REGISTRY

2/3/2001

Registry: A common data base for software configuration data used in Microsoft Windows Operating systems. Introduced in Windows3, it is present in all Microsoft's 32 bit operating Windows systems -- 95, 98, Me, NT, 2000.

The Registry replaces a large, unwieldy, collection of .INI text files with a much larger and even more unwieldy hierarchial data base, Microsoft encourages all vendors to include the data for their programs in the Registry. Many do. Others, having discovered that moving Registry bound programs to a different PC or drive is virtually impossible, continue to use .INI files. The Registry was introduced in Windows 3 where it was designed as a data base of data about registered objects known to the system, It was used only to manage OLE data. Microsoft itself continued to use some .INI Files (SYSTEM.INI, WIN.INI, PROTOCOL.INI) in early versions of the 32 bit Operating systems.

Technically, the Registry, consists of two hidden files -- SYSTEM.DAT and USER.DAT along with two backup files with DA0 extensions. A copy of the Registry system files after initial installation -- SYSTEM.1ST is also stashed on the hard drive. As seen through Regedit, the Registry consists of six sections pertaining to "classes", current user, local machine, users, current configuration, and dynamic data. Under each is a hierarchial tree of entries with values (sometimes) at the tips of the chains. Sometimes the mere existence of an entry is sufficient and no data is present. The hierarchy is in a proprietary microsoft format. Values at the tip may be ASCII, binary, or 32 bit integer. Other data types are possible and are used in later versions or by vendors for their private data.

For the most part, nobody knows what is in the Registry, and "dead" entries are rarely removed when no longer needed. As a result, Registries can grow to many megabytes in size. Registries reside in memory and are one of the reasons that 32 bit Windows requires large memories to run. Microsoft issues dire warnings about the (probably real) dangers of editing the Registry, but many of their bug fixes require registry editing. The biggest problem is usually identifying what to edit.

The registry can be edited using the REGEDIT utility or similar third party tools. Changes can be made using change files with .REG or .INF extensions. REGEDIT can be run interactively in Windows and can also be run from a DOS command line. Windows 98 and later include a Registry Checker. REGCLEAN can be used to format check the Registry and do some minor cleanup. REGCLEAN is version specific and reportedly may do significant damage if used on the wrong Version. REGMON from http://technet.microsoft.com/en-us/sysinternals/default.aspx will compare two Registries on different machines -- something that is sometimes required when "identical" PCs do not behave the same.

In NT based Windows, there are security permissions associated with Registry keys. If the security is set loosely, the Registry is subject to alteration (and thus attack) by ordinary users. If security is set more tightly, it becomes impossible for users to install software that needs to set registry keys unless they log in as an administrator.

Since any program with an installation file can, and quite likely does, modify the Registry, full documentation of Registry contents is not possible. A number of web sites document standard registry keys to some extent. For example: http://srana.virtualave.net/winreg/wr5.htm

Return To Index Copyright 1994-2002 by Donald Kenney.