Where are the Windows Registry files?
If
you have Windows 9x or ME, known as the 9x Platform, the Registry files
are stored in the Windows folder. They are named System.dat and
User.dat. However, Windows ME also has Classes.dat. These files all have
Hidden attributes so unless you are view hidden files you will not find
them.
If you have Windows NT, 2000,
2003, Xp or Vista, known as the NT Platform, the Registry files are
stored in their own folder; Windows\System32\Config. You will not be
able to copy these files to make backups, as the operating system is
protecting them for security reasons.
Lets start with an explanation of the Registry Keys.
Open RegEdit, you'll see the six Hives on the Windows 9x Platform and five on the NT Platform under the "My Computer" header:
HKEY_CLASSES_ROOT:
Contains software settings about the file system, it contains shortcut
information, and other user interface information. There will be a
SubKey for every file association. And each Key here points to another
key. The entire Hive is part of HKEY_LOCAL_MACHINE and can be found at
HKEY_LOCAL_MACHINE\Software\Classes. If you change a setting in either
of these two locations it is also changed in the other.
HKEY_CURRENT_USER:
Contains the information for the currently logged-on user, such as
settings and software information. Setting changed in this Hive will
only affect the current user. This Hive is part of the HKEY_USERS hive.
1) AppEvents Key: contains the settings for which sounds to play for system sound events
2) Control Panel Key: Control Panel settings are stored here, similar to system.ini and win.ini in Win 3.x.
3) InstallLocationsMRU: contains folder paths and drives
4) Keyboard layout: specifies current keyboard layout
5) Network: Network connection information
6) RemoteAccess: Contains information about the current log-on location using Dial-Up Networking
7) Software: Software configuration settings for the currently logged-on user.
You may find other Keys here placed by other software, that is probably should have been placed in one of the above Sub-Keys. The entire Hive is also found at the HKEY_USERS\.Default or if more then one profile HKEY_USERS\(Profile name). If you change and setting in either of these two locations it is also changed in the other.
1) AppEvents Key: contains the settings for which sounds to play for system sound events
2) Control Panel Key: Control Panel settings are stored here, similar to system.ini and win.ini in Win 3.x.
3) InstallLocationsMRU: contains folder paths and drives
4) Keyboard layout: specifies current keyboard layout
5) Network: Network connection information
6) RemoteAccess: Contains information about the current log-on location using Dial-Up Networking
7) Software: Software configuration settings for the currently logged-on user.
You may find other Keys here placed by other software, that is probably should have been placed in one of the above Sub-Keys. The entire Hive is also found at the HKEY_USERS\.Default or if more then one profile HKEY_USERS\(Profile name). If you change and setting in either of these two locations it is also changed in the other.
HKEY_LOCAL_MACHINE: Contains information about the hardware and software settings that are used for all users of this computer.
1) Config: Configuration information . Same as the Hive HKEY_CURRENT_CONFIG on Windows 9x
2) Enum: Hardware information (found under System in NT)
3) Hardware: Information passed to Windows from the BIOS (found under System in NT)
4) Network: information about networks installed to the machine.
5) Security: network security settings.
6) Software: Software-specific information and settings
7) System: System startup and device driver information, and operating system settings.
1) Config: Configuration information . Same as the Hive HKEY_CURRENT_CONFIG on Windows 9x
2) Enum: Hardware information (found under System in NT)
3) Hardware: Information passed to Windows from the BIOS (found under System in NT)
4) Network: information about networks installed to the machine.
5) Security: network security settings.
6) Software: Software-specific information and settings
7) System: System startup and device driver information, and operating system settings.
HKEY_USERS:
Information about for each user that logs onto this computer is stored
here. Each user will have a Sub-Key under this heading. On Windows 9x,
if there is only one user, the SubKey will be ".default". When a user
logs on, one of the Sub-Keys will be loaded to the HKEY_CURRENT_USER
key.
HKEY_CURRENT_CONFIG :
Contains info about the current hardware configuration, pointing to
HKEY_LOCAL_MACHINE\Config. This hive is dynamic, meaning it is built on
the fly.
HKEY_DYN_DATA: This key
contains dynamic information about plug-n-play devices. The data here
changes constantly. This key is rewritten every time you boot up, it is a
virtual Hive. This Hive is dynamic, meaning it is built on the fly and
is not used on the NT Platform.
