|
|
|
|
|
|
|
|
|
|
|
|
THE WINDOWS REGISTRY
PART 2
by Brian Grainger: 
This article was first published in the ICPUGSE Newsletter Number 108.
Have a look at the ICPUGSE web pages for details on how to join ICPUGSEINTRODUCTION
Last time I wrote about the historical background to the Registry, why it came about and what its purpose was. I finished by mentioning that the Registry was implemented as two files, SYSTEM.DAT and USER.DAT. When Windows started SUCCESSFULLY these two files were backed up to SYSTEM.DA0 and USER.DA0. Let me now continue the discussion.
REPAIRING THE REGISTRY
If Windows fails to start the backed-up Registry from the last successful start up can be copied over the current Registry. This method recovers the last successful settings after a system failure. The following procedure can be used:
1.
Click the START button, and then click SHUT DOWN.
2.
Click RESTART THE COMPUTER IN MS-DOS MODE, then click YES.
3.
Change to your Windows directory. For example, if your Windows directory is c:\windows, you would type the following:
cd c:\windows
4.
Type the following commands, pressing ENTER after each one.
attrib -h -r -s system.dat
attrib -h -r -s system.da0
copy system.da0 system.dat
attrib -h -r -s user.dat
attrib -h -r -s user.da0
copy user.da0 user.dat
5.
Restart your computer.
You will also find in the root directory of your hard disk a file named SYSTEM.1ST. This was created when Windows was successfully installed for the first time and also has system, hidden and read only attributes. In a real disaster situation when the backup Registry files have got corrupted you could also change the file attributes of this file and copy the file to SYSTEM.DAT.
TOOLS FOR MANIPULATING THE REGISTRY
Registry Editor
The primary tool, for viewing and editing the Registry is called, not surprisingly, the Registry Editor! The file is named REG.EDIT and is stored in the Windows directory when Windows had been installed from a CD-ROM. If Windows was installed from floppy disks you will not find the Registry Editor on your hard disk. (Perhaps Microsoft thinks that anyone who uses floppy disks to install Windows is not intelligent enough to use the Registry Editor. They may have a point- patient, but not intelligent!)
To run the Registry Editor:
1. From the START button, click RUN
2. type regedit and click OK
When you run the Registry Editor, it displays the Registry data in two panes, a bit like Windows Explorer.
In the left pane Registry keys are displayed in a folder format. If there is a small plus sign next to a key then it will have further keys below called subkeys. Initially the left pane will show the 6 top level 'Handle' keys (H_KEY for short).
(Diversion: In Windows NT they were called Hives, not Handles. I was told, on my NT Administration course, that this was because the original designer of the registry structure kept bees as a hobby. How true this story was I am not sure, but it sounds plausible).In the right pane the Registry Editor displays the value entries associated with the selected key in the left pane. A value entry has three parts:
the data type of the value
0101
abfor binary data
for readable text)The name of the value
The value itself.
Note that the right pane will NOT display subkeys for the selected key, as you would expect if the Windows Explorer metaphor was adhered to.
The Registry Editor provides the following functions
- A search facility to find a key, value name or value data which matches a given input string
- delete keys or value names
- add new keys or value names
- change key and value names or data
- export of any section of the Registry to a registration file (*.REG)
- import of a registration file to the Registry
- print of all of or sections of the Registry
Configuration Backup Utility (Windows 95 only?)
You are continually warned not to edit the Registry unless you have a backup. A simple way to do this is copy the SYTEM.DAT and USER.DAT files. As time goes on these files will increase to enormous sizes so backup to a floppy will not be realistic. If you are really into Registry hacking then the Configuration Backup Utility (CBU) could be useful. You can find the file, called CFGBACK.EXE in the \OTHER\MISC\CFGBACK directory on the Windows CD-ROM.
This utility not only backs up the Registry data but also allows the complete backup, restoration and storage of up to nine separate system configurations.
Before editing the Registry you could use the CBU to back up the current configuration and name it something meaningful. Then it can be recognised in the event that it needs to be restored at some point in the future.
When a mistake is made in editing the Registry, or if the latest changes have achieved some rather undesirable and disastrous effects, all you have to do is open up the Configuration Backup and select RESTORE. After you reboot your machine, the restored configuration returns your system to the settings BEFORE the disaster took place.
