contains
HKEY_LOCAL_MACHINE\Software
and all its subkeys). It also is the
term used for the files on hard-drive
that contain registry information.
Values have names and hold one
of several types of data
Once you open the Registry Editor, you'll notice
that it is divided into two panes. The left pane
contains the root-keys, keys, and sub-keys. The
right pane contains various data types.
A full Registry could
contain 15,000 keys
and 35,000 values
File types and HKEY_CLASSES_ROOT
22
(1) First I see a long list of file extensions
(such as .avi) This has a field with
value Nero.ShowTime.Files for .avi
11
(2) I scoll down to the document type key
which contains the actual file type
information. Here I see the application
that will open this file type.
(3) These two sets of keys make up a file
type in Windows
How it is For .txt files
11
22
Exercise #2
• Examine the Hives
The two originals and the Shortcuts
This entire branch is a symbolic link, or "mirror,"
of HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES
but is displayed separately in this branch for clarity and easy access.
This branch points to a portion of
HKEY_USERS, signifying the currently
logged-in user. This way, any
application can read and write settings
for the current user without having to
know which user is currently logged on
The Software branch, subdivided by
software manufacturer and application
name, is where you'll find most of the
interesting settings.
You'll find most user-specific Windows
settings in
HKEY_CURRENT_USER\Software\Mi
crosoft\Windows.
This branch typically contains
a small amount of information,
most of which simply points to
other portions of the Registry.
There's little reason to mess
with this branch.
Do Exercise 2a and 2b
The settings in this branch are
the same for all users on your
system. The Software branch,
similar to the one in
HKEY_CURRENT_USER,
contains settings arranged by
software manufacturer and then
product name.
This branch contains a subbranch for the currently loggedin user, the name of which is the
current user's SID (security
identifier), a unique, 37-digit
string of numbers. Use
HKEY_CURRENT_USER for a
more convenient point of entry to
the data in this branch.
Remember that three of the keys
are really shortcuts
These are the only true root
keys. The others are only
symbolic links or mirrors of
portions of these
These are the only ones that
need to be stored on the hard
disk
Some keys are dynamic and are
held in memory until the machine
shuts down such as:
HKEY_LOCAL_MACHINE \Hardware
For example every branch in HKEY_LOCAL_MACHINE has a corresponding file in
\Windows\System32\config folder. HKEY_LOCAL_MACHINE \Software is stored in a file called
‘software. This file is called a Hive file. Typical hives: sam, security, software and system.
Keys and values
•
•
If you wanted to open HKEY_CURRENT_USER\Software\Microsoft, click
the + next to Software, then the + next to Microsoft.
Some keys contain other keys and some contain keys and values and some
just contain values
Value Types
•
String Values (REG_SZ)
– are capable of storing text or any type of characters (including numbers).
•
Multi-String Values (REG_MULTI_SZ)
– usually hold data that contain lists or multiple values in the form of several strings, concatenated (glued)
together and separated by null characters. Although Registry Editor lets you create these values, it's
impossible to type null characters (ASCII character #0) from the keyboard. The only way to generate null
character is programmatically or via cut-and-paste
•
EXPandable String Values (REG_EXPAND_SZ)
– Contains special variables, into which Windows substitutes information before delivering to the owning
application. For example, an expanded string value intended to point to a sound file may contain
%SystemRoot%\Media\doh.wav. When Windows reads this value from the Registry, it substitutes the full
Windows path for the variable, %SystemRoot%; the resulting data then becomes (depending on where
Windows is installed) c:\Windows\Media\song.wav. This way, the value data is correct regardless of the
location of the Windows folder.
•
Binary Values (REG_BINARY)
– Similarly to string values, binary values hold strings of characters. The difference is the way the data is
entered. Instead of a standard text box, binary data is entered with hexadecimal codes in an interface
commonly known as a hex editor. Each individual character is specified by a two-digit number in base-16
(e.g., 6E is equivalent to 110 in base 10), which allows characters not found on the keyboard to be entered.
You can type hex codes on the left or normal text on the right, depending on where you click with the mouse.
•
DWORD Values (REG_DWORD)
– are used to store number values. A DWORD value would be used where only numerical digits are allowed,
whereas string and binary values allow anything. Although displayed in hexadecimal format, you may enter in
data in either hexadecimal or plain decimal
Do Exercise 2c
defaults
•
•
Notice the string value named (default) that appears at the top of every
key.
The default value cannot be removed or renamed
– its contents can be changed;
– an empty default value is signified by value not set.
