Windows Registry Basics: De-Mystifying Windows Registry

The Windows Registry is a directory which stores settings and options for the operating system for Microsoft Windows. It contains information and settings for all the hardware, operating system software, most non-operating system software, users, preferences of the PC, etc. This post talks of Windows Registry Basics.

windows registry 8 Windows Registry Basics: De Mystifying Windows Registry

Whenever a user makes changes to Control Panel settings, file associations, system policies, or most installed software, the changes are reflected and stored in the registry. The registry also provides a window into the operation of the kernel, exposing runtime information such as performance counters and currently active hardware.

The Windows registry was introduced to tidy up the profusion of per-program INI files that had previously been used to store configuration settings for Windows programs. These files tended to be scattered all over the system, which made them difficult to track.

Windows Registry Basics

The Registry consists of the following 5 Root Keys:

  • HKEY_CLASSES_ROOT
  • HKEY_CURRENT_USER
  • HKEY_LOCAL_MACHINE
  • HKEY_USERS
  • HKEY_CURRENT_CONFIG.

reg1 Windows Registry Basics: De Mystifying Windows Registry

Root Keys contain SubKeys. Subkeys, may contain subkeys of their own too, and contain at least one value, called as its Default Value. A key with all its subkeys and values is called as a Hive.

The Registry is stored on the Disk as several separate Hive files. These Hive files are then read into memory every time Windows starts or when the User logs on. To see where the Hives are physically stored, see:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\HiveList

reg2 Windows Registry Basics: De Mystifying Windows Registry

You can read more on the location of Windows registry files.

The Registry uses the following data types:

REG_SZ : The SZ indicates zero-terminated string. This is a variable-length string that can contain Unicode as well as ANSI characters.
REG_BINARY : It contains binary data. 0’s & 1’s.
REG_DWORD : This data type is a Double Word. It is, a 32-bit numeric value and can hold any number from 0 to 232.
REG_QWORD : This data type is a Quadruple Word. It is a 64-bit numeric value.
REG_MULTI_SZ : This data type contains a group of zero-terminated strings assigned to a single value.
REG_EXPAND_SZ : This data type is a zero-terminated string containing an unexpanded reference to an environment variable, like say, %SystemRoot%.

Registry Virtualization in Windows Vista onwards

Starting with Windows Vista, along with File Virtualization, the Registry too has been Virtualized, and hence unlike Windows XP, does not tend to suffer from bloat. The same has been continued in Windows 7.

Virtualization basically means that, applications are prevented from writing to System Folders Windows’ file system and ALSO to the ‘machine wide keys‘ in the registry. However, this does not prevent standard user accounts from installing or running applications.

In Windows Vista and later, the UAC utilizes the Registry Virtualization Feature, to redirect attempts to write to subkeys of

HKEY_LOCAL_MACHINE\Software

When an application attempts to write to this hive, Vista instead, writes it, to a per-user location,

HKEY_CLASSES_ROOT\VirtualStore\Machine\Software

This is done discreetly. No one gets to know that this is happening !

This is, in short Registry Virtualization, and it is a useful Security feature.

Incidentally, mention must also be made of another new technology underlying Windows Vista and later: The Kernel Transaction Manager, which enables Transactional Registry. This feature enables a sort of a registry rollback. But it’s not implemented in Registry Editor. Instead, this feature is designed for use by developers who need to create robust applications using transactional processing.

Registry Editor

The primary tool in Windows Vista / 7 for working directly with the registry is Registry Editor. To access it, simply type regedit in Vista’s Start Menu Search Bar and hit Enter ! You have to be doubly careful when working with the Registry, as there is no confirmation prompt or a click OK to save prompt. Changes made are directly incorporated.

You can read more about Windows Registry Editor Tips & Features.

Mention must specifically be made of the

HKEY_LOCAL_MACHINE\System\CurrentControlSet

hive as the keys in this particular are so essential for Vista to start-up, that its backup is maintained, which you can restore when necessary, simply by booting in Safe Mode and selecting Last Known Good Configuration.

To beging wit, you might want to read this post on Start Menu and TaskBar Registry Tweaks. You can check out more articles on Windows Registry and go here to find out how to backup and restore the registry.

Post ported from WinVistaClub.com and updated and posted here.

