Windows Registry ( Windows Registry- system registry) is a hierarchical (tree) database containing records that define the parameters and settings of operating systems Microsoft Windows. The registry, as it appears when viewed by Registry Editor, is built from data that comes from registry files and hardware information collected during the boot process. In the description of registry files on English language term used "Hive". In Microsoft documentation this term is translated as "Bush".
The main files responsible for creating the registry
Registry files are created during the installation process of the operating system and are stored in the folder:
%SystemRoot%\system32\config (usually C:\windows\system32\config ).
For Windows operating systems these are files named:
system
software
sam
security
default
components
bcd-template
In operating rooms Windows systems Vista, Windows 7, Windows8, , , registry files are located in the directory \Windows\system32\config and have the same names, but in these operating systems it was added new section register for storage ( Boot Configuration Data) With name BCD00000000. The file with the data for this section is named bcd and is located in hidden folder Boot active partition (the partition from which the system boots). Usually, with standard Windows installation, the active partition is created small size(from 100 to 500 megabytes depending on the operating system), which is hidden from the user and contains only service data for loading the system - boot records, download manager bootmgr,boot configuration store BCD, localization files and memory testing programs. Bush location bcd depends on how the system boot loader is configured during installation, and may be located on the same partition as the Windows directory.
Location of registry files in any Windows versions can be viewed using the Registry Editor, in the section:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist
This section stores information about all hives, including user profiles, with links to their location in file system Windows.
Registry structure
The Windows registry has a tree structure and consists of 5 main registry keys:
HKEY_LOCAL_MACHINE (HKLM) is the largest registry key. It contains all the basic settings of the operating system, as well as computer hardware and software. The information contained in this section applies to all users registering on the system.
HKEY_CLASSES_ROOT (HKCR) - contains associations between applications and file types (by file extensions). This section also contains information about registered file types and COM and ActiveX objects. Except HKEY_CLASSES_ROOT this information is also stored in sections HKEY_LOCAL_MACHINE And HKEY_CURRENT_USER. Chapter HKEY_LOCAL_MACHINE\Software\Classes contains default settings that apply to all users local computer. Options contained in the section HKEY_CURRENT_USER\Software\Classes, override the default ones and apply only to the current user. Chapter HKEY_CLASSES_ROOT includes data from both sources.
HKEY_USERS (HKU) - contains environment settings for each of the loaded user profiles, as well as for the default profile. IN HKEY_USERS there is a nested section \Default, as well as other subsections identified by the security identifier ( Security ID, SID) each user.
This section duplicates the information in HKEY_USERS\user SID, Where user SID- security identifier of the user currently registered in the system (find out the SID current user you can by typing in command line whoami/user).
HKEY_CURRENT_CONFIG (HKCC) - contains settings for the current hardware profile. The current hardware profile includes sets of changes made to the standard device configuration specified in the subsections Software And System root partition HKEY LOCAL_MACHINE. IN HKEY_CURRENT_CONFIG Only changes are reflected. In addition, the information in this section is located in HKEY_LOCAL_MACHINE\System\CurrentControlSet\HardwareProfiles\Current.
Data in the registry is stored in the form of settings located in registry keys. Each parameter is characterized by a name, data type, and value.
Basic data types used in the registry
REG_DWORD - 32-bit number. Many device driver and service settings use this type of data. Registry editors can display this data in binary, hexadecimal, and decimal format.
REG_SZ - A text string in a human readable format. Values that represent component descriptions are typically assigned this data type.
REG_EXPAND_SZ - The data string to be expanded. This line is text containing a variable that can be replaced when called by the application, for example used to record environment variables.
REG_MULTI_SZ - Multiline field. Values that are actually lists of text strings in a human-readable format typically have this data type. The lines are separated by the NULL character.
REG_BINARY - Binary data. Most hardware components use information that is stored as binary data. Registry editors display this information in hexadecimal format.
REG_RESOURCE_LIST - List of hardware resources. Applies only to a branch HKEY_LOCAL_MACHINE\HARDWARE.
You can also sometimes find the following types of registry data:
REG_RESOURCE_REQUIREMENTS_LIST- List of required hardware resources. Applies only to a branch HKEY_LOCAL_MACHINE\HARDWARE.
REG_FULL_RESOURCE_ DESCRIPTOR - Descriptor (descriptor) of a hardware resource. Applies only to a branch HKEY_LOCAL_MACHINE\HARDWARE.
REG_QWORD - 64-bit number.
