Working with Windows Registry – Part 1

  Every Windows user, at some point of time in his interaction with the Windows OS, definitely comes across the term ‘registry’ and might even work on it. However, in most of the cases, user interaction with the Registry occurs in the GUI form (i.e. via the Registry Editor  a.k.a. regedit.exe). Here, we shall be working with registry from a programmer’s viewpoint, and the tasks will be performed through code rather than the GUI. Let’s begin with the introduction.

Working with Registry – Introduction

The Windows Registry is a very large hierarchical database for storing System Configuration and Application Information. Working with registry is necessary for anyone who intends to develop applications for Windows. Here, we shall be working with registry using Windows API.

 

  •  We access the registry through the registry keys (or keys), which are somewhat similar to the File System directories.
  • A key is like a directory. Just as a directory has files & sub-directories inside it, a registry key has values & sub-keys.
  •  A value is like a file. Just as a file has a name and contains some data, a value also has a name & stores some data.
  •  A key can contain other keys or key/value pairs.
Working With Registry using Windows API

Working With Registry using Windows API

The registry contains the following types of information concerning the Computer’s hardware, the Windows O.S. and the installed applications :

1. Processor type, number of processors, memory etc.

2. Windows version number, build number and the registered user.

3. Data of various installed applications, like Application Name, Application Creator i.e. Company Name or Developer Name, Version number etc.

4. User-account names, user preferences etc.

5. Mappings from file name extensions to programs. (This feature links a file extension with a program which can open that particular type of file. For example, .docx is linked to Microsoft Word, .wmv is linked with Windows Media Player and so on.)

Components of the Registry


There are FIVE most important keys in the registry. They are the top-level keys and all the other registry keys can be accessed from these FIVE keys. These are listed below :

1. HKEY_CLASSES_ROOT
2. HKEY_CURRENT_USER
3. HKEY_LOCAL_MACHINE
4. HKEY_USERS
5. HKEY_CURRENT_CONFIG

 

1. HKEY_CLASSES_ROOT : It contains subordinate entries to define mappings from file extensions to applications used by the shell to access objects with the specified extension. All the keys necessary for Microsoft’s Component Object Model (COM) are also subordinate to this key. (In this part of the registry, various file extensions are linked to appropriate programs).

 

2. HKEY_CURRENT_USER : It contains user specific info, including environment variables, printers, and application preferences that apply to the current user.

 

3. HKEY_LOCAL_MACHINE : It stores information about the computer’s hardware, along with information about installed software. The information about the installed software is generally created in subkeys of the form SOFTWARE/CompanyName/ProductName/Version e.g. SOFTWARE/CPUID/CPU-Z/1.67

 

4.  HKEY_USERS : It defines user configuration information.

 

5. HKEY_CURRENT_CONFIG : It contains the current settings, such as display resolution and fonts.

Working with Registry using Windows API – Video

 

In the above video, the left pane shows the keys and the right pane shows the values inside a particular key. To modify data contained in a value, you can right-click any value name and then click on ‘Modify’. Avoid playing with the Registry unless you know what you’re doing. It can mess up your Computer very badly.

Registry Management using API functions

Although Windows users generally manipulate the registry (i.e. create/edit/delete keys using the Registry Editor, we shall be using the registry API functions for accomplishing these tasks here. Registry management functions can query and modify key/value pairs and data and also create new subkeys and key/value pairs. Key handles of type HKEY are used both to specify a key and to obtain new keys.

There are two categories of functions here :

1. Key Management Functions : These functions are used to create, open, close and delete keys. These functions are listed below :

a) RegCreateKeyEx () – This function creates a new key.

b) RegDeleteKey () – This function deletes an existing key.

c) RegOpenKeyEx () – This function opens an existing key.

d) RegCloseKey () – This function closes an open key handle.

e) RegEnumKeyEx () – This function enumerates (i.e. creates a list of) subkeys of an open registry key. It retrieves the key name, class string, and the time of last modification of each subkey.
 

2. Value/Data Management Functions : These functions are used to read and set the values of data contained in existing keys. These functions are listed below :

a) RegEnumValue () – This function enumerates the value names & corresponding data for a specified open key. You need to specify an index (which is originally 0 and gets incremented in subsequent calls).
b) RegQueryValueEx () – This function performs the same task as RegEnumValue (). The difference is that you need to specify a value name instead of an index. It can be used if you already know the value names.
c) RegSetValueEx () – This function is used to set the data corresponding to named value inside the open key. You need to specify the key, value name, data type, and data.
d) RegDeleteKey () – This function is used to delete named values.
The details of these functions and their use have been discussed in subsequent articles.

 

How to Create a Registry Key
How to Open, Edit or Delete a Registry Key

Read How to Backup the Registry before making any changes to your computer’s registry. This article is the first part of the Working with Registry series.

(Visited 1,364 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *