Microsoft Windows Registry Tutorial

By Xah Lee. Date: 2009-10-25

This is a brief tutorial for technical savvy people on Windows's Registry. This tutorial is based on Windows Vista with Service Pack 2.

First, read Wikipedia: Windows Registry.

The registry is a database that stores settings and options.

Note: The registry is not for casual user to mess with, even a backup copy of registry cannot easily restore the state before you screwed things up . I assume you are a programer or sys admin background.

Launching Registry Editor

To look at registry, launch the Registry Editor. Type 【❖ Win+r】 to launch the run dialog, then type “regedit”.

Windows Vista Regedit — The Registry Editor in Windows Vista.

Backup

Before you do anything, do a backup. In Registry Editor, click on the Computer to highlight it, then pull menu 〖File ▸ Export〗. Give it a name like registry_20091025.reg, so you know the date it is backed up. This might take a minute or two. On my machine, the saved file size is 458 megabytes.

Data Structure

Registry data are called key and value pairs. The “key” is like folders. Key can contain other keys. The “value” is like files. A key can contain many other keys and values.

Windows Registry Environment — The “Environment” is a key. It contains several values.

At the root level, there are the following keys. (Note: the “Computer” shown in Registry Edit root is not a key.)

Name	Abbreviation
HKEY_CLASSES_ROOT	HKCR
HKEY_CURRENT_USER	HKCU
HKEY_LOCAL_MACHINE	HKLM
HKEY_USERS	HKU
HKEY_CURRENT_CONFIG

Each of the above is called a “hive”.

A “value” has several possible types. Here is a list of possible types:

Possible Types for Registry Value
Type Name	Explanation
REG_NONE	No type
REG_SZ	string
REG_EXPAND_SZ	expandable string. Values between % char are expanded as environment variables
REG_BINARY	Binary data
REG_DWORD/REG_DWORD_LITTLE_ENDIAN	A integer, ranging from 0 to 2^32-1, with byte order being little-endian.
REG_DWORD_BIG_ENDIAN	A integer, ranging from 0 to 2^32-1, with byte order being big-endian
REG_LINK	symbolic link (char set in UNICODE)
REG_MULTI_SZ	A is a array of strings
REG_RESOURCE_LIST	Resource list
REG_FULL_RESOURCE_DESCRIPTOR	Resource descriptor
REG_RESOURCE_REQUIREMENTS_LIST	Resource Requirements List
REG_QWORD/REG_QWORD_LITTLE_ENDIAN	A QWORD value, a 64-bit integer (either big- or little-endian, or unspecified) (Introduced in Windows 2000)

References

msdn.microsoft.com Registry

Windows Environment Variables Tutorial