REG_DWORD_LITTLE_ENDIAN - 32-bit number in little-endian format, equivalent REG_DWORD.
REG_DWORD_BIG_ENDIAN is a 32-bit number in big-endian format.
REG_QWORD_LITTLE_ENDIAN is a 64-bit number in arrowhead format. Equivalent REG_QWORD.
REG_NONE - The parameter does not have a specific data type.
Interaction of the registry with the operating system
When the computer starts, the hardware recognizer ( hardware recognizer) places a list of devices it detects in the registry. Typically, hardware recognition is done by software Ntdetect.com and the operating system kernel Ntoskrnl.exe
When the system starts, the system kernel retrieves information from the registry about the device drivers being loaded and the order in which they are loaded. In addition, the program Ntoskrnl.exe sends information about itself to the registry (for example, version number).
During the system boot process, device drivers exchange boot parameters and configuration data with the registry. A device driver reports the system resources it uses, including hardware interrupts ( IRQ) and memory access channels ( DMA) so that the system can include this data in the registry. By the way, the registry allows you to create several hardware profiles. Hardware profile ( hardware profile) is a set of instructions that can be used to specify operating system, which device drivers should be loaded when the computer starts. By default, the system creates a standard hardware profile that contains information about all the hardware found on the computer.
When a user logs in, user profiles are loaded ( user profiles). All information related to a specific username and associated rights is stored in the registry. A user profile defines individual system settings (display resolution, network connection settings, connected devices, and much more). Information about user profiles is also stored in the registry.
When installing applications. Each time you run the installer, new configuration data is added to the registry. When starting out, all installation programs must read information from the registry to determine whether the components they need are present on the system. In addition, the registry allows applications to share configuration information, giving them more interoperability. The application must actively and correctly use the registry, and also be able to remove it gracefully without affecting components that may be used by other programs (libraries, program modules, etc.). This information is also stored in the registry.
When administering the system. When a user makes changes to the system configuration using system administration tools (for example, using Control panels or snap MMC), all changes are immediately reflected in system registry. In essence, administration tools are the most convenient and safe means of modifying the registry. By the way, the registry editor can also be considered an administrative tool ( regedit.exe), because all changes to the system can be made directly by editing the registry.
■ During the loading and operation of the operating system, registry data is constantly accessed, both for reading and writing. Registry files are constantly changing because not only the system, but also individual applications can use the registry to store their own data, settings and settings. In other words, accessing the registry is one of the most common operations. Even if the user is not working at the computer, the registry is still accessed by system services, drivers, and applications.
The registry is an essential component of the Windows family of operating systems. It is quite complex for the average user to understand. What is it like? Windows registry? The registry is a centralized database that stores all the settings of the operating system and applications running on it. The registry contains information about all hardware devices, information about file name extensions, all system components and applications running on the system, network parameters, security information, etc.
Thus, if the computer is running Windows control If there is a software or hardware component that affects its operation, then all information about this component is stored in the Windows registry. The diagram below is a simplified model showing system components and their interaction with the registry.
Let's take a closer look at how Windows components 7 interact with the system registry:
- The Windows Setup program (installation program) - upon first launch, collects information about the system and creates a registry based on the received data. When installing drivers or applications, the installer reads information from the registry and adds its configuration data there. Having a registry allows all programs to access a centralized database and interact with each other. In addition, the information stored in the registry allows you to correctly uninstall the application without affecting important components such as DLLs.
- Wednesday Windows recovery(WinRE) – a set of tools designed to diagnose a damaged system and restore it after serious mistakes. WinRE actively works with the registry, and one of the tasks it performs is repairing a damaged registry.
- Manager Windows boot (Windows Boot Manager - The boot manager accesses the BCD (Boot Configuration Data) database, which is stored in the registry. After reading the configuration data, the boot manager transfers control to the Windows Loader - the winload.exe file, which, first of all, reads the necessary data from the registry, and then loads the operating system kernel (%system32%\ntoskrnl.exe) and the hardware abstraction layer ( %system%\hall.dll), as well as all boot drivers and kernel mode DLLs. This is why if the registry files are missing or damaged, the operating system simply will not boot.
- PnP manager is responsible for detecting a device using two parameters: vendor ID (VID) and device ID (DID). When the PnP manager determines a unique VID and DID combination, it requests information about the bus on which the device is detected and checks to see if a driver for that device is installed. If the driver is not installed, the PnP subsystem must find a suitable INF file to install the driver and begin installing it.