Regular use of the CBU will minimise any danger involved in editing the Registry and can always return you to an earlier configuration of your own choosing.
Registry Cleaner
The Registry is a database and like most databases when you delete data it leaves holes in the files. It does not reduce the size of the files. If you are constantly adding and removing programs/hardware this could lead to files with large chunks of blank data in them. The purpose of a Registry cleaner is to remove this blank data and reduce the file sizes. Microsoft had a file called RegClean on its web site to perform this task. In the early days of Windows 95 there were some questions asked as to whether this utility really did the job properly. There were other sources of Registry Cleaner utilities as well. The hack it approach is:
- back up the registry in case of disaster
- export the whole registry to a file (COMPACT.REG for example) using the Registry Editor.
- restart in MSDOS mode
- delete the registry files
- import the registry file COMPACT.REG using the DOS mode Registry Editor.
TOP LEVEL REGISTRY STRUCTURE
Of the 6 Handle keys displayed when the Registry Editor is opened there are two at the pinnacle of the Registry hierarchy. These are:
Hkey_Local_Machine
This key contains computer specific information about the type of hardware installed, software settings and other information. This information is used for all users who log on to the computer.
Hkey_Users
This key contains information about all the users who log on to the computer, including both generic and user-specific information. The generic settings are available to all users who log on to the computer. The information is made up of default settings for applications, desktop configurations, etc. This key contains subkeys for each user that logs on to this computer.
A further 3 handle keys initially displayed are associated with the Hkey_Local_Machine as follows:
Hkey_Current_Config
Under Hkey_Local_Machine you will see a subkey called Config. This is turn may have one or more subkeys which are enumerated 001, etc. The Hkey_Current_Config key points to one of these enumerations. The key is not a separate data structure but merely a pointer. It enables quick access to the current configuration data. Change data for one subkey in one data structure and it will automatically reflect in the other. The key contains information about the current configuration of hardware attached to the computer.
Hkey_Classes_Root
Under Hkey_Local_Machine you will see a subkey called Software. This is turn has a subkey called Classes. The Hkey_Classes_Root key points here. Once again the key is merely a pointer. It enables quick access to the Class data. Change data for one subkey in one data structure and it will automatically reflect in the other. The key contains data which describes certain software settings. This key displays the same data as was in the Windows 3.1 registration database - essential information about OLE and association mappings to support drag-and-drop operations. It is extended in Windows 95 to include Windows 95 shortcuts, (which are, in fact, OLE links), and core aspects of the Windows 95 user interface.
Hkey_Dyn_Data
According to Microsoft this key points to a branch of Hkey_Local_Machine. However, while there is a tie up in some of the data values I cannot see the keys duplicated. This leads me to believe that they are not pointers like those for the two subkeys above and is best treated as if it is a separate data structure. This key contains data on the dynamic status information for various devices as part of the Plug and Play information. This information may change as devices are added to or removed from the computer. The values for each device includes the related hardware key and the device’s current status, including problems. It is the hardware key which resides in the Hkey_Local_Machine data structure and there gives static details about the hardware in question. The Hkey_Dyn_Data key also contains a PerfStats subkey. I assume this stands for performance statistics but I do not know how it works. Maybe it is data related to network operation.
The final handle initially displayed is related to the Hkey_Users as follows:
Hkey_Current_User
Under Hkey_Users you will see a subkey called .Default. There may also be other subkeys when multiple users are defined for a PC. The Hkey_Current_User key points to one of these subkeys. The key is merely a pointer. It enables quick access to the current user's data. Change data for one subkey in one data structure and it will automatically reflect in the other. This key holds user specific data for the current user and appears to include both generic data applicable to all users and data that applies only to the current user.
CONCLUSION TO PART 2
This time I hope I have managed to give an idea of the basic structure of the Registry. Next time I want to expand this and look in more detail at the subkeys in the Registry. I will also introduce a few amendments that can be made to make your PC run differently and perhaps remove some irritations of Windows 9x.
In preparing this article I have used the following data sources and thanks are given to the individuals concerned in their preparation.
Windows 95 Resource Kit (initiated by Microsoft)
Windows 95 Registry FAQ (initiated by Kent Daniel Bentkowski)
