working with the windows registry computer club of the sandhills november 12, 2012
TRANSCRIPT
Working with the Working with the Windows RegistryWindows Registry
Computer Club of the Computer Club of the Sandhills Sandhills
November 12, 2012November 12, 2012
Registry DefinitionRegistry Definition
► The registry was developed to overcome the The registry was developed to overcome the restrictions of the INI and REG.DAT files.restrictions of the INI and REG.DAT files.
► The registry is composed of two pieces of The registry is composed of two pieces of information:information: System-Wide Information – This is data about System-Wide Information – This is data about
software and hardware settings. This software and hardware settings. This information tends to be apply to all users of the information tends to be apply to all users of the computer.computer.
User Specific Information – This is data about an User Specific Information – This is data about an individual configuration. This information is individual configuration. This information is specific to a user’s profile.specific to a user’s profile.
Registry DefinitionRegistry Definition
► The Microsoft Computer Dictionary defines the The Microsoft Computer Dictionary defines the registry as:registry as: A central hierarchical database used in the Microsoft A central hierarchical database used in the Microsoft
Windows family of Operating Systems to store information Windows family of Operating Systems to store information necessary to configure the system for one or more users, necessary to configure the system for one or more users, applications and hardware devices.applications and hardware devices.
The registry contains information that Windows continually The registry contains information that Windows continually references during operation, such as profiles for each user, references during operation, such as profiles for each user, the applications installed on the computer and the types of the applications installed on the computer and the types of documents that each can crate, property sheet settings for documents that each can crate, property sheet settings for folders and application icons, what hardware exists on the folders and application icons, what hardware exists on the system and the ports that are being used.system and the ports that are being used.
DetailsDetails
► The registry is a database that is used by all The registry is a database that is used by all windows operating systems that followed windows operating systems that followed Win95.Win95.
► The registry is used by the Windows OS to store The registry is used by the Windows OS to store hardware and software configuration hardware and software configuration information, user preferences and setup information, user preferences and setup information. information.
► A healthy registry is essential for proper A healthy registry is essential for proper windows performance and function, this is why windows performance and function, this is why the registry is usually attacked by viruses and the registry is usually attacked by viruses and other malicious software.other malicious software.
Registry vs. File SystemRegistry vs. File System
► The registry is analogous to a file system.The registry is analogous to a file system.File system:File system: FoldersFolders FilesFiles
Registry:Registry: KeysKeys Keys have inside them either other keys or Keys have inside them either other keys or
name/value pairs which correspond to object name/value pairs which correspond to object name and content.name and content.
Registry ContentRegistry Content
► The registry holds critical information about the The registry holds critical information about the system, the users of the system, and installed system, the users of the system, and installed applications:applications:
Operating System version number, build number, and Operating System version number, build number, and registered user.registered user.
Information for every properly installed application,Information for every properly installed application, Information about the computer’s processor type and Information about the computer’s processor type and
system memory.system memory. User-specific information (home directory, app. User-specific information (home directory, app.
preferences)preferences) Security information such as user account names.Security information such as user account names. Installed servicesInstalled services Mapping from file names to programs/executables.Mapping from file names to programs/executables. Mapping network addressees to host machine names.Mapping network addressees to host machine names.
