The registry may seem mysterious because it has a complex structure and irrelevant CLSID keys. Unfortunately, Microsoft did not fully disclose the supporting information about the correct setting of the registry, which made the registry look more unpredictable. The processing and editing of the registry is like "black art", and its setting in the system makes users feel like groping in the dark. In this way, due to users' lack of understanding in this area, more registry failures occur.
Windows registry is a set of data files that help Windows control hardware, software, user environment and Windows interface. The registry is contained in two files system.dat and user.dat in the Windows directory and their backups system.da0 and user.da0. You can access the registry database through the regedit.exe program in the Windows directory. Previously, in the early version of windows (before win95), these functions were realized by win.ini, system.ini, etc. Ini files related to the application.
In the windows operating system family, the two files, system.ini and win.ini, contain all the control functions and application information of the operating system. System.ini manages computer hardware, and win.ini manages desktops and applications. All drivers, fonts, settings and parameters will be saved in. Any new program will be recorded in. Ini file. These records will be referenced in the program code. Because of the file size limit of win. INI and system.ini, programmers add assistance. Ini file to control more applications. For example, Microsoft Excel has an excel.ini file that contains options, settings, default parameters and other information related to the normal operation of Excel. In system.ini and win.ini, just point out the path and file name of excel.ini
At the beginning, system.ini and win.ini controlled the characteristics and access methods of all windows and applications, and they worked well in the environment of a few users and a few applications. With the increase of the number and complexity of applications, it is necessary to provide the. Ini file. In this way, in a constantly changing environment, everyone will change after the application is installed in the system. Ini file. However, no one will delete it. Ini files, so the two files, system.ini and win.ini, will get bigger and bigger. Every addition of content will lead to slower and slower system performance. And every time you apply the upgrade, there is a problem: the upgrade will add more parameter items but never delete the old settings. There is another obvious problem. The maximum size of. The ini file is 64KB. In order to solve this problem, software vendors began to support their own. Ini files, and then point to specific ini files, such as win.ini and system.ini files. So, how heavy. The ini file affects the normal access level setting of the system. If the application's. Ini file and win. INI files conflict, whose priority is higher?
The registry was originally designed as a data file related to the reference file of the application, and finally expanded to include all the functions of the 32-bit operating system and the application. The registry is a set of files that control the appearance of the operating system and how to respond to external events. These "events" range from direct access to hardware devices to how interfaces respond to specific users to how applications run. Because of its purpose and nature, the registry becomes very complicated. It is designed for 32-bit applications, and the file size is limited to about 40MB.
What does the registry do?
Registry is a data file designed for all 32-bit hardware/drivers and 32-bit applications in Windows NT and Windows95. 16-bit driver can't work under Winnt, so all devices are controlled through the registry, which is generally controlled through BIOS. Under Win95, 16-bit drivers will coNTinue to work in real mode, and they are controlled by system.ini. 16-bit applications will work under nt or Win95, and their programs will still refer to win.ini and system.ini files for information and control.
Without the registry, the operating system will not be able to obtain the information needed to run and control the connected devices and applications, and correctly respond to user input.
In the system, the registry is a database that records the settings and locations of 32-bit drivers. When the operating system needs to access hardware devices, it uses drivers, even devices supported by BIOS. Drivers are required when installing devices without BIOS support. This driver is independent of the operating system, but the operating system needs to know where to find them, file names, version numbers, other settings and information. If there is no registry to record devices, you cannot use them.
When a user is ready to run an application, the registry provides application information to the operating system so that the application can be found, the location of the correct data file can be specified, and other settings can be used.
The registry stores location information about default data and auxiliary files, menus, button bars, window states and other optional items. It also saves installation information (such as date), the user who installed the software, the software version number and date, serial number, etc. It contains different information according to the installed software.
