Structure of the Windows Registry
By opening the Registry Editor (by typing “regedit” in the run window), the Registry can be seen as one unified “file system”. The left-hand pane, also known as the key pane contains an organized listing of what appear to be folders. The five most hierarchal folders are called “hives” and begin with “HKEY” (an abbreviation for Handle to a Key). Although five hives can be seen, only two of these are actually “real”, HKEY_USERS (HKU) and HKEY_LOCAL_MACHINE (HKLM). The other three are shortcuts or aliases to branches within one of the two hives. Each of these five hives is composed of keys, which contain values and subkeys. Values are the names of certain items within a key, which uniquely identify specific values pertaining to the operating system, or to applications that depend upon that value.
A common
analogy that is often used to help understand the structure of the Windows
Registry is a comparison between it and the Windows Explorer file system,
both are very similar in their structures. The key pane of the Registry is
much like the hierarchical structure of the left-hand pane in the Windows
Explorer file system. The keys and subkeys located within the five main
hives are similar to folders and subfolders of Windows Explorer, and a key’s
value is similar to a file within a folder. In the right-hand pane of the
Windows Registry – a value’s name is similar to a file’s name, its
type is similar to a file’s extension, and its data is similar to
the actual contents of a file.
Figure 1 – Structure of the
Windows Registry
Root Key Functions:
Below
are listed the five hierarchical hives seen in Figure 1, with a very
basic description of each. Beside the root key is their commonly referred
to abbreviation in parenthesis, which will frequently be referred to as
throughout the paper.
1.HKEY_CLASSES_ROOT
(HKCR)
Information stored here ensures that the correct program opens when it is
executed in Windows Explorer. It also contains further details on
drag-and-drop rules, shortcuts, and information on the user interface.
Alias for:
HKLM\Software\Classes
2.HKEY_CURRENT_USER
(HKCU)
Contains configuration information for the user
who is currently logged into the system, including user’s folders, screen
colors, and Control Panel settings. Alias for a user specific branch
in HKEY_USERS. The
generic information usually applies to all users and is
HKU\.DEFAULT.
3.HKEY_LOCAL_MACHINE
(HKLM)
Contains machine hardware-specific information
that the operating system runs on. It includes a list of drives
mounted on the system and generic configurations of installed hardware and
applications.
4.HKEY_USERS
(HKU)
Contains configuration information of all user
profiles on the system, which concerns application configurations, and
visual settings.
5.HKEY_CURRENT_CONFIG
(HCU)
Stores information about the systems current
configuration. Alias for:
HKLM\Config\profile