• Windows system registry. Windows Registry: what it is, how to create sections and settings

    It is known system registry Windows they call a huge database of information that contains data about configuration and options operating system. This is precisely the main component.
    In simple words, this is where Windows gets information about which utility to launch when you click on a file or what actions to perform when the user launches various applications.

    System registry keys

    The basis of the system registry is a tree-like list (almost the same in all versions of Windows).
    The main branch (category) of the registry is HKEY_CLASSES_ROOT (HKCR). This contains information about the type of files registered in Windows. The contents of this thread are used when files are opened double click with the mouse or when performing drag-and-drop.
    IN HKKEY_CURRENT_USER (HKCU) there are user shell options - “Start”, “Desktop” and others (related to the operating system).
    Branch HKEY_LOCAL_MACHINE (HKLM) used to store data about software products that are installed on the computer. It could also be drivers and settings. It also uses information such as computer buses, the total amount of memory, a list of downloaded at the moment drivers, information about loading Windows.
    Chapter HKEY_USER (HKU), when compared with (HKCU), stores Windows options that are the same for any user.
    IN HKEY_CURRENT_CONFIG (HKCC) You can see information about the hardware used on the local computer when the operating system starts. Profiles allow you to find device drivers for specific work sessions.
    When various utilities are installed, new entries are created in the registry. In some cases, when deleting applications from hard drive computer keys remain in the registry. Sometimes this is done intentionally. If you want to repeat the installation of the program, you will not have to configure it again, since the options will already be saved in the registry. It happens that the keys of a remote application are in the registry due to malfunction cleaning utilities.
    With a large number of similar records (about remote applications) will spend a lot of time viewing the contents of the system registry.

    How to manage the registry?

    For registry management and making changes there is a specially designed tool that can be found in Windows\System32. The file is called regedt32 or regedit.exe. A large number of other third-party registry editors also cope with this task. We could look at them for a very long time, so we won’t.
    To run the built-in OS Windows editor registry in the “Run” menu you need to specify regedit and use “Enter”. This will open the Registry Editor window. When working with the registry, you need to be as careful as possible. If you delete or damage system files, Windows may stop starting. However, being afraid of everything is not an option! You should not change registry information when you don't know what it means or what the consequences might be. Before you begin, create control point Windows recovery,. This way you will protect yourself from possible problems with the registry.

    Windows Registry is one of the most mysterious parts of the operating system, which allows you to customize and modify almost every aspect of Windows. Some people work with the registry all the time, but most people have only a vague understanding of it and are not entirely sure how to create custom keys and settings. So, let's try to figure out what the Windows registry is.

    What is the Windows Registry

    The Windows registry is nothing more than a collection of various system configurations and settings.

    It can be considered as a database that stores almost all the important information. This information includes everything related to the hardware system, application settings, installed programs, user profiles, etc. Windows accesses the registry constantly, because, as already mentioned, everything is stored in it important information, and it is much faster and easier for the operating system to manage everything from one place than to fiddle with separate files configurations located in different places.

    Windows Registry Components

    The Windows 10 registry consists of three main components - root-level keys, keys, and settings.

    Root level keys contain sections that have their own set of parameters.

    There are five different root level keys, and they all have their own specific purposes. Here's their gist:

    • HKEY_CLASSES_ROOT (HKCR): this key is used for object linking and embedding (OLE) and file type association. This is the key where Windows associates files with their respective programs so the user can open and interact with them.
    • HKEY_CURRENT_USER (HKCU): This Windows registry key stores all data, user-level settings, and configurations associated with the logged-in user. Not only Windows, but also other programs store data related to the current user here.
    • HKEY_LOCAL_MACHINE (HKLM): regardless of the user's status, this key contains everything system partitions, including any hardware settings, parameters software etc. Since HKLM contains most of all system information, it is one of the most open root Windows keys.
    • HKEY_USERS (HKU): As the name suggests, this root key contains the settings of all users, including logged in and logged out users, so don't confuse this key with HKCU.
    • HKEY_CURRENT_CONFIG (HKCC): Simply put, it is a pseudo root key because it is a direct link to the current hardware profile settings in the HKLM root key.

    Partition options

    Each of these root keys has its own sections, and each section has its own parameters. In each section you can create 6 various types parameters, and the values ​​of these parameters are entirely dependent on the target program and/or configuration requirements.

