Windows Registry Structure and Function
By Kenth Nasstrom
You can view the structure of the Windows Registry when
you open it up with a Registry Editor utility like REGEDIT.EXE or REGEDT32.EXE.
If youve never opened the Registry before, you might be surprised and comforted
by its familiar-looking layout. Its hierarchical data structure is much
like the data structure you see everyday in Windows Explorer, except here
the tree structure units are keys, subkeys, and values rather than directories,
subdirectories, and files. But any intuitive understanding of the Registrys
content (for most people) ends right here, because the registry was designed
more for the operating system and installed applications than for humans.
The Registrys hierarchical data structure and central location allow Windows
and hosted applications to quickly locate their configuration settings
and default parameters, but these parameters have values in the Registry
that are different from their internally-defined values used by the applications
themselves. This can make altering application settings from within the
Registry a grueling and tedious task, and this is why most changes to Registry
data are more easily (and more safely) made by changing settings from within
individual applications or system utilities.
A Closer Look at Registry Structure
The primary divisions of the Windows Registry are seen a list of 4-6 expandable
folders, called root keys or subtrees, in the left pane of the Registry
Editor window. These can be expanded to show the keys and subkeys, and
these can be expanded in turn to show further subkeys below or their value
entries listed on the right pane in Registry Editor. The Registry subtrees
and a description of their contents are as follows:
HKEY_LOCAL_MACHINE (HKLM): This root key (or subtree) contains configuration
data specific to the local computer, including its hardware devices and
operating system components. The information contained within HKLM is independent
of the current user and applications or processes in use.
HKEY_CLASSES_ROOT (HKCR): This root key contains the file-class, OLE, and
COM object data. The keys, subkeys, and data within this subtree are linked
to (and identical to) those contained in the HKEY_LOCAL_MACHINE\Software\Classes\
subtree.
HKEY_CURRENT_CONFIG (HKCC): This root key is added to make current versions
of Windows compatible with older Windows 95 applications. It is derived
from HKLM\System\CurrentControlSet\HardwareProfiles\Current and contains
configuration settings for all currently active hardware.
HKEY_CURRENT_USER (HKCU): This root key contains profile information for
the user currently logged in. Each time a user logs on, HKCU is rebuilt
with that users profile data from HKEY_USERS.
HKEY_USERS (HKU): This root key contains the default profile and the profiles
of all users who have logged onto the computer.
HKEY_DYN_DATA (HKDD): This root key is found only on Windows 95/98/ME.
It is linked to HKEY_LOCAL_MACHINE and contains information about Plug
and Play hardware components. HKDD , for use with the Plug-&-Play features
of Windows, this section will change as devices are added and removed from
the system.
The HKEY_ at the beginning of each root keys name indicates that the key
is a unique identifier (or handle) that programs can use to access resources.
Each of these root keys branches out, first into keys and then further
into subkeys. At the end of these branches of keys and subkeys lay the
Registry data, or value entries, corresponding to the data stored in the
hive files. The Windows Registry can store several different value types,
but the most common that you will see are binary, strings (text for humans),
and DWORD (Boolean) values.
Registry Hives
Much of the information contained in the Registry is stored on the computers
hard drive as a set of binary data files aptly named hives. The hives are
permanent Registry components, serving as both supporting files from which
Windows retrieves Registry data during system startup, and as backup files
that the Registry writes to each time its supporting data is altered or
changed through a process called flushing. Flushes are automatic and occur
within a few seconds after changes are made to the Registry.
