You can see the structure of the Windows Registry when you open it with a Registry Editor utility like REGEDIT.EXE Prayed REGEDT32.EXE.

If you’ve never opened the Registry before, you may be surprised and comforted by its familiar layout. Its hierarchical data structure is much like the data structure you see every day in Windows Explorer, except here the units of the tree structure are keys, subkeys, and values ​​instead of directories, subdirectories, and files. But any intuitive understanding of the Registry’s contents (for most people) ends here, because the Registry was designed more for the operating system and installed applications than for humans.

The hierarchical data structure and central location of the registry allow Windows and hosted applications to quickly locate their configuration settings and default settings, but these settings have values ​​in the registry that are different from their internally defined values ​​that are used by the applications themselves. This can make modifying application settings from the Registry a tiring and tedious task, which is why most changes to Registry data are made easier (and safer) by changing settings from individual applications or system utilities.

A closer look at the registry structure

The main divisions of the Windows Registry are seen as a list of 4 to 6 expandable folders, called root keys or hives, in the left pane of the Registry Editor window. These can be expanded to show the keys and subkeys, and these can be expanded to show more subkeys below or their value entries listed in the right pane in Registry Editor. The registry hives and a description of their contents are as follows:

* HKEY_LOCAL_MACHINE (HKLM): This root key (or subtree) contains configuration data specific to the local computer, including its hardware devices and operating system components. The information contained in HKLM is independent of the current user and the applications or processes in use.

* HKEY_CLASSES_ROOT (HKCR): This root key contains the COM, OLE, and file class object data. The keys, subkeys, and data within this hive are linked to (and identical to) those contained in the HKEY_LOCAL_MACHINESoftwareClasses hive.

* HKEY_CURRENT_CONFIG (HKCC): This root key is added to make current versions of Windows compatible with earlier Windows 95 applications. It is derived from HKLMSystemCurrentControlSetHardwareProfilesCurrent and contains configuration options for all currently active hardware.

* HKEY_CURRENT_USER (HKCU): This root key contains profile information for the currently logged in user. Every time a user logs in, HKCU is rebuilt with that user’s profile data from HKEY_USERS.

* HKEY_USERS (HKU) – This root key contains the default profile and the profiles of all users logged on to the computer.

* HKEY_DYN_DATA (HKDD): This root key is only found on Windows 95/98/ME. It is linked to HKEY_LOCAL_MACHINE and contains information about Plug and Play hardware components. HKDD, for use with Windows Plug-&-Play features, this section will change as devices are added and removed from the system.

The “HKEY_” at the beginning of each root key’s name indicates that the key is a unique identifier (or identifier) ​​that programs can use to access resources. Each of these root keys branches, first into keys and then into subkeys. At the end of these branches of keys and subkeys is the registry data, or value entries, corresponding to the data stored in the hive files.

The Windows Registry can store several different types of values, but the most common ones you’ll see are binary, string (text for humans), and DWORD (boolean) values.

log hives

Much of the information contained in the Registry is stored on the computer’s hard drive as a set of binary data files aptly called “hives.” Hives are permanent components of the Registry, serving as support files from which Windows retrieves Registry data during system startup and as backup files that the Registry writes whenever its support data is altered or changed over time. of a process called emptying. Flushes are automatic and occur a few seconds after changes are made to the Registry.