    In general, there are four main types of data used in the Registry Editor Windows any versions - 7,8 or 10:

    • String parameter: consists of a simple readable text and is one of the most frequently used settings in the Windows registry.
    • Binary parameter: As the name suggests, this parameter contains only binary data (0, 1). Often used to turn a specific feature on or off.
    • ParameterDWORD (32 bits): similar to a binary parameter, but capable of storing any integer in the range of 32 bits. Designed to work with 32-bit systems, but is also used on 64-bit systems for backward compatibility.
    • ParameterQWORD (64 bits): this parameter is almost like a DWORD, but is capable of carrying any integer in the range of 64 bits. We can say that QWORD is designed to work with 64-bit systems.

    How to open Windows Registry Editor

    This method of opening the registry will work regardless installed version Windows - 7,8 or 10:

    Press +R key to open the Run window. Type or and press Enter or OK. If the User Account Control (UAC) window appears, click Yes.

    Basic executable file registry editor is located in the directory C:\Windows. So you can open this folder and run regedit.exe directly, or you can simply create a shortcut to regedit.exe in a location convenient for you.

    Registry Editor: for 64-bit and 32-bit Windows

    The registry in 64-bit versions of Windows consists of 32-bit and 64-bit sections. Many of the 32-bit partitions have the same names as their 64-bit counterparts, and vice versa.

    The default 64-bit version (regedit.exe) displays both 64-bit and 32-bit partitions. In the 64-bit version of Registry Editor, 32-bit keys appear in the following registry key:

    HKEY_LOCAL_MACHINE\Software\WOW6432Node

    You can view and edit 64-bit and 32-bit sections and settings using the 64-bit version of the editor. To view or edit 64-bit keys, you must use the 64-bit version of Registry Editor (regedit.exe). You can also edit and view 32-bit keys and values ​​using the 32-bit version (%systemroot\%Syswow64). To open the 32-bit version of Registry Editor, follow these steps:

    • Open the Run dialog.
    • Enter %systemroot%\syswow64\regedit and click OK.

    Note

    You must close the 64-bit version of Registry Editor before opening the 32-bit version (and vice versa). However, you can open a second instance of Registry Editor. For example, if the 64-bit version of the editor is already running, enter the command %systemroot%\syswow64\regedit -m to launch the 32-bit version of the editor.

    Creating new sections and parameters

    Creating sections and parameters is very simple. But before you do anything, please create backup copy Windows registry, since any incorrect settings or deletion important elements may cause critical errors.

    To create a backup, in the editor window, click "File -> Export", enter a file name and save it in a safe place.

    To create new section, right-click on the root-level key and select New -> Partition. The new partition will look like a folder, and by default it will be called something like "New Partition #1". Of course, the section can always be renamed. The same procedure is followed whenever a new subkey needs to be created.

    To create new parameter, right-click in an empty area of ​​the editor's right pane and select the option you want. The created parameter must be given a name; The name depends entirely on the specific requirements.

    To assign a value to a parameter, double-click it and enter a value. Again, the value depends on the program or specific settings.

    Access rights to registry keys

    By analogy with rights and permissions for certain objects in a file NTFS system, the same protection is provided for registry keys.

    Ever since Windows Vista large number OS-specific registry keys storing Windows settings, are under Windows protection Resource Protection, so you can't just delete or change them. You cannot do this without becoming their owner and setting permissions (access rights) on them. Fortunately, the operating system allows this too, but manual method It’s too tedious, so it’s better to use a simple utility that automates this whole process.

    That's all! I hope the above has helped you better understand the Windows Registry and its main components. Share your opinions and experiences in the comments below!

    Have a great day!

    Perhaps each of you has heard the word “registry,” but few have asked the question “What is it,” but in vain. After all, the ability to edit the registry can save a lot of time, money, nerves and effort. How to launch the registry of the Windows 7 operating system, as well as the main methods of using it, are discussed in detail in this article.

    First, you need to understand what exactly the registry is. To better understand this, imagine a notebook with some notes in a certain sequence. If all the sheets from this notebook are torn out and mixed, the information will remain the same, but it will be much more difficult to read. We'll have to find it first desired page before reading it, and this is extra time.

    A similar situation occurred when using the Fat16 file system, which had serious performance problems. Then it was decided to introduce a register to organize information. Over time, the problems solved by the registry disappeared, but it was retained due to backward compatibility.

    The Windows Registry is a hierarchically built database of parameters and settings of installed programs.

    Physically, all registry settings are recorded in files and scattered throughout the system. When the program starts, the registry finds required parameters and operates with them. How more apps on computers, the more parameter files there are, and the more time it will take to find what you need. Therefore, the registry needs to be cleaned from time to time to maintain system performance.