But generally speaking, the registry controls all 32-bit applications and drivers, and the control mode is based on users and computers, and does not depend on applications or drivers. The parameter items of each registry control the functions of users or computers. User functions may include desktop appearance and user directories. Therefore, computer functions are related to the installed hardware and software, which is common to all users.
Some program functions have an impact on users, sometimes on computers rather than personal settings. Similarly, drivers may be specified by users, but in many cases, they are common in computers.
Examples of registry control user modes are:
Control panel function;
Desktop appearance and icons;
Network parameters;
Browser functions and features;
Some of those functions have nothing to do with users, and some are aimed at users.
Computer-related controls are based on the computer name and have nothing to do with the logged-in user. An example of a control type is installing an application. No matter which user, the availability and access of the program are unchanged. However, the icon for running the program depends on the user who logs on to the network. The availability and priority of network protocols are computer-based, but the current connection is related to user information.
The following are some examples of basic and computer control entries in the registry:
Access control;
Login confirmation;
Enjoy files and printers * * *;
Network card settings and protocols;
System performance and virtual memory settings;
Without the registry, Win95 and Winnt cannot exist. They are so complex that they cannot be controlled by the past. Ini files, and their extensibility requires almost unlimited installation and use of applications, which is realized by the registry. However, the registry is better than. Ini file, understanding its working principle, function and usage is the key to effective management system.
In the system, the registry controls all 32-bit applications and their functions, as well as the interaction of multiple applications, such as copying and pasting. It also controls all hardware and drivers. Although most of the settings can be installed through the control panel, understanding the registry is still the basic knowledge of Winnt and Win95 system management.
Second, the structure of the registry.
Structure of registry
Registry is a complex information database built by Windows programmers, which is multi-layered. The basic structure of the registry on different systems is the same. These complex data will be combined in different ways to form an absolutely unique registry.
In Winnt, the registry data of computer configuration and default user settings are saved in the following five files:
Default, SAM, security, software, system, NTUSER. Date.
All system registration information in Win95 is saved in the system. DAT file in windows directory. All hardware settings and software information are also saved in this file. It is much simpler than the NT registry file because it does not require more control. Win95 is designed as a network client or a system that works alone, so the user control or security level is different from nt. This makes the Win95 registry easier to work than NT, so this file is also smaller.
The registration data of Win95 users are generally stored in the user.dat in the windows directory. If you create and use profiles of multiple users in Control Panel | Password | User Profile, each user will have his own User. dat file under \ Windows \ profiles \ username \ user.dat. DAT information) will be loaded to keep your own desktop and icons.
control key
In Registry Editor, use the control keys to display or edit registry keys. Control keys make it easier to find and edit groups of information items. Therefore, the registry uses these entries. There are six control keys here.
HKEY _ Local _ Machine
HKEY _ Class _ Root
HKEY _ Current _ Configuration
HKEY_DYN_DATA
HKEY _ user
HKEY _ Current _ User
The registries of Winnt and Win95 are incompatible. Upgrading from Win95 to Winnt requires reinstalling 32-bit applications, recreating icons on the desktop, and re-establishing the user environment.
It is easier to edit the registry through the control keys. Although they appear to display and edit independent keys, HKEY _ Class _ Root and HKEY _ Current _ Configuration are actually part of HKEY _ Local _ Machine. The current HKEY user is a part of HKEY users.
HKEY_LOCAL_MACHINE contains all the contents of HKEY _ class _ ROOT and HKEY_CURRENT_CONFIG. Every time the computer is started, the information of HKEY _ current _ configuration and HKEY _ class _ root is mapped for viewing and editing.
HKEY _ class _ root is actually HKEY _ local _ machine \ software \ class, but editing in HKEY _ class _ root window is relatively easier and more organized.
HKEY users save default user information and currently logged-in user information. When the domain member computer is started and the user logs in, the domain controller will automatically send information to the current HKEY user, and the current HKEY user information will be mapped into the system memory. Other users' information is not sent to the system, but recorded in the domain controller.
