|
|
|
|
|
|
|
|
|
|
|
|
THE WINDOWS REGISTRY
PART 3
by Brian Grainger: 
This article was first published in the ICPUGSE Newsletter Number 109
Have a look at the ICPUGSE web pages for details on how to join ICPUGSEINTRODUCTION
Last time I looked at some of the tools available for manipulating the Registry and gave a description of the top level Registry structure. My plan for this article was to expand the structure description to the first level subkeys. First of all I want to mention how Windows 98 differs in the startup process and to introduce another tool, which will delight those who really want to know what is going on.
WINDOWS 98 STARTUP
After a successful start of Windows 95 the Registry is backed up to two files SYSTEM.DA0 and USER.DA0. Windows 98 has refined this process to a much more sensible approach and uses a tool that replaces the Configuration Backup Utility of Windows 95. The tool in question is the Registry Checker that is in a file called SCANREGW.EXE located in the Windows folder. Windows 98 is set up by default to run this file on startup. You can manually run it at any time.
What the Registry Checker does is check that the Registry is structurally sound and if it is then offer to back it up. The backup is to a cabinet file named RBnnn.CAB, which is stored in the \Windows\Sysbckup folder. Various options are available with the Registry Checker, which are set in SCANREG.INI or given on the command line. You can modify the maximum number of backups kept as well as the directory where they are stored. You can check the Registry without doing a back up. Windows 98 by default is set to check the Registry every time it is started but will only backup on the first startup of the day. It also keeps the last 5 backups. This should mean that you notice a problem before you have overwritten all good backups with a duff one.
The process for repairing the Registry is also more straightforward in Windows 98. If Windows detects a bad Registry it will automatically recover a good one. You can manually recover a Registry backup at any time by starting the PC in MSDOS mode and giving the command SCANREG /RESTORE. The Registry backups are listed with the date and time of backup and an indication of whether or not Windows started successfully. You can then choose which one to restore.
A word of warning. The Configuration Backup Utility and the Emergency Recovery Utility of Windows 95 must NOT be used to restore a Windows 95 Registry to Windows 98. The PC will not boot up if you do.
Further details on the above can be found in the 'Administrating with the Registry' section of the Windows Resource Kit compiled help file distributed on the Windows 98 CD-ROM.
REGMON - THE TOOL THAT OPENS THE WINDOW ON WINDOWS
During one of my web surfing sessions into one of the more esoteric backwaters I came across a link to www.sysinternals.com. Now these guys do things like we used to do in the early days of ICPUG. Among the utilities they have produced is Regmon. When Regmon is opened every access to the Registry will be logged. The log shows, for each call to the Registry, which process is making the call; what request is being made; which registry key is being accessed; the result of the request. You only have to open Regmon and open and close a few Windows and it will give lie to one of the original questions, 'Why does it sometimes appear that the Registry is not necessary at all?' There is a huge amount of Registry activity. So much that you can be swamped by the amount of information available. However, Regmon allow you to filter the results so that you can include which process or registry keys are monitored and/or which are excluded. With appropriate use of the filters you can home in on the particular area of interest in the Registry. You can search the results or save the results to a file and double clicking any key in the result log will open up the Registry Editor at the appropriate key. This tool is a must for those of us who want to know what an application is doing, particularly when it does not work how we want. The tool works on all flavours of 32 bit Windows, including NT. Here is an example of its use, (which I have not tried yet so cannot vouch for its success). If you use Paint Shop Pro you will know that version 5 is shareware which times itself out after 90 days. Even if you uninstall it and try to reinstall it then 90 days after its first installation Paint Shop Pro will not install again. What is telling it that a previous installation was made? Usually this is done by a file hidden on the disk at the time of the first installation but I have read that Paint Shop Pro stores something in the Registry. The question is, what? The answer might be found by opening Regmon, trying to install Paint Shop Pro and seeing what keys it looks for. When you have isolated the one giving it the information then delete it and see if Paint Shop Pro will install again!