•
The (default) value doesn't necessarily have any special meaning that
would differentiate it from any other value,
– apart from a meaning assigned by the programmer of the particular
application that created the key
Backup the entire registry
Click Start
Mouse over All Programs
Mouse over Accessories
Mouse over System Tools
Click Backup
Click Next
Select the Back up files and
settings radio button
Click Next
Select the Let me choose
what to back up radio
button
In the left pane, highlight My
Computer (but don't
check it)
Now in the right pane, check
System State
Can you guess why its called System
‘State’ ?
http://www.puppypc.com/tutorials/reg/backup_xp_reg.htm
Exercise #3
• Back-up your registry
• NB
– As we will be making mods to the Registry its
vital that you do this exercise so we can undo
our work later!
Restore the Entire Registry
•
•
•
•
•
•
•
•
•
•
•
Click Next
Select the Restore files and
settings radio button
In the left pane, highlight File
Now, in the right pane, you
should see your backup;
double-click it
If you don't see your backup,
click the Browse... button
System State should now be
displayed in the right pane;
check it
Click Next
Click Finish
Accept the Warning by
clicking OK
You should now see a
Restore Progress window
Once the restoration is
complete, click Close
Click Yes to restart your
computer so the changes will
take effect
Restore Entire Registry If You Can't
Boot Windows
• To restore the Registry when you are unable to boot into
Windows, you will have to use the Last Known Good
configuration by doing the following:
• Press the F8 key while your computer first begins
loading Windows
• In the Windows Advanced Options menu, select Last
Known Good Configuration and press Enter
• Your computer will now boot into Windows with your
most recent settings that worked
Can you guess what this ‘last known good configuration” is?
A note on
Windows XP Home edition
• Some of your laptops will have XP Home edition
• Windows XP Home edition does not include the
Backup utility by default.
To install it:
– Insert your Windows XP cd
– Open up Windows explorer
– Navigate to D:\VALUEADD\MSFT\NTBACKUP\
• or replace ‘D:’ with appropriate cd-rom drive letter
– Double-click NTBACKUP.MSI and follow the onscreen instructions
“Exporting” keys
•
This should be done to any and all registry keys before changing them.
It will give you an easy way of changing back any changes that you make
editing the registry. Right click the key that you want to export, and select
Export. This creates an ordinary text file called a ‘patch’
Exporting /2
• Then give it a
name so you
remember
what it is.
Importing
•
•
Now that you have exported keys.
To change back your changes,
you need to know how to import them
into the registry.
Usually a double-click on a registry
file will merge it for you unless you
have changed the default action.
– If you have changes the default you
have to right-click the file and select
Merge.
Remember
• A complete back-up is much better than
saving/restoring one key/value but in most
instances for this lab it will be enough
• Exercise #4
– Export, then change and finally restore a Key
Edit a registry value
Strings /1
•
There are three main types of
registry values that you will
deal with:
– STRINGS (REG_SZ)
– DWORDS (REG_DWORD)
– BINARY values
(REG_BINARY).
•
There are others, but these are
99% of what you will deal with
doing normal editing.
•
To change an existing
STRING value, just double
click it and enter in the new
value data.
Hex or Decimal
Dword /2
• To change an existing
DWORD value you have
two options, hexadecimal
and decimal.
• Be sure you know what
type the value should be,
– 200 hexadecimal is 256
decimal,
– c8 is hexadecimal for 200
decimal
Binary /3
• Binary values are
represented in hex.
• The applicable
values are entered
the format 00 01 A2
etc
• ☺ Changing
anything other than
– 00 to 01 or
– 01 to 00 is rare
Adding new registry entries
•
•
•
Adding values is
very similar to
changing them with
the exception that
you have to name
the value.
Right click in the lefthand-side of the
registry editor and
select:
New > String
– (or whatever value
type you want to
add)
Adding a new Key
•
You need to add a key under
HKEY_CURRENT_USER\Software\Policies\Microsoft,
•
Just right-click on HKEY_CURRENT_USER\Software\Policies\Microsoft in the
folder tree, and then New > Key
Exercise 5
• Modify the current registry setting...
• You will look at tweaks for:
– Files, Folders, and File Types, Performance
Tweaks, User Account and Network Settings.
Registry data and patches
• Hives have an arcane format
• Usefully the registry supports importing
and exporting any number of keys/values
with patches
• Patches are ordinary ASCII text files that
contain anything from a single key to the
entire registry
• You can edit/write patches with notepad
Create a file to modify the registry
Manually /2
Manually /3
Manually /4
Manually /5
Exercise 6
• Create a patch file.
Related documents
Membership Of The Students` Union
Membership Of The Students` Union
Donor Registry Form
Donor Registry Form
Clinical Registries In Hand Surgery
Clinical Registries In Hand Surgery
8. Land Registry System in Northern Ireland_Patricia Montgomery
8. Land Registry System in Northern Ireland_Patricia Montgomery
preliminary proposal for non-TVT Registry funded research
preliminary proposal for non-TVT Registry funded research
Gown and Hood Rental Form
Gown and Hood Rental Form
Download
advertisement