Windows Registry

The Windows Registry . hierarchical database (with branches dependent on others of greater hierarchy or importance).


[ hide ]

  • 1 Description
  • 2 History
  • 3 Operation
  • 4 Structure of the Registry
  • 5 Primary Registry Keys
  • 6 Source


The Windows Registry is a set of files that are created during the installation of the operating system and that contain all the information regarding the computer .

It is important to know some of the basic concepts of the Registry, because the Registry, as a brain , controls basically all the functions of the system, and is the frequent target of computer viruses to make modifications or add entries that allow them to be run every time the computer to start.

Windows queries the Registry at startup and then several times in a typical work session. There it is established from which program will open each type of file, the parameters of the Internet connection , the background color of the desktop and even the keyboard language map . This is why a registry that is poorly configured or altered for multiple reasons, such as the installation of a program, can report unexpected errors and failures.


The registry first appears with Windows 95 and replaces the outdated .ini files, especially Win.ini and System.ini that stored Windows 3.x and system data, although these are still used by 16- bit programs .


The Registry is basically a hierarchical database (with branches dependent on others of greater hierarchy or importance), consisting mainly of the System.dat and User.dat files, which are usually found in the C: \ windows directory, where each The branches collect key data from the Windows configuration itself, from the hardware , from the installed applications and the personalization of each user, if profiles have been created.

Windows 95 saves a backup copy of the Registry with each successful system startup, in two files called user.da0 and system.da0 (the end is a zero, not a letter).

Windows 98 runs the ScanReg.exe program at every startup to detect, fix errors, and create a backup with every successful startup, but saves these copies as .cab files in the Windows Sysbckup folder. And something important: it stores five good copies of five successive starts. The first is called and the newer .Cab files are compressed files, like .zip files, and you can view or extract their content with the Windows interface or with programs like WinZip .

In case you have problems with Windows 98, and you want to test with a previous copy of the Registry to discard any recent modification, restart the computer in MS-DOS mode (or press the F8 key several times when you are starting the system, until the boot menu), and type the command scanreg / restore, choose one of the available backups and reboot the system when prompted.

If you type scanreg / fix instead of / restore, Windows repairs the registry.

It is recommended that you keep a backup copy of the Registry on a floppy disk, in a directory, or on another partition on your hard disk, to replace the original Registry in case it is accidentally altered or due to our tests.

Registry Structure

Broadly speaking, in the information stored in the Registry we must distinguish between Keys and Values. The keys are each of the branches that appear on the left side of the Registry Editor, as well as on the right side within the column labeled Name.

The keys that appear on the left are made up of other subkeys, which can be displayed in the same way that information is displayed in the Explorer , by clicking on the (+) sign.

The right side has the entries with the Names and Values ​​associated with each key, which can be modified or removed to uninstall something in Windows, or new entries can be created.

To modify the value corresponding to a specific key, just double click on the name of the key whose value we want to change. A dialog box will then appear with the name of the password and the current value, a value that we can modify to enter new information. The same result is also obtained by right-clicking on the name in question.

If what we need is to add a new password, it will be enough to position ourselves on the left side in that folder on which we want the new password to depend, then clicking the right mouse button and selecting the New, Password option.

In the same way we can add new values, simply by pressing the right button on the right side of the Registry Editor window, which will open a context menu with various types of values: string value, binary value or value DWORD. These values ​​will initially appear with a temporary name, but we can modify it to adapt it to our needs.

Primary Registry Keys

HKEY_LOCAL_MACHINE: It is the most important key; It contains the configuration data of the operating system, application programs (software) and devices (hardware) that you have installed on your PC. Your information is stored in the hidden System.dat file in the Windows directory (there is also a backup copy at the root of your hard drive, called System.1st).

Programs that remain memory resident, such as antivirus, Trojans (spyware), and viruses, are loaded from HKEY_LO-CAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run.

KEY_USERS: Contains the configuration data of each user, such as the way in which we have configured the presentation of folders, screensavers , sound, etc. If only one user is enabled there will be a single called subfolder. DEFAULT, from which other subkeys emerge. Your information is stored in the User.dat file.

HKEY_CURRENT_USER: The same type of information as the previous one, but it saves the configurations of several users.

HKEY_CURRENT_CONFIG: It is a quick access to the subkeys of the hardware profiles that are in HKEY_ LOCAL_MACHINE \ Config \ Profiles.

HKEY_CLASSES_ROOT: Contains the types of files used and their association with each specific program, the directories where they are installed and the opening commands.

HKEY_DYN_DATA: This entry stores the information of the plug and play devices (those that Windows recognizes and installs) such as the sound card , video, mouse or monitor .


Leave a Comment