STRUCTURE OF HKEY_LOCAL_MACHINE
Config
The Config subkey contains the details of alternate computer hardware configurations. For example, a laptop may have different configurations depending on whether it is connected to a network via a docking station or undocked. Each alternate configuration has a unique identifier, e.g. 0001, 0002, etc., which forms a subkey under Config. Each configuration will be seen as a hardware profile in the System option of Control Panel.
At Windows startup the hardware configuration is checked and usually mapped to one of the configurations listed. This then becomes the current configuration, which is pointed at by HKEY_CURRENT_CONFIG. When a computer is started with new hardware components Windows creates a new configuration with a new enumeration. This will be added to the Config subkey. Note that new hardware is very subjective here. Adding a scanner or modem, etc. does not seem to cause this action to occur.
Enum
The Enum subkey contains data on all the hardware devices on the computer. The device information is subdivided under various subkeys, e.g. FLOP for floppy devices, SCSI for SCSI devices, USB for USB devices etc. All hardware information, such as device type, assigned drive letters, manufacturers and drivers is stored in this part of the registry somewhere. The information that is displayed in the Device Manager, obtained by selecting the System option of the Control Panel, comes from this part of the Registry.
Hardware
According to the Windows 95 Resource Kit this subkey contains information about serial ports and modems used with the HyperTerminal program. Well the DeviceMap/SerialComm subkey does tell me that the data in the COM1 subkey is "COM1" and likewise for COM2 and 3, but no mention is made of modems. The more interesting subkey is Description/System, which seems to contain information on the various processor chips that the PC system board may contain.
Network
The Network subkey is used, not surprisingly, to store information created when a user logs on to a networked computer. Computers that access the Internet as well as those that log on to Windows are regarded as networked computers so many of us at home will have information in this part of the registry. The primary network provider is identified, which may simply be Windows Logon or Microsoft Family Logon if you have Windows 98. The User ID of the person logged on is also shown. The information that is displayed by selecting the Network option of Control Panel comes from this part of the Registry.
Security
The Security subkey provides information about the network security provider and any remote administration capabilities. I cannot tell you any more than that because my PC is not configured for any of this!
Software
The Software subkey holds a wealth of information. Computer specific, rather than user specific, information about installed software is handled here. The entries apply to anyone using the computer and include definitions on file associations and OLE information. Any information added, when registering an application to use a specific filename extension or during installation, is placed here. The Software subkey contains within it a number of subkeys. Many relate to specific software installed but one is called Classes and I will deal with that first.
The Classes subkey contains two types of subkey within it. The first type reflects all the possible filename extensions that have been registered. (As an example we will look at .txt subkey). This contains, as a minimum, two pieces of data. The Default value gives the identity of the Class Definition (see later). The Content Type value is a description of the type of file associated with that extension. For the .txt subkey we have the Default value is txtfile and the Content Type value is text/plain. Sometimes a filename extension subkey will include subkeys such as ShellEx and ShellNew. As yet I have not worked out what these are for.
The second type of subkey within Classes is the Class Definition subkey. This will then provide shell and OLE properties for the class of document. If an application supports Dynamic Data Exchange (DDE), the Shell subkey can contain Open and Print subkeys that define DDE commands for opening and printing files, similar to the OLE and DDE information stored in the Registry under earlier versions of Windows. We saw that .txt had a Default value of txtfile so we can find a Class Definition subkey called txtfile. This contains subkeys for Default Icon, Shell\Open\Command and Shell\Print\Command. The Default Icon subkey has a Default value that, I believe, defines the icon that is displayed when such a file occurs on the Desktop, in My Computer or Explorer, or on the Start Menu. The Shell\Open\Command subkey has a default value of c:\windows\NOTEPAD.EXE %1, which tells us that the .txt file (%1) is opened with Notepad. Similarly the Shell\Print\Command subkey has a default value of c:\windows\NOTEPAD.EXE /p %1. This time Notepad is called with the /p option, which means print.