    There are two ways to launch the Windows 7 registry:

    1. Start → in the search bar write regedit → in the results found, open the file regedit.exe.
    2. Launch Explorer → go to the C:\Windows folder → look for the regedit.exe file and open it.

    If you did everything correctly, the Registry Editor will open.

    Editing the registry. Export/Import

    • On the left side there are sections.
    • On the right are the parameters.
    • At the bottom is the status bar, which displays the path to the parameter.

    When working with registry settings, you need to be extremely careful and careful, because the registry is nervous system Windows. Therefore, before changing any settings, it is recommended to create a copy of the registry.

    Right-click on the “Computer” section - Export - set a name, check the export range (should be “Entire Registry”) and specify the folder - click save.

    After the above steps, a file with the extension .reg will appear. Now, if you mess up changing settings, the registry can always be returned to its original state.

    To do this, click “File” – Import... - look for the Registry.reg we saved earlier and click “Open”. All parameters will return to the time the copy was created.

    Recovering the administrator password using the registry

    For an example showing what tasks can be performed in the registry, consider the following problem. Let's assume that you are . No problem! It can be changed using the registry. For this we need.

    1. Boot from installation disk. After copying the new data, we will be asked to select a language. Leave everything as it is and click “Next”.
    2. In the new window, select “ ”, after which the computer will search for installed operating systems.
    3. A window may appear with the text “Problems detected in the boot options.” Ignore and select the operating system and click “Next”.
    4. In the next window, select the lowest parameter “”
    5. IN command line We type the regedit command we already know and press Enter.
    6. In the editor, select HKEY_LOCAL_MACHINE
    7. Then, in the File menu, select “Load Hive”.
    8. Go to the folder C:\Windows\System32\config (the letter may differ from the usual C). We are interested in the SYSTEM file.
    9. Enter any section name. For example: 888.
    10. Go to the HKEY_LOCAL_MACHINE\888\Setup section. Click twice on the parameter:
      • CmdLine , enter cmd.exe and click OK
      • SetupType , replace 0 with 2 and click OK.

      As a result of the above manipulations, it should look like this:

    The official publication of Microsoft - Microsoft Computer Dictionary - defines the Windows system registry ( Windows Registry, Windows Register) as a hierarchical centralized database used in Microsoft operating systems starting with Microsoft versions Windows 98, and designed to store information necessary to configure the operating system to work with users, programs and devices.

    Thus, the Windows system registry is primarily the basis of the operating system, a huge database of settings stored in folders %SystemRoot%\System32\Config and the user profiles folder (Ntuser.dat). Without it, the operating system would be just a collection of programs unable to perform even the simplest OS functions. Everything, including any configuration data details, is located in system registry. All data stored in the register is presented in a standardized form and is clearly structured according to the proposed Windows developers hierarchy. Information in the system registry is stored in binary, that is, in binary representation, which allows not only to place a significantly larger volume of various data there, but also to significantly increase the speed of working with it.

    The system registry stores data that is necessary for the proper functioning of Windows. This includes profiles of all users, information about installed software and the types of documents that can be created by each program, information about folder properties and application icons, and installed equipment and the ports used. The operating system constantly accesses this data during boot, operation, and shutdown. Many programs store not only data about their settings in the registry, but also data about their registration, especially for trial versions that have expired. trial period checked through the Windows system registry.

    If you install or remove any devices, applications, user data or system components information about such changes is written to the registry and read from there during each boot of the operating system. It is not surprising that over time the size of the system registry is constantly increasing, which also negatively affects the time it takes to access it. When uninstalled, many programs leave behind invalid keys and incorrect links, and this leads to a huge amount of garbage appearing in the Windows registry, which also negatively affects access time.

    A study of the operation of the operating system provided information that during system startup, up to a thousand calls to the system registry occur, and while working on a PC, up to 10 thousand are made during one work session. From this we can conclude: the capabilities of the operating system, its performance and the algorithm of operation of the entire computer as a whole largely depend on what parameters are specified in the registry.

    The above leads to the following conclusion: incorrectly changing the information stored in the system registry is quite capable of disrupting Windows performance. It is enough to make a mistake in recording the value of a key or parameter, and the user will no longer be able to boot the computer. It is for this reason that OS developers have significantly limited access to the Windows registry, and only OS users who have a account administrator.

    Now let’s talk about the form in which the registry is stored in the operating system. Its versions for different operating systems Windows family have certain differences. For example, in Windows 98, the registry files are named User.dat and System.dat. In Windows Millennium Edition - Classes.dat, User.dat and System.dat.