How Windows uses the Registry
For reference:
HKCU=HKEY_CURRENT_USER
HKLM=HKEY_LOCAL_MACHINE
HKLM=HKEY_LOCAL_MACHINE
First
you need to understand that the Shell of Windows is the Windows
Explorer. Without the Explorer there is no Windows, No desktop and so
on.
With Windows loaded and you are
logged on, Windows now can use the information in the Registry that each
Hive contains. Here is a sample of how the Registry is used.
So let's click on the Start button, which is controlled be the Explorer.exe. Now Windows reads the Key HKCU\ Microsoft\ Windows\ CurrentVersion\ Policies
Keys to determine what the current user is allowed to do. What the user
is allowed to access. Now scroll up to the Programs label and the Key HKCU\ Microsoft\ Windows\ CurrentVersion\ Explorer
is read to determine how Windows will react. Now you open the Start
menu and it opens, then you click on a program you wish to open. This is
a shortcut that you are clicking on. A shortcut is a file with the
extension ".lnk" so Windows now looks at the HKLM\Software\Classes Key
for the extension ".lnk" which reads "lnkfile". So Windows now looks for
HKLM\Software\Classes\lnkfile which read "ShortCut" and it sees
"NeverShowEx" = "" which means do not display file extension for this
type of file extension. Windows then looks to see what SubKeys are there
and it finds a CLSID SubKey which points to "{00021401- 0000- 0000-
C000- 000000000046}". Since the SubKey was "CLSID" Windows knows to look
at HKLM\Software\Classes\CLSID Key and finds the matching SubKey. This
Key also read "ShortCut" and Windows now looks for what SubKeys are
available. It find the "ProgID" Key which points back to the "lnkfile"
Key. and it find the server file at the "InProcServer32" file. So
Windows now knows to serve this file to Shell32.dll.
If
the Explorer did not find the CLSID key listed it would have to search
the CLSID Keys for a matching ProgID Key that pointed to the "lnkfile"
Key.
Shell32.dll now takes over, the
Explorer makes an API call to the Shell32.dll and tells it to Shell
(run, start) the file that the that you clicked on. Now the Shell32
knows that this is a ShortCut so it reads the file and determines that
you wish to activate the program QikFix. So it starts QikFix now needs
an starts loading the other DLLs it needs to run. QikFix searches its'
own directory and if not found there looks to the Windows Folder then
the System folder. It finds the DLLs it knows it need to run, and then
now sees that it needs an interface. So as with all Visual Basic
programs it need the Msvbvm50.Dll or Msvbvm60.Dll to do the work for it.
So then Msvbvm50.dll draws the plain window and then starts adding the
text boxes and the tabs. To do this is may need help form another dll as
with the case of the tabs. It knows it needs tabclt32.ocx because when I
selected to use the tabs I need to include the DLL name in my source
code, which in this case is an Active X control (ocx). Now it needs to
draw Tabs but the Msvbvm50.dll has no idea what a tab is.
If there where TypeLib Keys under the CLSID Key then the Explorer would also got read the matching HKLM\Software\Classes\TypeLib
Key. The TypeLib Key may point to an Interface Key
(HKLM\Software\Classes\Interface) and this Key will tell the Explorer
what version is available and so on. To understand more you need to read
the next section about SubKeys.
Explanation of SubKeys
You
will find a vast amount of different SubKeys, some are user (read) only
by the software program, while most of the SubKeys are read by Windows.
So for this example let's use the * Key. If you open RegEdit and go to the HKEY_CLASSES_ROOT Hive the first Key down will be the *. This Key is a wildcard Key for File extensions, all files. You will find a SubKey Shellex
which should have no value set.The Shellex Key tells the Explorer what
to do when you right click on a file. The context menu should be
displayed when you right click a file, the Explorer will use the
ContextMenuHandlers SubKey. You will also find a PropertySheetHandlers
SubKey there also.This SubKey tells the Explorer what to display when
you right click a file and select Properties.