- Power Manager - closely interacts with the PnP manager, applications, supports a variety of power management schemes and is controlled by group policies, and all this information is stored in the registry.
- Device drivers – exchange boot parameters and configuration data with the registry. The driver must report the system resources it is using. Applications and device drivers themselves can read this information from the registry, providing users with convenient installation and configuration tools.
- Administrative means - administrative Windows tools, including utilities from the Control Panel and programs from the Administration group, is the most convenient and safe means of modifying the registry.
- User profiles – all information related to a specific account user and associated rights are stored in the registry. Group policies are also stored in the registry.
- Hardware profiles are a set of instructions that can be used to tell the operating system which device drivers should be loaded when the computer starts.
- File systems - starting with Windows Vista both file systems and the registry are transaction based. In practice, this means that if a set of operations on files and the registry is marked as a transaction, then if at least one of these operations fails, the entire transaction can be “rolled back” to its original position.
- Subsystem Windows security 7 – security subsystem with all its functionality, including user account control ( User Account Control, UAC), is also implemented on the basis of the registry and is used to protect it. The principle of UAC is to limit the privileges granted to running applications to the level of privileges of a standard user. In other words, even if the user running the application has administrative rights, the applications it launches do not have such privileges unless the user explicitly runs them as an administrator. This way, only applications that the user trusts run with elevated privileges.
- Windows Network Components - includes drivers network adapters, settings options network protocols and services, as well as parameters network security and means of protecting the network from attacks. All this is also stored in the registry. For example, the Windows Firewall database is located in the registry. Many third-party firewalls also create their own keys in the registry, and therefore a successful attack on the registry opens the door to external intrusion.
The file system on a hard drive has a lot in common with the logical structure of the registry. The registry contains keys and values that correspond to directories and files on the hard drive. Registry keys can contain nested keys (subdirectories). Registry settings (just like files) store data. The keys located on the upper level hierarchies are called root keys. The naming scheme for registry keys and settings is similar to paths in the file system. Typical path to a subregistry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet. The Windows 7 registry contains five root keys: HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, HKEY_USERS, HKEY_CURRENT_CONFIG.
To go to the Windows 7 registry, press the keyboard shortcut win + R(the “Run” window will appear), then enter and press Enter.
The Registry Editor window will appear.
All root key names begin with the string HKEY_, which indicates to software developers that this is a handle that can be used by a program.
A handle is a value used to uniquely describe a resource that a program can access.
Descriptions of root keys are shown in the table below.
| Root key name | Description |
| HKEY_LOCAL_MACHINE | Contains global information about the hardware and operating system, including: bus type, system memory, device drivers and control data used at system startup. The information contained in this key applies to all users registering in the system. At the top level of the registry hierarchy, there are three aliases for this key: HKEY_CLASSES_ROOT, HKEY_CURRENT_CONFIG And HKEY_DYN_DATA. |
| HKEY_CLASSES_ROOT | Contains associations between applications and file types (by file name extension). In addition, this key stores OLE information associated with COM objects, as well as file and class association data. |
| HKEY_CURRENT_CONFIG | Contains configuration data for the current hardware profile. Hardware profiles are sets of changes made to the standard configuration of services and devices established by key data Software And System measles key HKEY_LOCAL_MACHINE. In the key HKEY_CURRENT_CONFIG only changes are displayed. |
| HKEY_CURRENT_USER | Contains the profile of the user currently logged on to the system, including environment variables, desktop settings, network settings, printer settings, and application settings. This key is a link to the key HKEY_USERS\user_SID, where user_SID is the Security ID of the user currently registered in the system. |
| HKEY_USERS | Contains all actively loaded user profiles, including HKEY_CURRENT_USER, as well as the default user profile (.DEFAULT). Users receiving remote access to the server do not have profiles contained under this key - their profiles are loaded into the registries on their own computers. |
Registry data is maintained as settings located under registry keys. Each parameter is characterized by a name, data type and actual value. The three parts of the registry value are always in the order shown in the figure below:
The table below lists the main data types defined and used in Windows 7.
