'); } ?>




Registry is the heart of the system and within it are essential information of operating system. Over it can exert complete administration system and make operations that can not be made for example through .ini files. Everything Information in the registry database are indexed by the hierarchical order of and thus synthesized information quickly enforce though same very complicated.If someone says that the registry database remained intact after a stroke, surgery or operation, be convinced that this is a lie. System to access the registry database each click and each operation (but literally). The registry is separate for each logged on user registry database is changing from day to day … And its benefits are steadily increasing. Here for example, the earlier (in earlier OS-s), backup is done in .ini files and there was the principle of “what you see in Windows to be there and there. “

However, with the advent of registry database and editing the same could be made a number of customization system that under Windows, we would not be able to adjust (like removing shortcut arrow, eliminating the shared documents from my Computer etc.). And the most important component that enables the registry database Policy Management and the same and the following functions:

  • - Deplyment customisation
  • - Hardware profiles
  • - Folder redirection
  • Performance monitoring
  • Offline files
  • - Roaming user profiles
  • - Windows Managment instrumentation

Every thing in the world has its own past and the way of rising. To find out that looked and functioned registry in earlier OS – s, I will return to past.

Quasi registry in MS-DOS OS.

MS-DOS has gathered information from two essential system file: Config.sys and Autoexec.bat. Purpose Config.sys file was load the drivers, and the purpose of Autoexec.bat File was prepared by MS-DOS to use. The problem is of course that each application performs the same control, and there was no universal solution will conduct global monitoring the execution of operations.

Registry databases in Windows 3.0

With the advent of OS and there were also ini files that have extended the opportunities Config.sys and Autoexec.bat files. As I have mentioned several times .ini files  and explain what they really are. These are text files into sections and each section has at some information. The problem with these files is that there is no hierarchy, then the binary data are cumbersome and totally not suitable to store similar data. Percent .ini file a coupling between the application and the OS, each application has its own .ini file which is also in many cases creates a problem.

Registry databases in Windows 3.1

In this version of the OS, the registry database is a storehouse of OLE (Object Linking and Embedding) information, and windows 3.5 and windows 95 contain registry as now we have to windows xp. But despite the fact that, instead of using .ini files much better and easier way of storing information, and today there are .ini files, which are very useful.


Transferred from the past into the present, and discuss how the registry today:

REGEDIT is triggered via the RUN-a: Start  -> Run-> regedit, or in Windows 7, click Windows button > in search field type regedit

Regedit on the left hand has five folders ( Root Keys ) :

HKEY_CLASSES_ROOT – includes Windows shortcuts, OLE information, a ”heart” of the Windows user interface …

HKEY_CURRENT_USER – a link to HKEY_USERS and he loaded all adjustment, such as the desktop, start menu, logon, etc. ..

HKEY_LOCAL_MACHINE – all information System (information about hardware, software ..)

HKEY_USERS – contains individual data for each user separately and Each user is represented in the form of SID sub-key located above main branches.

HKEY_CURRENT_CONFIG – a link to the HKEY_LOCAL_MACHINE and answers data for the current hardware setup.

windows registry root keys

Each folder is actually one key. In each folder there are more or subfolders or some value  that are displayed in the right window and can be:

STRING VALUE – or text value

DWORD VALUEbinary value (0 or 1)  > 0 – disable, 1 – enable

BINARY VALUE – hexadecimal value

To create a new key or value, right click ( the key to some folder on the left and the value on the left), and choose Key or Value. When right-clicking on a value or key shall have the following options:

MODIFY – restatement   and   DELETE – delete.


Computer and user accounts (security principles aka security elements) Identify by Security identifiers (SID-s). This process goes on following the principle of coupling Active Directory — security principle — SID , LSA — SID for local security principles , Local security datbase DSA — SID for domain security principles — Active Desktop.

Thus prefigured is easy for consideration and understanding of:

Signs of Active Directory creates a security principle that generates SID for it. Local Security Authority created SID for local security principles that forthwith the local security database. Domain Security Authority create SID for SID for domain security principles that fit inside the Active Desktop.

SID is a unique system and it will never again use the same format.

If account is deleted and new account is added, this new account will get a new SID.

Now we catch nice and broken down SID and explain each of its part:

Here for example (probably not there this SID, but essential template):                        S-1-5-23-547-0123456789-0123456789-0123456789-123 .

SID always begins with “S“. The next number is the version of the SID (in our case it is version 1) The next number indicates the point whose the authority of SID (in our case it is 5, which is actually the NT SID order). These other figures we have seen, in three parts of 10 pieces of the domain identifier at the end of this last number is a relative identifier. Now, not all SID’s look like long, that there are those who are, for instance in the form of S-1-5-18 and as such are among the best known SID’s.

In addition to security identifiers and there are Globaly Unique identifiers (GUID-s). Those marks the objects in the form of special issues. These establishments generally already have their names but even though they happen to be the names of these objects coincide, their GUID-s will remain unique and through them we can distinguish. GUID-s have their own structure and all are structured by the same template: 16-bit hexadecimal numbers, arranged in groups and to the following sequence by: 8,4,4,4 and 12 characters (letters are used all from A to F, and the figures all from 0 to 9). Here for example, GUID from My Computer: {20D04FE0-3AEA-1069-A2D8-08002B30309D}


The largest number of registry data in hexadecimal form entries, and in addition. There hexadecimal and binary and decimal notation. Come to recall what all of those things.

