Windows Registry

The Windows registry is a directory which stores settings and options for the operating system for Microsoft Windows 32-bit versions, 64-bit versions and Windows Mobile. It contains information and settings for all the hardware, operating system software, most non-operating system software, users, preferences of the PC, etc. Whenever a user makes changes to Control Panel settings, file associations, system policies, or installed software, the changes are reflected and stored in the registry. The registry also provides a window into the operation of the kernel, exposing runtime information such as performance counters and currently active hardware. This use of registry mechanism is conceptually similar to the way that Sysfs and procfs expose runtime information through the file system (traditionally viewed as a place for permanent storage), though the information made available by each of them differs tremendously.

The Windows registry was introduced to tidy up the profusion of per-program INI files that had previously been used to store configuration settings for Windows programs. These files tended to be scattered all over the system, which made them difficult to track.

Structure

Keys and Values

Registry Keys are similar to folders - in addition to values, each key can contain subkeys, which may contain further subkeys, and so on. Keys are referenced with a syntax similar to Windows' path names, using backslashes to indicate levels of hierarchy.
For Example:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows refers to the subkey "Windows" of the subkey "Microsoft" of the subkey "Software" of the HKEY_LOCAL_MACHINE key.

Registry Values are name/data pairs stored within keys. Values are referenced separately from keys. Value names can contain backslashes which would lead to ambiguities were they referred to like paths. The Windows API functions that query and manipulate registry values take value names separately from the key path and/or handle that identifies the parent key.

KEY	DESCRIPTION
HKEY_CLASSES_ROOT	Points to branch of Hkey_Local_Machine that describes certain software settings. This key displays the same data as it did in Windows 3.1 - essential information about OLE and association mappings to support drag-and-drop operations, Windows 95 shortcuts (which are, in fact, OLE links), and core aspects of the Windows 95 user interface.
HKEY_CURRENT_USER	This key points to a branch of Hkey_Users for the user who is currently logged on.
HKEY_LOCAL_MACHINE	Contains computer-specific information about the type of hardware installed, software settings, and other information. This information is used for all users who log on to this computer.
HKEY_USERS	Contains information about all the users who log on to the computer, including both generic and user-specific information. The generic settings are available to all users who log on to the computer. The information is made up of default settings for applications, desktop configurations, and so on. This key contains sub keys for each user that logs on to this computer.
HKEY_CURRENT_CONFIG	Points to a branch of Hkey_Local_Machine\Config that contains information about the current configuration of hardware attached to the computer.
HKEY_DYN_DATA	Points to a branch of Hkey_Local_Machine that contains the dynamic status information for various devices as part of the Plug and Play information. This information may change as devices are added to or removed from the computer. The information for each device includes the related hardware key and the device's current status, including problems.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Free Downloads

Download free tools from spywaredetail.com. Here are some useful tools for your pc protection. You can use them to keep yourself secure.