Keys and subkeys
Data is divided into multi-level keys and sub-items, and it is easier to edit by establishing a hierarchy (just like Exploer). Each key has a set of information and is named according to its data type. There is a plus sign (+) on the folder icon of each key, indicating that there is more content below. When you click it, the plus sign of the folder is replaced by the minus sign (-), and then the children at the next level are displayed.
All software, hardware and windows working settings are stored in HKEY_LOCAL_MACHINE. All security policies, user rights and * * * enjoyment information are also included in this key. In Win95, user rights, security policies and * * * enjoyment information can be set through Windows NT domain user manager, browser and control panel.
HKEY _ Class _ Root
The HKEY class root contains all the information needed for the application to run:
All extensions and associations between files and applications;
All driver names;
The ID number of the class (the name of the item to be accessed is replaced by a number);
Information about DDE and OLE;
Icons for applications and files;
HKEY current configuration.
The current configuration of HKEY is the mapping of current hardware configuration information in HKEY local machine. If the system has only one configuration file, that is, the original configuration, the data will always be in the same location. Create additional configuration in Control Panel | System | Hardware Profile |, and put the additional configuration information into HKEY_LOCAL_MACHINE. When there are multiple profiles in Win95, you will be prompted to select a profile every time the computer starts. In Winnt, you can press the spacebar to select the hardware configuration file of the last normal startup. According to the selection of hardware configuration file, specific information is mapped to HKEY's current configuration.
HKEY_DYN_DATA
HKEY_DYN_DATA is different from other registry keys because it is not actually written to the hard disk drive. One advantage of Win95 is that the control key HKEY_DYN_DATA stores the collected plug-and-play information and configures it when the system starts. It is stored in memory, and Win95 uses it to control hardware. Because it is in memory and not read from the hard disk, the computer configuration may be different every time you start it. Win95 must calculate more than 1600 possible configurations at startup. Therefore, if the system changes the established settings without reporting to Win95, there may be potential problems. The system works well most of the time, but not all the time.
HKEY _ user
HKEY users only contain default user settings and login user information. Although it contains the settings of all independent users, the user's settings are not available when the user is not logged on to the network. These settings tell the system which icons will be used, which groups are available, which start menu is available, which colors and fonts are available, and what options and settings are available on the control panel.
HKEY _ Current _ User
Used to save the information of current user and default user. HKEY current user only maps the information of the currently logged-in user.
Brief introduction of each primary key.
HKEY _ Local _ Machine
HKEY_LOCAL_MACHINE is the processing key of display control system and software. The HKLM key holds the system information of the computer. It includes all software settings on the network and hardware. (such as file location, registered and unregistered status, version number, etc.). These settings have nothing to do with users, because they are for all users who use this system.
HKEY _ LOCAL _ MACHINE \ AppEvents
In order to run client/server and other applications on thin clients in the future, the AppEvents key is blank in Win95/98. The application actually resides on a network server, and these keys contain some pointers.
HKEY _ LOCAL _ MACHINE \ configuration
This key stores all the different hardware settings on the computer (these settings can be created from the hardware configuration file in the system properties of the control panel). These configurations are usually copied to HKCC at startup. Each configuration will be saved with a key such as 000 1 or 0002. ), and each configuration is an independent configuration. If you only have a single configuration, you will only have the key 000 1.
HKEY _ local _ machine \ config \ 0001\ display
This key indicates display settings, such as screen font, table size, table position and resolution.
A hint: when Windows can't start (black screen) because it has set a large resolution that the computer doesn't support, it can be solved by modifying the resolution. Enter safe mode, run regedit.exe, change the data value in the key value of this key to low resolution 640,480 or 800,600, and then restart the computer.
HKEY _ LOCAL _ MACHINE \ Config \ 000 1 \ System
This key saves information about printers in the system.