Posted by on , in Category Windows with Tags
Anand Khanse aka HappyAndyK is an end-user Windows enthusiast, a Microsoft MVP in Windows, since 2006, and the Admin of TheWindowsClub.com. Please create a System Restore Point before trying out any software & be careful about any third-party offers while installing freeware. Add me on Google+.
  • Gary

    Hi … I’m also puzzled about the registry and have never understood how to maintain it or keep it from corrupting my system somehow.

    I’ve recently had a very frustrating email exchange with Mihal Roman from Spamfighter. Besides being extremely arrogant and unhelpful, he basically said it was my fault for expecting too much from the software (and then he refused to provide a refund). Firstly he told me that they have no intention of fixing the bugs and various flaws in the antispam software, saying that this is how the software is intended to work and there’s no need to improve it or release any bug-fixes in the future. It’s good enough, he claimed. (I was complaining about spam emails that weren’t being blocked, despite my marking them as spam and adding their addresses and domains to the black list). He then said it’s perfectly OK for the Spamfighter software to use the registry to store and maintain the black and white lists.

    Is that right?

    It means that every time I receive email (and I get around 1,000 emails a day), Spamfighter is writing to the registry. And so far there are about 20,000 entries for all the black-listed emails that I’ve already imported.

    Isn’t there a risk of corrupting the registry (particularly if there are outstanding bugs and security holes in the software that aren’t being maintained)? I would have thought that the registry needs to be backed up before any major changes (like installing new software). But if the registry is being used as a private database file for an application then almost anything could cause a serious system crash – maybe something as little as a power failure in the middle of receiving emails and/or marking an email as spam or not-spam.

    Should I be worried? Should I uninstall Spamfighter?

  • http://www.thewindowsclub.com Anand Khanse

    While I have not used SpamFighter, it is among the better known anti-spam software available. Although I cannot say for sure, I guess they must be checking emaild IDs for sapm against their data bank from their servers or from those stored locally on your computer. And I am sure that like many other software, SpamFighter too must be creating entries in your Registry – and this is not necessarily bad.

    To maintain your Registry, I would suggest you run a good freeware registry cleaner like say, CCleaner, once every month.

    I think you could trust SpamFighter.

  • Gary

    Thanks Anand, but I’m still a bit worried when you say “I have not used spamfighter” and creating entries in the registry “is not necessarily bad”.

    I find spamfighter to be quite a sloppy piece of software, now that I have been using it for about a month. I’m getting the same obviously spam emails in my inbox consistently, despite marking it as spam, adding the domain to the blacklist, etc.

    But when I see that several hundred entries are added to the registry every day, I can’t see how this can be safe.

    What about a power failure? If spamfighter is more or less writing to the registry throughout the day, it could happen that a power failure causes the operation to be interrupted and possibly corrupting the registry.

    Does it matter?

    If the registry write gets interrupted, say, and the registry file becomes severely corrupted, will Windows still continue to restart and function? And are the corrupted entries easily fixable with CCleaner?

    Or should I back up the registry several times a day in case I need to go back to a previous “whole” version of the registry in case of a system failure caused by spamfighter.

    I tried to get a response from spamfighter technical support, but they consistently ignored my questions about the registry and the various bugs I discovered, except that I did get a couple of responses saying that this is how spamfighter is supposed to work and I’ve just got to accept the bugs and the false positives and negatives because it’s not gonna change.

    After getting these either completely disinterested or smartalec responses, I got worried about how reliable and safe their software really is. It would cost them relatively little to fix the problems, but they just don’t want to. When a company starts to behave rudely and arrogantly towards its customers, then it’s time to move on… probably a sign that there’s serious internal conflicts and the business is about to fold… which also means the many customers will have purchased a half-finished product that quickly becomes obsolete. It seems that the subscription-based model is to pay for the running of their servers to keep track of spam email IDs as you suggest. What happens when these servers get switched off?

  • http://www.thewindowsclub.com Anand Khanse

    If you think it Is a “a sloppy piece of software” and are not comfortable using it, then it better to uninstall it. At least I would uninstall any software right away if I did not find any value in using it.
    CCleaner or for that matter any registry cleaner, will help in removing broken or orphaned registry entries only, and not fix a corrupted Registry.

  • Andre Greeff

    I’m curious about something here.. Can anyone tell me when MS first introduced the “REG_EXPAND_SZ” registry entry type?

    I’m checking for potential compatibility issues with referencing other environment variables within the %PATH% variable itself. Been searching high and low for this, but I have yet to find a definitive answer.

  • Recent Comments