Everything in your computer needs configuration information to work properly. That includes both hardware and software. Originally all operating systems used flat text files to hold the configuration information. These were called initialization files (.ini) in windows and configuration (.cfg) files in Linux.
You will still an occasional .ini file in windows if an application needs some special configuration that is not available in one of the standard dynamic link libraries (.dll files) used by different applications for common functions.
All of the configurations information or a pointer to where that information is stored contained in the windows registry. Since all of the configuration information is access through the registry, it is pretty obvious why any errors or corruption in the registry can cause serious problems.
To view each hive while we discuss it below select Start->run->and type regedit. The registry editor will open a window like the one pictured below and you can view the structure and look around a little.
Registry Structure
The windows registry is a hierarchical database consisting of five root HIVES. I heard they were called hives because one of the original engineers working on it was afraid of bees. I have no idea whether or not that is true. But it is an interesting story. The five root hivers are:HKEY_CLASSES_ROOT – stores all the information that the operating systems needs to open up the correct application when you double click on a file. That means that it contains the file association information. For example if you double click on a .htm or .html file, the operating system will open up a web browser by default because that is the default application for those two extensions even though other applications also use them.
HKEY_CURRENT_USER – stores all the information that is associated with a user or users who are currently logged into the system. This information will also be used a part of a user’s roaming profile as well.
HKEY_LOCAL_MACHINE – stores all of the hardware and software configuration information for the computer and all the peripherals attached to it. There are four sub keys in this hive:
- HARDWARE – stores all the hardware configuration information
- SAM – stores the local user account authentication database and access permissions for resources
- SECURITY – stores group policy and other policy information
- SOFTWARE – stores the configuration for every application installed on the local computer and the operating system itself
- SYSTEM – contains all of the control sets, last known good configuration, restore points, WPA, WEP, etc settings and a list of the devices mounted on the operating systems such as hard drives, cd-roms, etc.
HKEY_CURRENT_CONFIG – stores the machines current runtime configuration which is regenerated at each boot up and is linked to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current
Registry Data Formats
Registry data uses special formats which seems to be based on the data formats used in SQL databases| Value Name | Data Type |
| REG_BINARY | Binary data in any form |
| REG_DWORD | A 32-bit number |
| REG_DWORD_LITTLE_ENDIAN | A 32-bit number in little-endian format which allows windows to run on little-endian architectures |
| REG_DWORD_BIG_ENDIAN | A 32-bit number in big-endian format which is supported by some UNIX systems |
| REG_EXPAND_SZ | A null-terminated string that contains unexpanded references to environment variables (e.g., “%PATH%”) |
| REG_LINK | A null-terminated Unicode string that contains the target path of a symbolic link |
| REG_MULTI_SZ | A sequence of null-terminated strings, terminated by an empty string () |
| REG_NONE | No defined value type |
| REG_QWORD | A 64-bit number |
| REG_QWORD_LITTLE_ENDIAN | A 64-bit number in little-endian format |
| REG_SZ | A single null-terminated string |
No comments:
Post a Comment