    The registry of Windows XP and older versions is somewhat more complicated. Although in registry viewing programs it appears to us as a single database, but on physical level The registry is heterogeneous and consists of many files, each of which is responsible for its own volume of information presented in this database.

    Some of the information displayed in the system registry is never saved to disk as physical files, but is placed in the computer's memory during the boot process and is lost when the power is turned off. Such registry sections are called volatile. In particular, volatile sections of the Windows registry include data that accumulates information about the equipment connected to the system and assigned various devices resources: interrupt requests (IRQ), channels direct access to memory (DMA) and input/output ranges (I/O Range). Since polling, device initialization and dynamic resource allocation are carried out precisely during Windows boot, all this information is stored directly in the computer’s memory: the next time you start the machine, the composition of the equipment may be different.

    Other components of the Windows registry that store operating system configuration data, settings, and settings are contained in system folder %systemroot%\System32\Config. Files that include Windows XP user profile information are stored in the folder %systemroot%\Profiles. Finally, all data related to any specific system settings for each user, as well as data about their personal configuration of the work environment, is presented in folders %Drive%\Documents and Settings\%UserName%, Where %Drive%- the name of the disk partition on which Windows XP is installed, and %UserName%- a folder whose name corresponds to the name of one of the users registered in the system. More information about local Windows users by default they are contained in the folder %Drive%\Documents and Settings\LocalService, and data on system settings for remote users- in a folder %Drive%\Documents and Settings\NetworkService.

    With the advent of 64-bit operating systems, differences appeared in their system registries - the registries of 64-bit versions of Windows XP, Windows Server 2003 and Windows Vista are divided into 32-bit and 64-bit partitions. However, most 32-bit partitions have the same names as their 64-bit partition counterparts, and vice versa.

    Windows Registry (system registry) is a hierarchical (tree) database containing records that define the parameters and settings of operating systems Microsoft systems Windows. The registry, as it appears when viewed by Registry Editor, is built from data that comes from registry files and hardware information collected during the boot process. In the description of registry files on English term used "Hive". In Microsoft documentation this term is translated as "Bush".

    The main files responsible for creating the registry

    Registry files are created during the installation process of the operating system and are stored in the folder:

    %SystemRoot%\system32\config (usually C:\windows\system32\config ).

    For Windows operating systems these are files named:

    system
    software
    sam
    security
    default
    components
    bcd-template

    In operating rooms Windows systems Vista, Windows 7, Windows8, , , registry files are located in the directory \Windows\system32\config and have the same names, however, in these operating systems a new registry key has been added to store ( Boot Configuration Data) with name BCD00000000. The file with the data for this section is named bcd and is located in hidden folder Boot active partition (the partition from which the system boots). Usually, when standard installation Windows, a small active partition is created (from 100 to 500 megabytes depending on the operating system), which is hidden from the user and contains only service data for booting the system - boot records, download manager bootmgr,boot configuration store BCD, localization files and memory testing programs. Bush location bcd depends on how the system boot loader is configured during installation, and may be located on the same partition as the Windows directory.

    Location of registry files in any Windows versions can be viewed using the Registry Editor, in the section:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist

    This section stores information about all hives, including user profiles, with links to their location in file system Windows.

    Registry structure

    The Windows registry has a tree structure and consists of 5 main registry keys:

    HKEY_LOCAL_MACHINE (HKLM) is the largest registry key. It contains all the basic settings of the operating system, as well as computer hardware and software. The information contained in this section applies to all users registering on the system.

    HKEY_CLASSES_ROOT (HKCR) - contains associations between applications and file types (by file extensions). This section also contains information about registered file types and COM and ActiveX objects. Except HKEY_CLASSES_ROOT this information is also stored in sections HKEY_LOCAL_MACHINE And HKEY_CURRENT_USER. Chapter HKEY_LOCAL_MACHINE\Software\Classes contains default settings that apply to all users local computer. Options contained in the section HKEY_CURRENT_USER\Software\Classes, override the default ones and apply only to the current user. Chapter HKEY_CLASSES_ROOT includes data from both sources.

    HKEY_USERS (HKU) - contains environment settings for each of the loaded user profiles, as well as for the default profile. IN HKEY_USERS there is a nested section \Default, as well as other subsections identified by the security identifier ( Security ID, SID) each user.

      HKEY_CURRENT USER (HKCU) - contains environment settings for the user currently logged into the system (environment variables, desktop settings, network settings, applications and connected devices).

    This section duplicates the information in HKEY_USERS\user SID, Where user SID- security identifier of the user currently registered in the system (you can find out the SID of the current user by typing in the command line whoami/user).