Registry contents: Security Registry contents: Security
Information the registry includes:Information the registry includes: System ConfigurationSystem Configuration Devices on the SystemDevices on the System User NamesUser Names Personal Settings and Browser PreferencesPersonal Settings and Browser Preferences Web Browsing ActivityWeb Browsing Activity Files OpenedFiles Opened Programs ExecutedPrograms Executed PasswordsPasswords
Windows 9x RegistryWindows 9x Registry
FilenameFilename LocationLocation ContentContentsystem.datsystem.dat C:\WindowsC:\Windows Protected Protected
storage area for storage area for all usersall users
All installed All installed programs and programs and their settingstheir settings
System settingsSystem settings
user.datuser.datIf there are multiple user If there are multiple user profiles, each user has an profiles, each user has an
individual user.dat file inindividual user.dat file in windows\profiles\user windows\profiles\user accountaccount
C:\WindowsC:\Windows Most Recently Most Recently Used (MRU) filesUsed (MRU) files
User preference User preference settingssettings
Modern Windows Modern Windows RegistryRegistry
FilenameFilename LocationLocation ContentContentntuser.datntuser.datIf there are multiple If there are multiple user profiles, each user user profiles, each user has an individual has an individual user.dat file inuser.dat file in windows\profiles\windows\profiles\user accountuser account
\Documents and \Documents and Settings\user accountSettings\user account
Protected storage area Protected storage area for userfor user
Most Recently Used Most Recently Used (MRU) files(MRU) files
User preference User preference settingssettings
DefaultDefault \Windows\system32\\Windows\system32\configconfig
System settingsSystem settings
SAMSAM \Windows\system32\\Windows\system32\configconfig
User account User account management and management and security settingssecurity settings
SecuritySecurity \Windows\system32\\Windows\system32\configconfig
Security settingsSecurity settings
SoftwareSoftware \Windows\system32\\Windows\system32\configconfig
All installed programs All installed programs and their settingsand their settings
SystemSystem \Windows\system32\\Windows\system32\configconfig
System settingsSystem settings
Windows Security and Relative Windows Security and Relative IDID
► The Windows Registry utilizes a The Windows Registry utilizes a alphanumeric combination to uniquely alphanumeric combination to uniquely identify a security principal or security identify a security principal or security group.group.
► The Security ID (SID) is used to identify the The Security ID (SID) is used to identify the computer system.computer system.
► The Relative ID (RID) is used to identity the The Relative ID (RID) is used to identity the specific user on the computer system.specific user on the computer system.
► The SID appears as:The SID appears as: S-1-5-21-927890586-3685698554-67682326-S-1-5-21-927890586-3685698554-67682326-
10051005
Registry StructureRegistry Structure
Registry StructureRegistry Structure
► Registry has five top level branches or Hives:Registry has five top level branches or Hives: HKEY_CLASSES_ROOTHKEY_CLASSES_ROOT
► COM server info, file associations, shortcutsCOM server info, file associations, shortcuts HKEY_CURRENT-USERHKEY_CURRENT-USER
► Logged in user name, desktop, start menuLogged in user name, desktop, start menu HKEY_LOCAL_MACHINEHKEY_LOCAL_MACHINE
► Hardware, software, preferences for all usersHardware, software, preferences for all users HKEY_USERSHKEY_USERS
► Individual preferences for each user, represented by Security Individual preferences for each user, represented by Security ID (SID)ID (SID)
HKEY_CURRENT_CONFIGHKEY_CURRENT_CONFIG► Links to part of HKEY_LOCAL_MACHINE for current hardwareLinks to part of HKEY_LOCAL_MACHINE for current hardware
HKEY_DYN_DATAHKEY_DYN_DATA► Links to part of HKEY_LOCAL_MACHINE for PlugAndPlayLinks to part of HKEY_LOCAL_MACHINE for PlugAndPlay
Registry Value TypesRegistry Value Types
► REG_BINARYREG_BINARY Raw binary dataRaw binary data
► REG_DWORDREG_DWORD 32 bit integers – often representing bools32 bit integers – often representing bools
► REG_SZREG_SZ stringstring
► REG_EXPAND_SZREG_EXPAND_SZ Expandable stringExpandable string
► REG_MULTI_SZREG_MULTI_SZ Container for null separated stringsContainer for null separated strings
Exporting and ImportingExporting and Importing
► In RegEdit select a keyIn RegEdit select a key► File ExportFile Export► Provide filespec info in resulting save dialogProvide filespec info in resulting save dialog
Using RegeditUsing Regedit
Using CCleanerUsing CCleanerhttp://www.piriform.com/ccleanehttp://www.piriform.com/ccleane
rr