The Registry may be a dangerous tool, but you can
mitigate that danger somewhat by becoming familiar with the layout of
the Registry and what it various bits and parts are used for. This will
help you avoid sensitive areas and stick to those Registry
neighborhoods where it’s safe to poke around. The next few sections
introduce you to the major parts of the Registry.
Navigating the Keys Pane
The
Registry Editor is reminiscent of Windows Explorer, and it works in
sort of the same way. The left side of the Registry Editor window is
similar to Explorer’s Folders pane, except that rather than folders,
you see keys. For lack of a better phrase, I’ll call the left pane the Keys pane.
The
Keys pane, like Explorer’s Folders pane, is organized in a tree-like
hierarchy. The five keys that are visible when you first open the
Registry Editor are special keys called handles (which is why their names all begin with HKEY). These keys are collectively referred to as the Registry’s root keys. I’ll tell you what to expect from each of these keys later (see the section called “Getting to Know the Registry’s Root Keys” later in this chapter).
These
keys all contain subkeys, which you can display by clicking the arrow
to the left of each key, or by highlighting a key and pressing the
plus-sign key on your keyboard’s numeric keypad. To close a key, click
the minus sign or highlight the key and press the minus-sign key on the
numeric keypad. Again, this is just like navigating folders in Explorer.
You often have to drill down several levels to get to the key you want. For example, Figure 1 shows the Registry Editor after I’ve opened the HKEY_CURRENT_USER key, and then the Control Panel subkey, and then clicked the Mouse
subkey. Notice how the status bar tells you the exact path to the
current key, and that this path is structured just like a folder path.
Note
To
see all the keys properly, you likely will have to increase the size of
the Keys pane. To do this, use your mouse to click and drag the split
bar to the right. Alternatively, select View, Split, use the
right-arrow key to adjust the split bar position, and then press Enter.
Understanding Registry Settings
If
the left side of the Registry Editor window is analogous to Explorer’s
Folders pane, the right side is analogous to Explorer’s Contents pane.
In this case, the right side of the Registry Editor window displays the
settings contained in each key (so I’ll call it the Settings pane). The Settings pane is divided into three columns:
Name— This column tells you the name of each setting in the currently selected key (analogous to a filename in Explorer).
Type— This column tells you the data type of the setting. There are six possible data types:
REG_SZ— This is a string value.
REG_MULTI_SZ— This is a series of strings.
REG_EXPAND_SZ—
This is a string value that contains an environment variable name that
gets “expanded” into the value of that variable. For example, the %SystemRoot% environment variable holds the folder in which Windows 7 was installed. So, if you see a Registry setting with the value %SystemRoot%\System32\, and Windows 7 is installed in C:\Windows, the setting’s expanded value is C:\Windows\System32\.
REG_DWORD—
This is a double word value: a 32-bit hexadecimal value arranged as
eight digits. For example, 11 hex is 17 decimal, so this number would
be represented in DWORD form as
0x00000011 (17). (Why “double word”? A 32-bit value represents four
bytes of data, and because a word in programming circles is defined as
two bytes, a four-byte value is a double word.)
REG_QWORD—
This is a quadruple word value: a 64-bit hexadecimal value arranged as
16 digits. Note that leading zeros are suppressed for the high 8
digits. Therefore, 11 hex appears as 0x00000011 (17), and 100000000 hex appears as 0x1000000000 (4294967296).
REG_BINARY— This value is a series of hexadecimal digits.
Data— This column displays the value of each setting.