Windows: Registry Tutorial
What is Windows Registry
The registry is a database that stores software configuration data, many are used by Microsoft Windows operating system itself.
🛑 WARNING: some mistakes in editing registry can make part of your Windows not work properly. Be careful.
Registry Data Structure
- Registry data are key and value pairs. The “key” is like a folder. Key can contain other keys.
- The values of a key are called its item properties. (A key inside another key is not considered a value)
Root Level Keys (aka hives)
At the root level, there are the following keys.
| Name | Abbreviation |
|---|---|
| HKEY_CLASSES_ROOT | HKCR |
| HKEY_CURRENT_USER | HKCU |
| HKEY_LOCAL_MACHINE | HKLM |
| HKEY_USERS | HKU |
| HKEY_CURRENT_CONFIG |
Each of the above is called a hive.
Value Types
A “value” has several possible types. Here is a list of possible types:
- REG_NONE
- No type
- REG_SZ
- string
- REG_EXPAND_SZ
- expandable string. Values between % char are expanded as Environment Variables
- REG_BINARY
- Binary data
- REG_DWORD/REG_DWORD_LITTLE_ENDIAN
- A integer, ranging from 0 to 2^32-1, with byte order being little-endian.
- REG_DWORD_BIG_ENDIAN
- A integer, ranging from 0 to 2^32-1, with byte order being big-endian
- REG_LINK
- symbolic link (char set in UNICODE)
- REG_MULTI_SZ
- A is a array of strings
- REG_RESOURCE_LIST
- Resource list
- REG_FULL_RESOURCE_DESCRIPTOR
- Resource descriptor
- REG_RESOURCE_REQUIREMENTS_LIST
- Resource Requirements List
- REG_QWORD/REG_QWORD_LITTLE_ENDIAN
- A QWORD value, a 64-bit integer (either big- or little-endian, or unspecified) (Introduced in Windows 2000)
Launch Registry Editor
❖ Window+r, then type regedit
or Start
PowerShell, then paste this: C:\Windows\regedit.exe
Backup
Before you do anything, do a backup.
In Registry Editor, use the menu [File ▸ Export] to make a backup.
Save the backup as registry_backup.reg
As of 2021, on my machine, it takes 20 seconds and the saved file size is 380 megabytes.