Registry Editor : Introduction
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform. The kernel, device drivers, services, SAM, user interface and third party applications all make use of the registry. The registry also provides a means to access counters for profiling system performance.
Registry Editor : Access
Regardless of the Windows version you have installed, this method will work:
Press + R keys on your keyboard, the Run dialog will appear. Type regedit or regedit.exe or RegEdt32.exe and press Enter or click OK. Continue with Yes for the UAC Prompt.
The main executable file of Registry Editor is located in the C:\Windows directory. So you can navigate to that folder and run the regedit.exe file directly. Or you can create a shortcut to regedit.exe and paste it in the Start Menu at %ProgramData%\Microsoft\Windows\Start Menu\Programs under the System Tools folder. This will make Registry Editor show up in Start Menu search as well.
Registry Editor looks like this:
Differences : regedit.exe & RegEdt32.exe
Windows NT-based operating systems include two utilities for editing the registry, Regedit.exe and Regedt32.exe. Here are the differences:
Regedit.exe is the registration editor for 16-bit Windows. It is used to modify the Windows registration database. The database is located in the Windows directory as Reg.dat. The database contains information about 16-bit applications, and is used by File Manager for opening and printing files. It is also used by applications that support Object Linking and Embedding (OLE). Reg.dat is used and maintained by Windows on Windows (WOW) and 16-bit Windows applications. The WOW layer resides on top of theVirtual DOS Machine (VDM).
Regedit.exe is a 16-bit application that is included in Windows NT for compatibility with previous 16-bit applications. Regedit provides a method for examining Reg.dat under Windows NT. You can migrate the Reg.dat database file to the Windows NT registry during the first logon to aninitial installation of Windows NT.
Regedt32.exe is the configuration editor for Windows NT. It is used to modify the Windows NT configuration database, or the Windows NT registry. This editor allows you to view or modify the Windows NT registry.The editor provides views of windows that represent sections of the registry, named hives. Each window displays two sections. On the left side, there are folders that represent registry keys. On the right side, there are the values associated with the selected registry key. Regedt32 is a powerful tool. You must use extreme caution when you use it to change registry values. Missing or incorrect values in the registry can make the Windows NT installation unusable.
Registry Editor : For 64-bit & 32-bit Windows
The registry in 64-bit versions of Windows is divided into 32-bit and 64-bit keys. Many of the 32-bit keys have the same names as their 64-bit counterparts, and vice versa.
The default 64-bit version of Registry Editor (regedit.exe) that is included with 64-bit versions of Windows displays both 64-bit keys and 32-bit keys. The WOW64 registry redirector presents 32-bit programs with different keys for 32-bit program registry entries. In the 64-bit version of Registry Editor, 32-bit keys are displayed under the following registry key:
You can view or edit both 64-bit and 32-bit registry keys and values by using the default 64-bit version of Registry Editor. To view or edit 64-bit keys, you must use the 64-bit version of Registry Editor (regedit.exe). You can also view or edit 32-bit keys and values by using the 32-bit version of Registry Editor in the %systemroot\%Syswow64 folder. There are no differences in the way you perform tasks between the 32-bit version of Registry Editor and the 64-bit version of Registry Editor. To open the 32-bit version of Registry Editor, follow these steps:
1. Open Run.
2. Type %systemroot%\syswow64\regedit, and then click OK. Note You must close the 64-bit version of Registry Editor before you can open the 32-bit version (and vice versa) unless you start the second instance of Registry Editor with the -m switch. For example, if the 64-bit version of Registry Editor is already running, type %systemroot%\syswow64\regedit -m to start the 32-bit version of Registry Editor.
To support the co-existence of 32-bit and 64-bit COM registration and program states, WOW64 presents 32-bit programs with an alternate view of the registry.
To enable 64-bit/32-bit program interoperability through COM and other mechanisms, WOW64 uses a “Registry Reflector” that mirrors certain registry keys and values between the 64-bit and 32-bit registry views. The reflector is “intelligent”, in that is only reflects COM activation data.
Reflected Keys :
The WOW64 Registry Reflector may modify the contents of keys and values during the reflection process to adjust path names, and so on. Because of this, the 32-bit and 64-bit contents may differ. For example, pathnames that contain the system32 registry entry are written as SysWOW64 in the 32-bit section of the registry.
The following keys are reflected:
Registry Editor : Display
As seen in the picture below, it consists of two panes – the left pane shows a hierarchical view of data structures, called keys, and right pane shows values -which are pairs of name/data stored within keys.
Keys are a virtual view of data from several files, which form the registry database. You can see which files represent your registry database if you open the following key:
Here you can see the list of files on your hard drive where the registry files are stored. The data inside them, as mentioned above, has a hierarchical structure. Registry Editor shows it as a tree view : there are “root” (parent) keys, and several sub-keys (child objects). The root keys shown in regedit for the most part, represent the specific file, or in other words, the registry files correspond to keys hierarchy. However, there are also some virtual root keys shown in regedit which exist for backward compatibility. For example, HKEY_CURRENT_CONFIG is a virtual view, and HKEY_CLASSES_ROOT is also a virtual view of the current user’s key + system keys.
Note that some parts of the registry database are never shown in Registry Editor. For example, you will never see SAM (Security Accounts Manager) inside regedit.
The values are used by Windows and many applications to store various configuration parameters and their data. Values are of various types, but in the general case, there are string values, numeric values or binary values.
Registry Editor : Create A New Key
To create a new key, you must right click on the parent key in the left pane and click the New -> Key context menu command.
You must give the newly created key a proper name as required by the software for which you are creating it. You can export (save) the key into a *.reg file from the context menu. By exporting it to a file, you can later simply double click the .reg file to import its contents back into the Registry Editor.
Registry Editor : Create A New Value
To create a new value, you must right-click
- on the current key in the left pane or
- in the empty area in the right pane.
Select the appropriate type for the new value and enter its name. Double click the value you created to set its data as required.
Registry Editor : Differences Between Different Values
There are three basic data types used in the Windows Registry Editor:
All data types ending with SZ are STRING values. Think of SZ as standing for StringZ. A string consists of plain readable text. String values are the most common values used in the registry. All string values are indicated by an AB icon, which makes sense since the data type is readable text.
There are 3 types of STRING (SZ) data used in the registry, but only NT based kernel systems like Windows NT, 2000 and XP use all 3. In Windows 95/98/Me, only one string data type is used.
The three types of string data that can be used are:
This is the main type of string data used in the registry and the only type of string data used in Windows 95/98/ME. “YES” or “NO” are common Reg_SZ values, as are command line strings such as “C:\Program Files\Outlook Express” or even phrases or complete sentences. A string can also consist of numbers. Colors, for example, are usually stated numerically in the registry. See this key for examples of numeric string values:
1.2 REG_EXPAND_SZ (Expandable String Value)
This is an “expandable” string value holding a variable. Example: %SystemRoot% and %UserName% are variables that are used to indicate the system folder and the name of the logged in user. Windows will replace (or EXPAND) the variable with the full path when the command is called.
For example, %SystemRoot% is a variable that can be used to find the Windows system folder and can be entered instead of C:\Windows\System32. You might be thinking, what’s the advantage of that?
It’s a big advantage. With a variable, you do not need to know the drive letter the user has Windows installed on. Say you need to send a reg file, that has a command that will call a file in the “Windows\System32\Drivers” folder, to two users. One user has Windows installed on :C, and the other on :E. Without using a variable, you would need to make two separate files. One including the line “C:\Windows\System32\Drivers” and another with “E:\Windows\System32\Drivers” With the variable %SystemRoot%, not only do you just need to make one file with the command “%SystemRoot%\Drivers” but you do not even need to know in advance what drive your users have Windows installed on.
Another common and useful variable is %USERPROFILE% which returns the user folder. For example, the path of your Desktop folder may be C:\Documents and Settings\Kapil Arya\Desktop. With a variable, you would just have to enter %USERPROFILE%Desktop. This will find the desktop of the current logged-on user no matter what drive Windows is installed on.
REG_EXPAND_SZ data is only properly displayed when using the regedt32 editor that’s included in Windows NT/2000/XP/Vista/7/8.
NOTE: Even though Windows 9x does not use this data type, it does not mean that variables cannot be used in the Windows 9x registry. Variables can be used with REG_SZ as well, but not as extensively. However, variables should not be entered as REG_SZ in Windows NT+ series.
Always use REG_EXPAND SZ for variables to ensure they function and are displayed correctly.
1.3 REG_MULTI_SZ (Multi-String Value)
This type is also for Windows NT/2000/XP systems only and is a multiple string array type made up of characters and numbers – used for entering more than one value, each one separated by a NULL character.
Example, this multi string value consists of 4 entries:
Like all string values it is human readable text. Note that you can edit these values, but not create them. This is a more advanced string type and also accessed and worked with using regedit32.
Illustrated article covering Registry Strings:
Binary consists of binary data displayed in hexadecimal format. Binary is used most commonly with hardware and configuration settings. In Windows 9x, a binary value type is indicated by an icon with the blue letters 011 over the letters 110
Like the string AB icon, this makes sense too as binary data consists of only two digits, 0 and 1. The reason the data is usually displayed in hex format is that binary data can be very lengthy and inconvenient. Two hexadecimal digits neatly represent 8 bits.
Note that in the right hand side of the hex values are their ASCII equivalents, i.e., hex value 50 = P
Illustrated article covering Registry Binary:
DWORD data types also consist of binary data, but two points distinguish them from binary types.
a. The binary data that can be entered is limited to 32 bits (4 bytes) in length.
b. The binary data can be entered in hexadecimal or decimal format.
The same blue icon used for Binary is used for DWORD values (this is because both values are essentially the same aside from the amount of data each can hold):
- DWORD stands for Double Word and here is why: 8 bits = 1 byte =1 character
- It takes 2 characters to form the minimum word (such as “be” “to” or “it”) Therefore it takes 16 bits or 2 bytes to form ONE word.
- A DWORD value can hold a maximum of 32 bits which is equal to two words or a DWORD – a DOUBLE WORD
In hexadecimal format, 2 words consist of 8 digits, i.e., B2 01 23 F9 and thus the registry displays DWORD values as 8 digits with the decimal equivalent displayed in brackets. For example, when you enter a hex data value of 1, the resulting display will be 0x00000001(1). DWORD values are commonly used for boolean type entries such as 0 for false or disabled, and 1 for true or enabled.
System policy settings, device drivers, and services use DWORD values the most. Note that the value data can be entered in either hexadecimal or decimal format. This is mainly for convenience.
There is also another data type in the registry named QWORD though it is not at all common. This is similar to DWORD except it can hold 64 bits (double the size of a DWORD value).
Illustrated article covering Registry DWORD:
Registry Editor : Take Ownership Of Registry Keys
Just like permissions and ownership concepts exist for objects in the NTFS file system, they exist for registry keys as well. Starting with Windows Vista, in fact, a large number of OS-specific registry keys which store Windows settings as protected by Windows Resource Protection so that they can’t be easily deleted or modified. You may need to modify these keys in certain situations. For that, you need to take ownership as well as set permissions (access rights) on them.
Following article, gives you the manual and automatic ways to take ownership of registry parameters:
That’s it! Hope you find the article useful…:)
Last Updated : March, 2013.