The Windows Registry
The registry is a Windows database that contains all of the settings that determine how the operating system works, how a significant part of the settings that determine how the computer hardware works, and how various other programs that are not part of the operating system work.
It refers to various files which are concentrated in the Windows system directories (c:\windows\system32 being the most prominent one), and which cannot be edited directly, using normal editing software.
The tool that is used to edit all of these settings, and even add new settings, is the registry editor.
This editor can be accessed by entering the command ‘regedit’ in the run menu/command line of Windows.
This editor shows all of these settings, which are scattered among different files, in a centralized view, and according to a logical hierarchical order.
It also allows an editing interface for all of them.
Some of these settings can only be edited by using the registry editor and have no other access.
This collection of files loads a lot of information into the volatile memory when the operating system is loaded (booted) , and this information collectively affects the operation of all parts of the operating system as well as various programs that run in conjunction with it.
As soon as we edit this information, there is a need to turn off the computer in order for the volatile information to be recorded/written as permanent information on the hard disk, thus saving the changes permanently.
Sometimes changes in the registry will not take effect until we turn the computer off and back on again, and only then, we will be able to use the edited information to affect the system.
The registry is a powerful and flexible tool, the control of which allows for a very high level of system configuration.
A user with normal privileges, who is familiar with the use of the registry, can perform operations with the privileges of the windows NT-Authority user, which will not be allowed in any other way, without obtaining high privileges.
There are five main categories of settings, which appear in the interface as superdirectories (or "hives"), and which contain all of the definitions in subdirectories, in the format of keys and their values.
Actually three of these five hives are themselves subdirectories of the remaining two, but they are all important enough to be presented as main categories in the interface.
The hives are:
HKEY_LOCAL_MACHINE which contains all of the settings related to the computer's general operating system, regardles of the currently active user session.
HKEY_USERS which contains all the settings related to the user profiles in the system.
Each of the user’s settings are concentrated in separated subdirectory or “mini-hive” under this hive.
HKEY_CURRENT_USER is a subdirectory of the users directory, which contains all the settings that affect the behavior of the current user profile (which is currently active in the operating system).
HKEY_CLASSES_ROOT is a hive that contains all of the file extentions of the windows operating systme and their configured correlations/associations to file types.
Note that the file extentions are only native windows definitions that are used to identify the file types, but they do not actually determine the file types. They need to be mapped to the actual binary patterns which determine the file's type and function, thereby enabling windows to pair the correct program/application with a file in order to run this particular file.
It is made up of a collection of keys and values that can also be found at the HKEY_CURRENT_USER and the HKEY_LOCAL_MACHINE hives.
HKEY_LOCAL_CONFIG contains keys and values exhibiting the unique configuration settings of the computer's hardware profile. It displays only settings that differ from the standard Windows hardware configuration.