| Root key name | Description |
| REG_BINARY | Binary data. Most hardware components use information that is stored as binary data. Registry editors display this information in hexadecimal. |
| REG_DWORD | The data is represented as a value that is 4 bytes long. Many device driver and service settings use this type of data. Registry editors can display such data in binary, hexadecimal, and decimal format. |
| REG_EXPAND_SZ | An expandable data string is a text containing a variable that can be replaced when called by the application. |
| REG_MULTI_SZ | Multiline field. Values that are actually lists of text strings typically have this data type. |
| REG_SZ | A text string in a human-readable format. This type is assigned to values that represent descriptions of the components. |
| REG_DWORD_ | A 32-bit number that is equivalent to REG_DWORD. The least significant byte is stored in memory first in number. |
| REG_DWORD_ | A 32-bit number that is equivalent to REG_DWORD. The most significant byte is stored in memory first in number. |
| REG_LINK | UNICODE symbolic link. This data type is intended for internal use. The REG_LINK data type allows one registry entry to link to another key or setting. |
| REG_NONE | Does not have a specific data type. |
| REG_QWORD | 64-bit value |
| REG_QWORD_ LITTLE_ENDIAN |
A 64-bit number that is equivalent to REG_QWORD. The least significant byte is stored in memory first in number. |
| REG_QWORD_ BIG_ENDIAN |
A 64-bit number that is equivalent to REG_QWORD. The most significant byte is stored in memory first in number. |
| REG_RESOURCE_LIST | List of hardware resources used in the branch HKEY_LOCAL_MACHINE\HARDWARE |
| REG_FULL_RESOURCE_ | Descriptor (descriptor) of a hardware resource, used in a branch HKEY_LOCAL_MACHINE\HARDWARE |
| REG__RESOURCE_ | List of required hardware resources, applied in the branch HKEY_LOCAL_MACHINE\HARDWARE |
The registry is divided into component parts, which the developers called hives, by analogy with the cellular structure of a bee hive. A hive is a discrete structure of keys, subkeys, and parameters that originates at the top of the registry hierarchy. The difference between hives and other key groups is that they are permanent components of the registry. Hives are not created dynamically when the system starts and are not deleted when the system is stopped.
Registry hive data that defines system-wide configuration settings is stored in files located in the %SystemDrive%\Boot\BCD and %SystemRoot%\System32\Config directories. Registry hives that specify user configuration information are stored in %SystemRoot%\Users\Username.
We provide repair and setup services for computers, smartphones, tablets, wi-fi routers, modems, IP-TV, printers. High quality and inexpensive. Having a problem? Fill out the form below and we will call you back.
Today, we will try to figure out what the main Windows registry is and why it is needed. We will also try to answer the question of where the registry of Windows XP and Windows 7 is located.
Windows Registry: what it is and why
First of all, you need to understand that the registry is not a folder. The registry is an entire file that meets all the parameters of a regular file. You can find this file in the WINDOWS folder. If you want to view the Windows registry, then you need to do the following. Open the Start menu. Then the "Run..." option. Enter "regedit" into the line.
Directly, the registry itself is located in two files. They are called "User.dat" and "System.dat". There is also a file "Policy.pol", which contains all the rules of the system. The data in this file takes precedence over any registry settings. It is typically used in multi-user environments and is not installed by default. All these files can be found in Windows folder, where the entire system environment of the computer is located. It is strictly not recommended to change the contents of the folder; this can lead to logical errors that can damage your computer. One point needs to be taken into account. If there are multiple user accounts on the computer, the system creates several "User.dat" files.
Here is a list of Windows registry files:
C:\WINDOWS\system32\config:
software-HKEY_CURRENT_CONFIG
system - HKEY_LOCAL_MACHINE, HKEY_CLASSES_ROOT
default - HKEY_USERS
C:\Documents and Settings\%user%
NTUSER.DAT - HKEY_CURRENT_USER
Windows 7 Registry: Where is it located?
Where is the Windows XP registry located?
The Windows XP registry is located in the "Windows/System32/Config" directory.
What is the registry responsible for? The registry contains all the information for the correct operation of all hardware devices, programs, user accounts and properties of your personal computer. All changes are the most different settings appear in the system registry. The register has a hierarchical structure. The Regedit program is a guide through the entire registry system. Without this utility it would be impossible to work effectively with the registry, although sometimes it is necessary. Each master branch is a root folder that contains the keys necessary for the system to operate. Each key, accordingly, can contain other keys, which are called parameters or subkeys. They contain all the factual information about system changes operational support. Programmers distinguish three types of subkeys: string, binary and DWORD keys. The registry has six main branches, between which all the information contained on the computer is distributed.
Computer experts and software We strongly do not recommend changing or deleting anything from the Windows registry. If you think that the freezing problem lies in the registry, then it is better to contact a specialist who will definitely help you fix system errors.
Loading...
