|
|
There are six main branches, each containing a specific portion of
the information stored in the Registry. They are as follows:
 | HKEY_CLASSES_ROOT - This branch contains all of your file
association mappings to support the drag-and-drop feature, OLE
information, Windows shortcuts, and core aspects of the Windows user
interface.
|
| HKEY_CURRENT_USER - This branch links to the section of
HKEY_USERS appropriate for the user currently logged onto the PC and
contains information such as logon names, desktop settings, and
Start menu settings.
|
| HKEY_LOCAL_MACHINE - This branch contains computer specific
information about the type of hardware, software, and other
preferences on a given PC, this information is used for all users
who log onto this computer.
|
| HKEY_USERS - This branch contains individual preferences
for each user of the computer, each user is represented by a SID
sub-key located under the main branch.
|
| HKEY_CURRENT_CONFIG - This branch links to the section of
HKEY_LOCAL_MACHINE appropriate for the current hardware
configuration.
|
| HKEY_DYN_DATA - This branch points to the part of
HKEY_LOCAL_MACHINE, for use with the Plug-&-Play features of
Windows, this section is dymanic and will change as devices are
added and removed from the system. |
Each registry value is stored as one of five main data types:
| REG_BINARY - This type stores the value as raw binary data.
Most hardware component information is stored as binary data, and
can be displayed in an editor in hexadecimal format.
|
| REG_DWORD - This type represents the data by a four byte
number and is commonly used for boolean values, such as
"0" is disabled and "1" is enabled. Additionally
many parameters for device driver and services are this type, and
can be displayed in REGEDT32 in binary, hexadecimal and decimal
format, or in REGEDIT in hexadecimal and decimal format.
| REG_EXPAND_SZ - This type is an expandable data string that
is string containing a variable to be replaced when called by an
application. For example, for the following value, the string
"%SystemRoot%" will replaced by the actual location of the
directory containing the Windows NT system files. (This type is only
available using an advanced registry editor such as REGEDT32)
| |
| REG_MULTI_SZ - This type is a multiple string used to
represent values that contain lists or multiple values, each entry
is separated by a NULL character. (This type is only available using
an advanced registry editor such as REGEDT32)
|
| REG_SZ - This type is a standard string, used to represent
human readable text values. |
Other data types not available through the standard registry editors
include:
| REG_DWORD_LITTLE_ENDIAN - A 32-bit number in little-endian
format.
|
| REG_DWORD_BIG_ENDIAN - A 32-bit number in big-endian
format.
| REG_LINK - A Unicode symbolic link. Used internally;
applications should not use this type.
| |
| REG_NONE - No defined value type.
|
| REG_QWORD - A 64-bit number.
|
| REG_QWORD_LITTLE_ENDIAN - A 64-bit number in little-endian
format.
|
| REG_RESOURCE_LIST - A device-driver resource list. |
Registry Part 3 |