    HKEY_CURRENT_CONFIG (HKCC) - contains settings for the current hardware profile. The current hardware profile includes sets of changes made to the standard device configuration specified in the subsections Software And System root partition HKEY LOCAL_MACHINE. IN HKEY_CURRENT_CONFIG Only changes are reflected. In addition, the information in this section is located in HKEY_LOCAL_MACHINE\System\CurrentControlSet\HardwareProfiles\Current.

    Data in the registry is stored in the form of settings located in registry keys. Each parameter is characterized by a name, data type, and value.

    Basic data types used in the registry

    REG_DWORD - 32-bit number. Many device driver and service settings use this type of data. Registry editors can display this data in binary, hexadecimal, and decimal format.

    REG_SZ - A text string in a human readable format. Values ​​that represent component descriptions are typically assigned this data type.

    REG_EXPAND_SZ - The data string to be expanded. This line is text containing a variable that can be replaced when called by the application, for example used to record environment variables.

    REG_MULTI_SZ - Multiline field. Values ​​that are actually lists of text strings in a human-readable format typically have this data type. The lines are separated by the NULL character.

    REG_BINARY - Binary data. Most hardware components use information that is stored as binary data. Registry editors display this information in hexadecimal format.

    REG_RESOURCE_LIST - List of hardware resources. Applies only to a branch HKEY_LOCAL_MACHINE\HARDWARE.

    You can also sometimes find the following types of registry data:

    REG_RESOURCE_REQUIREMENTS_LIST- List of required hardware resources. Applies only to a branch HKEY_LOCAL_MACHINE\HARDWARE.

    REG_FULL_RESOURCE_ DESCRIPTOR - Descriptor (descriptor) of a hardware resource. Applies only to a branch HKEY_LOCAL_MACHINE\HARDWARE.

    REG_QWORD - 64-bit number.

    REG_DWORD_ LITTLE_ENDIAN - 32-bit number in little-endian format, equivalent REG_DWORD.

    REG_DWORD_BIG_ENDIAN is a 32-bit number in big-endian format.

    REG_QWORD_LITTLE_ENDIAN is a 64-bit number in arrowhead format. Equivalent REG_QWORD.

    REG_NONE - The parameter does not have a specific data type.

    Interaction of the registry with the operating system

    When the computer starts, the hardware recognizer ( hardware recognizer) places a list of devices it detects in the registry. Typically, hardware recognition is done by software Ntdetect.com and the operating system kernel Ntoskrnl.exe

    When the system starts, the system kernel retrieves information from the registry about the device drivers being loaded and the order in which they are loaded. In addition, the program Ntoskrnl.exe sends information about itself to the registry (for example, version number).

    During the system boot process, device drivers exchange boot parameters and configuration data with the registry. The device driver reports what it is using. system resources, including hardware interrupts ( IRQ) and memory access channels ( DMA) so that the system can include this data in the registry. By the way, the registry allows you to create several hardware profiles. Hardware profile ( hardware profile) is a set of instructions that can be used to tell the operating system which device drivers should load when the computer starts. By default, the system creates a standard hardware profile that contains information about all the hardware found on the computer.

    When a user logs in, user profiles are loaded ( user profiles). All information related to a specific username and associated rights is stored in the registry. The user profile defines individual system settings (display resolution, settings network connections, connected devices and much more). Information about user profiles is also stored in the registry.

    When installing applications. Each time you run the installer, new configuration data is added to the registry. When starting their work, all installation programs must read information from the registry to determine whether the components they need are present on the system. In addition, the registry allows applications to share configuration information, giving them more interoperability. The application must actively and correctly use the registry, and also be able to correctly remove it without affecting components that may be used by other programs (libraries, software modules etc.). This information is also stored in the registry.

    When administering the system. When a user makes changes to the system configuration using system administration tools (for example, using Control panels or snap MMC), all changes are immediately reflected in the system registry. In fact, administration tools are the most convenient and safe means registry modifications. By the way, the registry editor can also be considered an administrative tool ( regedit.exe), because all changes to the system can be made directly by editing the registry.

      ■ During the loading and operation of the operating system, registry data is constantly accessed, both for reading and writing. Registry files are constantly changing because not only the system, but also individual applications can use the registry to store their own data, parameters and settings. In other words, accessing the registry is one of the most common operations. Even if the user is not working at the computer, the registry is still accessed by system services, drivers, and applications.

      ■ Violation of the integrity of the registry files (violation of the data structure) or incorrect values ​​of individual critical parameters can lead to system crash. Therefore, before experimenting with the registry, take care of the possibility of saving and restoring it.

    Read more: