Tutorial on Reading Windows Registry
DLLCity.com - DLL Download Site
Free DLL Download Site - Scan and Repair Windows Errors
Before we delve into Reading Windows Registry entries we should first understand what the registry is and how it works.
If you already know what the registry is click here to skip this section. Otherwise continue reading below.
Windows Registry Brief Overview
Wikipedia defines Windows Registry as a database which stores settings and options for the operating system for Microsoft Windows 32-bit versions, 64-bit versions and Windows Mobile. What that means is that it stores preferences from applications. As an example there is a registry entry for Windows XP SP2 Firewall that tells Microsoft Windows that it is either on or off.
The registry is broken down into 5 major categories shown below. Click each to read more about it or just scroll down.
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT contains information on registered apps, including associations extensions and OLE ids to the applications. So basically it contains application specific data.
HKEY_CURRENT_USER
HKEY_CURRENT_USER stores data or preferences belonging to the user that is currently logged in. Hence the name HKEY_LOCAL_MACHINE You may want to familiarize yourself with this Registry Category a little more if you are interested in the registry. Since windows 2000 separated windows out and allowed it to have multiple users this key has been here. Still it's still here with XP, and Vista.
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE stores settings that are universal to any and all users logging into the local machine. Thus the name HKEY_LOCAL_MACHINE. This whole key category thing is almost self explanatory if you take the time to think about it a little. The information stored is related to local machine hardware for the most part.
HKEY_USERS
HKEY_USERS is a subtree and contains all actively loaded user profiles. In Windows 2000 the default user profile is not stored in the registry. It is stored on the system drive in \Documents and Settings\Default User [WINNT]\Ntuser.dat.
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG contains information gathered at runtime. The HKEY_CURRENT_CONFIG subtree (HKCC) stores configuration data for the current hardware profile.
Now that we have a brief understanding on what the windows registry is we can continue with learning how to read the reg entries.
Reading Windows Registry
Our first suggestion would be to download RegMon our favorite registry tool. RegMon is a tool that allows you to monitor your registry and see what parts of the registry applications are using. We use it a lot in the windows domain environment when running older applications or applications not properly written that still require admin rights to certain reg keys. Open regmon start monitoring and then launch that application. It will show you what its trying to access.
To start regedit the tool we will be using to read the registry go to start run then type regedit. If you are on a machine that has the Vista operating system then you need to read this tutorial so you can get that run button present. Vista has that hidden by default.
A box should pop up now that looks like the picture below. That is the registry editor, a built in application located C:\WINDOWS\regedit.exe on XP and C:\WINNT\regedit.exe for Windows 2000. This is the default tool for viewing the registry keys.
The first thing we want to do is back up the registry incase we really mess something up. To do this click file and then Export and name your registry something unique and click save. Now you can see from the picture above or the box on your computer that there are 5 basic registry categories as defined at the beginning of this article. If you skipped that part and want to know more go ahead and look back over them. [Review Categories]