My
ContextMenuHandlers SubKey has three SubKeys, Open With, Quick View,
and WinZip. I added the Open With SubKey so that I always have the
option of the Open With when I right click a file. If you have the
WinZip installed you'll have the WinZip SubKey, so let's follow the
WinZip SubKey. It points to a CLSID Key, HKEY_CLASSES_ROOT\ CLSID\ {E0D79304- 84BE- 11CE- 9641- 444553540000} Key, and this Key has the SubKey InProcServer32 which points to WZSHLSTB.DLL. So Windows now knows what DLL to load if you click on WinZip in the context menu.
Now
let's open RegEdit (so you can follow) and go to
HKEY_CLASSES_ROOT\.gif, then right click on a file we all have,
C:\Windows\Cloud.gif, this is a a standard Windows file. The .gif
Key does have a Shellex SubKey, but not a ContextMenuHandler SubKey, so
only the default context menu will be displayed. It does have the
SubKey {BB2E617C- 0920- 11d1- 9A0B- 00C04FC2D6C1} which points to the
CLSID\{3F30C968- 480A- 4C6C- 862D- EFC0897BB84B} Key which is now
telling the Explorer if Thumb nails are use what to do, what file will
handle this operation.
Now right click the Cloud.gif file and select Open. You will notice that the (Default) value of the .gif Key points to giffile. Windows will now go to HKEY_CLASSES_ROOT\giffile to see what it must do. The (Default) value
of this Key is GIF Image, this is what is displayed in the Explorer
under the "Type" column if you view files in Detail. The giffile Key has
3 SubKeys, CLSID, DefaultIcon, and Shell. The DefaultIcon SubKey tells
the Explorer what Icon should be displayed for a .gif file. The Shell
SubKey should have 3 SubKeys, Open, Print, and Printto. Since we select
Open on the Context Menu which would be the same as double clicking on
the file, Windows will use the Shell\Open subkey. The Shell\Open Key has
one or two SubKeys Command, and maybe a ddeexec SubKey. If you have
just the Command Key, Windows stops there and shells (starts - run)the
file listed at the (Default) value of the
Shell\Open\Command SubKey with the parameter (command line)
C:\Windows\Cloud.gif . This will tell the program, possibly Fast View to
display the file Cloud.gif.
If there
is no ddeexec SubKey the (Default) value would look something like
this. "C:\Easy Desk Utilities\Fast View\Fastview.exe" %1. The %1 means
to pass the file path and name only on to Fast View. This would be the
same as typing in the Run box at the Start menu
C:\EasyDe~1\FastVi~1\Fastview.exe C:\Windows\Cloud.gif. The Run box
needs to have 8.3 format. Now Fast View is displaying the Cloud.gif
file.
If you have a ddeexec SubKey the (Default) value might be :
"rundll32.exe C:\WINDOWS \SYSTEM\ SHIMGVW.DLL ,ImageView_Fullscreen " and ddeexec SubKey value is "[open(%1)]", In the Run box you would type:
rundll32.exe C:\WINDOWS\ SYSTEM\ SHIMGVW.DLL, ImageView_Fullscreen C:\Windows\Cloud.gif
"rundll32.exe C:\WINDOWS \SYSTEM\ SHIMGVW.DLL ,ImageView_Fullscreen " and ddeexec SubKey value is "[open(%1)]", In the Run box you would type:
rundll32.exe C:\WINDOWS\ SYSTEM\ SHIMGVW.DLL, ImageView_Fullscreen C:\Windows\Cloud.gif
The Heart of Windows
The
Registry works the same on both the Windows 9x platform, and the NT
Platform. However it is laid out a little differently, especially when
it comes to the hardware.
The real
heart of the Windows Registry is found at the Key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows, controlling the software.
The System Drivers are controlled at HKEY_LOCAL_MACHINE\System. The
hardware is controlled at HKEY_LOCAL_MACHINE\Enum in Windows 9x and ME
And HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum in the NT Platform.
few important links:
increase the bandwidth of your computer
Block & Unblock the USB Port
how to add any application to desktop on right click
How to Firebox to make it faster
Hack Software and Run the Trial Program Forever
increase the bandwidth of your computer
Block & Unblock the USB Port
how to add any application to desktop on right click
How to Firebox to make it faster
Hack Software and Run the Trial Program Forever
No comments:
Post a Comment