HKEY _ LOCAL _ MACHINE \ Config \ 000 1 \ System \ current controlset \ Control \ Print \ Printers
Under this item, there is a key set for each printer on the system. Adjust this list by adding and removing printers through the control panel.
HKEY _ Local Machine \ Enumeration
The Enum key contains information about the hardware devices discovered at startup and those plug-and-play cards. Win95 uses bus enumeration through different. Ini file. The hardware installed and detected at startup will be displayed here. The subitems include BIOS, esdi, flop, htree, isapnp, monitor, network, root, SCSI and VIRTUAL. The subitem names represent their respective hardware device information.
HKEY _ LOCAL _ MACHINE \ enumeration \BIOS
The BIOS key stores the information of all plug and play devices in the system. They are listed with a set of codes, including a detailed description of each key. For example, *pnp0400 is the key of parallel port LPT 1. If LPT 1 does not have plug-and-play function, it will not be listed in the Root key under Enum.
HKEY _ LOCAL _ MACHINE \ enumeration \Root
The root key includes information about all non-plug and play devices. Here, we can quickly determine which devices are plug-and-play and which are not. For example, SCSI adapter, this device must conform to a hardware setting called ForcedConfig in Win95, and this will not change.
HKEY _ Local Machine \ Enumeration \ Network
The network function of win95 is described in detail in this key, which includes every major service and protocol installed.
HKEY _ LOCAL _ MACHINE \ Hardware
Hardware sub-item includes two multi-level sub-items: description item, which contains information of CPU and floating-point processor. There is also a device mapping key, and the serial key below it lists all your com ports. The hardware key only stores the information of HyperTerminal program, as well as the information of mathematical processor and serial port.
HKEY _ Local _ Machine \ Network
This key only saves network login information. All network service details are saved in the keyword HKEY local machine enumeration network. This key has a subitem logon, including lmlogon (local machine login? 0=false 1=true), logonvalidated (login must be verified), policy processing, main login mode (Windows login, Microsoft network client mode, etc. ), user name and user configuration.
HKEY _ Local _ Machine \ Security
Security has two subkeys, the first one is access (which eventually leads to a remote key listing network security resources, access rights, etc. ) and provisioning (including listing network addresses and address servers). This key is reserved for future use of advanced security features and NT compatibility.
HKEY _ Local _ Machine \ Software
This key lists the. Ini files of all installed 32-bit software and programs. It includes changes, depending on software installation. The control functions of these programs are listed in the subitems here. Most subitems just list the version number of the installed software.
We found some interesting settings under \ Microsoft \ Windows \ CurrentVersion, which have the following subitems:
1. application path: the location of all 32-bit software you have installed.
2.Applets, compression, controls folder: includes the property bar attachments of the lower control panel, such as display properties.
3.Detect, explorer: Many interesting subitems, such as the namespace item of Desktop and My Computer (indicating the CLSID line of recycle bin and dial-up network) and the prompt subitem, allow you to create your own prompts.
4. Extensions: list of extension contacts, currently associated extensions and target types that are more suitable than specific executable files.
5. Font, fontsize and FS template: the file system template, server, desktop computer or notebook computer information selected in the system attribute column.
6.MS-DOS simulation: including an application compatibility subkey for a large number of outdated program binary keys.
7.MS-DOS option: Settings in DOS mode, such as himem.sys, CD-rom, etc.
8. Network: Configuration of network drivers.
9.Nls, strategy: what the system administrator thinks you should not do.
10.ProfileList: A list of all user names that can log on to your computer.
11.The mystery of programs that run when Windows starts is that they are not in the Startup folder of the Start menu. They are executed in the subitem under HKEY _ Local _ Machine \ Microsoft \ Windows \ Current Version \.
Run: The program runs at startup.
RunOnce: windows initialization, the program only runs once at startup, and it is often used when the system needs to be restarted after installing the software, so this key is generally empty.
RunServices: It's just like Run, but it contains "services". It's not like an ordinary program. They are more important than "system" programs. But they are not vxd, just like McAfee or RegServ.
