Sabtu, 15 Maret 2008

What is Registry- Introduction

Question:-What is Windows Registry?
Answer:-Windows Registry
The Windows registry is a directory which stores settings and options for the operating system for Microsoft Windows 32-bit versions, 64-bit versions and Windows Mobile. It contains information and settings for all the hardware, operating system software, most non-operating system software, users, preferences of the PC, etc. Whenever a user makes changes to Control Panel settings, file associations, system policies, or most installed software, the changes are reflected and stored in the registry. The registry also provides a window into the operation of the kernel, exposing runtime information such as performance counters and currently active hardware. This use of registry mechanism is conceptually similar to the way that Sysfs and procfs expose runtime information through the file system (traditionally viewed as a place for permanent storage), though the information made available by each of them differs tremendously.

The Windows registry was introduced to tidy up the profusion of per-program INI files that had previously been used to store configuration settings for Windows programs.[1] These files tended to be scattered all over the system, which made them difficult to track.


Structure
Keys and Values
The registry contains two basic kinds of elements: keys and values.
Registry Keys are similar to folders - in addition to values, each key can contain subkeys, which may contain further subkeys, and so on. Keys are referenced with a syntax similar to Windows' path names, using backslashes to indicate levels of hierarchy. E.g. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows refers to the subkey "Windows" of the subkey "Microsoft" of the subkey "Software" of the HKEY_LOCAL_MACHINE key.

Registry Values are name/data pairs stored within keys. Values are referenced separately from keys. Value names can contain backslashes which would lead to ambiguities were they referred to like paths. The Windows API functions that query and manipulate registry values take value names separately from the key path and/or handle that identifies the parent key.

The terminology is somewhat misleading, as the values are similar to an associative array, where standard terminology would refer to the name part of the value as a "key". The terms are a holdout from the 16-bit registry in Windows 3, in which keys could not contain arbitrary name/data pairs, but rather contained only one unnamed value (which had to be a string). In this sense, the entire registry was like an associative array where the keys (in both the registry sense and dictionary sense) formed a hierarchy, and the values were all strings. When the 32-bit registry was created, so was the additional capability of creating multiple named values per key, and the meanings of the names were somewhat distorted[2].

There are a number of different types of values:

List of Registry Value Types

0 REG_NONE No type
1 REG_SZ A constant string value
2 REG_EXPAND_SZ An "expandable" string value that can contain environment variables
3 REG_BINARY Binary data (any arbitrary data)
4 REG_DWORD/REG_DWORD_LITTLE_ENDIAN A DWORD value, a 32-bit unsigned integer (numbers between 0 and 4,294,967,295 [232 – 1]) (little-endian)

5 REG_DWORD_BIG_ENDIAN A DWORD value, a 32-bit unsigned integer (numbers between 0 and 4,294,967,295 [232 – 1]) (big-endian)

6 REG_LINK symbolic link (UNICODE)
7 REG_MULTI_SZ A multi-string value, which is an array of strings
8 REG_RESOURCE_LIST Resource list
9 REG_FULL_RESOURCE_DESCRIPTOR Resource descriptor
10 REG_RESOURCE_REQUIREMENTS_LIST Resource Requirements List
11 REG_QWORD/REG_QWORD_LITTLE_ENDIAN A QWORD value, a 64-bit integer (either big- or little-endian, or unspecified)

Tidak ada komentar:

Poskan Komentar