Although I have said, as does the Windows Resource Kit, that there are 2 types of subkey within Classes there is a special subkey called CLSID. Open it and you see loads of numbers. As yet I have no clue what these are for and Microsoft is not forthcoming either. I can only assume they are related to the inner working of Windows.
It is now time to look at the rest of the subkeys within the Software subkey. The majority are of the form:
HKEY_LOCAL_MACHINE\Software\CompanyName\ProductName\Version
Any information within these subkeys has been defined by the software author and is placed in the Registry at the time of software installation. You would edit these values at your peril. However there is one area that is particularly interesting. The Microsoft subkey contains details on the Microsoft software installed and in particular the Microsoft\Windows\Current Version subkey provides information that determines how Windows operates. Some of the things here are ripe for editing, but more of that later. At the moment let me just point out that all the registration information given when Windows was installed can be found here. Want to know what the Product ID or Product Key was? You will find it here.System
The information in the System subkey is organised into control sets that contain a complete set of parameters for device drivers and services that can be loaded with Windows 95. All information that controls startup is described in the subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet.This has two parts:
The Control subkey contains startup parameters for the system, including the computer’s network name, settings for startup and shutdown, file system performance, keyboard layouts, language support, etc.
The Services key contains information to control the loading and configuration of drivers, file systems, etc. The data in the Services key also controls how these services call each other.
CONTROLLING WHAT PROGRAMS ARE EXECUTED ON STARTUP
To finish this time let me show how knowledge of the registry can be useful to control how Windows works. Do you know where to place programs so that Windows automatically loads them on startup? More to the point, do you know where to look if you want to stop something, installed by an application, that starts automatically? You probably know that anything in the Startup folder runs on startup. If you are a wizard with Windows 3.x you probably know that anything referred to in the 'load=' and 'run=' lines of the [Windows] section of win.ini will also load on startup. However, Windows 9x has added yet more places to store startup files. If your PC is set for multiple users or set to use a network there will be a folder called:
C:\Windows\All Users\Start Menu\Programs\Startup
Anything stored in this folder will start automatically. Finally there are three other places that Windows 9x and applications can hide things and they are in the Registry. What is worse is that in Windows 95 there are no standard tools for stopping these files from starting and yet some software installations demand that you close all running programs. Two of the hiding places are within the Microsoft\Windows\CurrentVersion subkey mentioned above and the third is within the user version, (rather than local machine version), of the same subkey. The three places to look are:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
So, if you want to stop something running, look at these places in the registry and when you have found the offending item either delete it or create a temporary new key and move the item. You can then move it back when you want it to start automatically again.Windows 98 provides a utility called System Information where you can view these areas of the registry. Open the utility from Start Menu - Programs - Accessories - System Tools and choose the 'Software Environment\Startup Programs' branch from the displayed hierarchy. By choosing System Configuration Utility from the Tools menu of System Information you can enable/disable any item that is started automatically.
Windows 95 does not include the System Information utility and the version provided with Office 95 did not include the ability to look at the Startup programs. All is not lost however. There is a truly excellent utility called Startup Cop that is distributed by Ziff-Davis and can be found at www.pcmag.com/utilities. Startup Cop runs on Windows 95, 98 and NT4 and has enhanced functionality over the System Information Utility.
CONCLUSION TO PART 3
This time I have looked at the subkeys within HKEY_LOCAL_MACHINE and described how to control the automatic startup of some programs by amending certain subkeys within the area. Next time I want to look at the subkeys in the other top-level keys of the Registry and introduce some more Registry tweaks to help you to get Windows 95 as you want.
In preparing this article I have used the following data sources and thanks are given to the individuals concerned in their preparation.
Windows 95 Resource Kit (initiated by Microsoft)
Windows 98 Resource Kit (initiated by Microsoft)
Help File for Startup Cop (initiated by Neil J. Rubenking)