RunServicesOnce: only run once, but it is the installation of "the system itself" (a large number of windows installation parameters: usually the key values include the location of the system directory, the update of win95, optional installation components, and the subitems of the windows startup directory.
Note: In many hacker Trojan software, key values are often added here (usually in Run), which makes Trojan software start together with windows, which is very secret. Here you can check the abnormal startup items and get rid of useless running programs (for example, I really don't like the automatic server of Super Jieba, so I can get rid of it here).
12. Shared dll:* * List of shared dlls, and each dll gives a numerical ranking in the unknown system.
13.Shell extension: lists "recognized" OLE registration columns and corresponding CLSID connections.
14.ShellScrap: This contains a subitem, which contains an empty finite value, more like the derivation of the previous SmartDrive command line parameter.
15. Time zone: the primary key value is your current time zone; This subitem defines all possible time zones.
16. Uninstall: This will save the program display in the Add/Remove Programs dialog box; This subkey contains the path to the uninstaller. Similar to the installation wizard ...) winlogon (a text sentence containing legal login notification)
HKEY _ LOCAL _ MACHINE \ SYSTEM \ current control set
This subitem includes the description and control of device drivers and other services. Unlike windows nt, win95 only contains the control setting information of restricted drivers.
HKEY _ LOCAL _ MACHINE \ SYSTEM \ current Control set \ Control
This subitem includes the information in the win95 control panel. Don't edit this information, because some small programs have been changed in many places, and missing one will make the system unstable.
HKEY _ LOCAL _ MACHINE \ SYSTEM \ current control set \ Services
This key includes all the standard services of win95. For all added services and devices, each standard service key includes its settings and identification settings.
HKEY _ LOCAL _ MACHINE \ SYSTEM \ current control set \ Services \ Arbitrators
The atbitrators key contains information that needs to be solved when two devices * * * occupy the same settings. The four subkeys include memory address, conflict, DMA, I/O port conflict and IRQ conflict.
HKEY _ LOCAL _ MACHINE \ SYSTEM \ current control set \ Services \ Class
The category key includes the category control of all devices supported by win95, similar to the hardware group that appears when adding new hardware, and also includes information on how to install these devices.
HKEY _ LOCAL _ MACHINE \ SYSTEM \ current control set \ Services \ inetaccs
This key includes the availability of ie accessories related to this system change, which is only available when you install ie2. 0 or later.
HKEY _ LOCAL _ MACHINE \ SYSTEM \ current control set \ Services \ msnp 32
Msnp32 describes how the client can realize its functions in the Microsoft network, including the authentication process and the information of the authenticator.
HKEY _ LOCAL _ MACHINE \ SYSTEM \ current control set \ Services \ nwnp 32
Nenp32 key describes how windows client works in netware network, which includes information about authentication process and authenticator.
HKEY _ LOCAL _ MACHINE \ SYSTEM \ current control set \ Services \ remote access
This key includes information needed for remote work on win95 system, authentication parameters, host information and protocol information for establishing dial-up connection.
HKEY _ LOCAL _ MACHINE \ SYSTEM \ current control set \ Services \ SNMP
The key includes all parameters of snmp (Simple Network Management Protocol). It includes allowed management, configuration traps and effective communities.
HKEY _ LOCAL _ MACHINE \ SYSTEM \ current control set \ Services \ VxD
The vxd key includes all the 32-bit virtual device driver information in win95, which will be automatically managed by win 95, so there is no need to edit them with a registry editor, so the static vxd is listed with subitems.
HKEY _ LOCAL _ MACHINE \ SYSTEM \ current control set \ Services \ WebPost
The webpost key includes all the settings of the Internet post office. If you are connected to an isp and it is listed here, you should choose a server for yourself.