- Decimal record number of 856 will be: 8 * 10 ^ 2 + 6 * 10 ^ 1 + 6 * 10 ^ 0 and the symbol “^” is called “on”. Ie 10 ^ 3 is “10 to the third” and emphasizes how decimals (or peasant told, “how many zeros”) contains the number, and the numbers 0 – 9,  now number 10 remains the same and it is called the base 6 (base 6), and the numbers on how the dozens of “graded” modified .

- Binary number 1011 will be: 1×2 ^ 3 + 0 * 2 ^ 2 + 1 * 2 ^ 1 + 1 * 2 ^ 0, or simply 11-th Figures are 0 and 1 , No. 2 always remains the same and it is called base 2 (base 2) and Numbers on how the deuce “graded” modified .

- Hexadecimal notation decimal number is 01101111 6f (since 0110 Hexadecimal 6, 1111 and hexadecimal F). And there is a reverse manner, meaning that the hexadecimal number get a decimal number. Here for example B02F will be 11 * 16 ^ 3 + 0 * 16 ^ 2 + 2 * 16 ^ 1 + 15 * 16 ^ 0.

Now you ask, so on earth by whom is this stereotyping? Here, there is a table, it is also refer to everything will be clear as day.

Binary | Hexadecimal | Decimal
| 0000 | 0 | 0 | 
| 0001 | 1 | 1 | 
| 0010 | 2 | 2 | 
| 0011 | 3 | 3 | 
| 0100 | 4 | 4 | 
| 0101 | 5 | 5 | 
| 0110 | 6 | 6 | 
| 0111 | 7 | 7 | 
| 1000 | 8 | 8 | 
| 1001 | 9 | 9 | 
| 1010 | A | 10 | 
| 1011 | B | 11 | 
| 1100 | C | 12 | 
| 1101 | D | 13 | 
| 1110 | E | 14 | 
| 1111 | F | 15 | 

The next term, which is important for us “bit masks” (bit masks). Sometimes in registry multiple configurations packed in a number and each bit in this issue a different adjustments. Signs in byte can be stored 8 adjustment, 16 adjustment within one to say, etc. Bit mask is Powered in the form of eg 0×21.

Regedit Tool

Regedit is a tool that allows the administration of registry database and equivalent of Windows Explorer. On the left regedit and there are folders, and the right of the contents of selected folder. Means the keys are equivalent folders in Windows Explorer and can contain multiple subkey, and the name of the key is limited to 512 or 256 ANSI UNICODE character and may contain and all ASCII characters except / * and? . Registry database is closely linked with the windows folder / files . Focus on path C: \ WINDOWS \ system32 \ cmd.exe. This refers to the path cmd file that are in system32 subfolder in the Windows folder. In parallel with this,  see HKEY_LOCAL_MACHINE \ SOFTWARE \ blabla softwareand hence conclude that the value of the “blabla software” belongs subkey SOFTWARE Primary key HKLM. So that we circled little anecdote about the key (keys).

regedit tool


Following remarking in registry values. Each key has their values-e. # Remember when I talked to the regedit equivalent of Windows Explorer … well, and the values are equivalent files and according to the following analogy:

- NAME values corresponding to the file name.

- TYPE values corresponding to the file extensions that actually determines the type of the file.

- DATA VALUES gossip currently contains the file.

From this we conclude that there are three parts of the values , which are: Name, Type, and Data ( to see everything when you click on a key and it show on the right side oh the registry editor) NAME: each value has its own name and at his government rule as in names of the keys: name values is limited to 512 or 256 ANSI UNICODE character and can contain all ASCII characters except  /   * and ?


Registry type of value

TYPE: As I said, every type of values describing the type of data contains:

Type of value – Description – Example

String (REG_SZ) | Text of constant length. In a dword, this is Type is most present type of values. Values of this type can end with zero character and must not contain enviroment variables.

Binary (REG_BINARY) | binary data (Binary | 0×02 0xFE 0xA9 0×38 | data). | 0×92 0×38 0xAB |.  Registry lists the binary data in hexadecimal notation, and ourselves when we take the binary data in hexadecimal form

DWORD (REG_DWORD) | Double-word values (32 | 0 – false / disable / no bits). | 1 – True / enable / yes ). Values of this type are shown in the form of zero or units and they are called  Boolean tags (Boolean flags). In the DWORD can be stored (1,000 to 1 second) time in milliseconds. DWORD can be inspected (0xFE020001) and edit in decimal (0×10010001) or hexadecimal record.

(REG_MULTI_SZ) contains a list of characters (strings), and each entry is divided “null” character (0×00), and two null character marks the end of the list. 

Expandable string – Text fluctuating length. |% userprofile% \ Favorites (REG_EXPAND_SZ). Values ​​of this type contain environment variables and before the exercise of the environment variables, the program needs to be extended in an appropriate Form, aka Path.