HKEY _ LOCAL _ MACHINE \ SYSTEM \ current control set \ Services \ Winsock
This key lists the information of the winnsock file when connecting to the internet. If incorrect files are listed, you will not be able to connect to the Internet.
HKEY _ LOCAL _ MACHINE \ SYSTEM \ current control set \ Services \ WinTrust
The function of Wintrust is to check whether the files downloaded from the Internet have viruses, which can ensure that you get clean and safe files.
HKEY _ Class _ Root
In the registry, the key class _ root is the key to control all data files in the system. This is the same in Win95 and Winnt. The key class _ root control key includes all file extensions and all files related to the execution file. It also determines the related applications that react when you double-click a file.
HKEY _ Class _ Root is used for programmers to send information conveniently when installing software. In Win95 and Winnt, HKEY _ class _ root and HKEY _ local _ machine \ software \ class are the same. Programmers don't need to worry about the actual location when running their startup programs. Instead, they just need to add data to HKEY _ class _ root.
Under the Windows user graphical interface, everything-every file, every directory, every applet, every connection and every driver-is regarded as an object. Each object has some related properties. HKCR contains a list of object types and their attributes. The main function settings of HKCR are as follows:
Object types are associated with file extensions.
Object types are associated with icons.
Association between object types and command-line operations
Define menu options related to object types, and define attribute options for each object type.
In Win95, the relevant menu is the menu that pops up when you right-click an object; When you select a property item, the property is an expanded dialog box. In short, changing the settings in HKCR can change the default association of a given file extension. Change the default icon of file type, and add or delete the contents of the pop-up menu for a given object type (or all object types).
HKCR includes three basic types of subitems.
\ or file extension subitem
The file extension subitem connects the file extension to the object type and related operations, property items, and related operations on the pop-up menu.
\ Child of type \object
The object type subitem defines the items of the object type in the default icon, pop-up menu and attribute items, related operations and CLSID connections.
\CLSID subitem
Under Windows, everything is handled by numbers instead of names. Just as people tend to use names to deal with things. CLSID is a number that identifies all listed icons, applications, directories, file types, etc. It is assigned by Microsoft to vendors, and each one must be unique. The manufacturer puts CLSID in the installer file so that the registry can be updated during installation.
The registry is a database, and applications need instructions to perform operations at runtime. For example, suppose you have a Word 7 document of a Microsoft Excel 7 spreadsheet. When you double-click the spreadsheet in Word, the application menu will become the menu of Excel, and the spreadsheet will enter the editing state, just as you did in Excel. How does it know what to do? Every file created by Excel 7 has a CLSID connection of Excel. After reading the CLSID, Word looks up the instruction in the registry and runs it. DLL files or applications, depending on the data under CLSID.
The CLSID subitem provides OLE and DDE information and icons for the object type. Related menus, or attribute item information contained in its subitems. This may be the key that most people feel "horrible" after seeing it. Each CLSID number must be unique. In fact, for this purpose, Microsoft has made a CLSID generator. Therefore, you often get a 32-bit numeric string of 16. Unless you are a programmer, most keys look boring. They include memory management mode, client/server configuration and. Dll connections handled by OLE.
A note on subitems
1) shell: the shell key has an "action" subkey, just like "open", and there is a command subkey here; The command subitem has a default sentence value, which contains the command line to run the program. Placing the "open" subkey in the shell subkey of an object type will add the "open" option to the pop-up menu of the object type, and giving the open subkey a command subkey will make the notebook the default application when opening the object type. Other operation options include viewing, printing, copying, virus, scanning, etc.
2)Shellex:Shellex key has a subkey. Each subitem they contain points to a CLSID item that performs OLE and DDE functions for the object type (for example, a quick look, a menu processing subitem points to a CLSID item with a sentence value and lists it. Dll files with file browsing function).
3)shellnew:ShellNew contains a "command" statement, which contains a command line to open a "new" file of an object type.
4)DefaultIcon:DefaultIcon subitem contains a "default" sentence. /div & gt;