Section 8.1. What s in the Registry


8.1. What's in the Registry

Data in the Registry is stored in individual pieces called values . Every value has a name and is capable of holding one of several types of data. Values are grouped and organized in keys , which are represented by Folder icons in Registry Editor. Keys can also contain other keys, thereby forming the basis for the hierarchy in the Registry. Like Explorer, Registry Editor arranges the keys in a collapsible tree structure, allowing you to navigate through the branches to locate a particular key, and hence, all the values contained therein.

Often, in order to view or modify a certain key or value, one must follow a Registry path . A path is merely a series of key names , separated by backslashes (\), used to specify an absolute location in the Registry. For example, to navigate to HKEY_CURRENT_USER\Control Panel\Keyboard , simply expand the HKEY_CURRENT_USER branch by clicking on the plus sign (+) next to it, then expand the Control Panel branch, and finally click on the Keyboard key name to display its contents. The path leading to the currently highlighted key is always shown at the bottom of the Registry Editor window.

It's easy to get confused about keys and values. In fact, value names sometimes appear at the end of a path, although this is mostly a holdover from the early days of the Registry. It's important to realize that only values can contain data, while keys are only used to organize valuesjust like files and folders in Explorer, respectively. Note that unlike folders in Explorer, keys never appear in the right pane of the Registry Editor window, even though keys can contain other keys.


Every key contains a value named (Default) . If the default value contains no data, you'll see (value not set) , as in Figure 8-1. If a given key contains other values, they will be listed below the default value. To modify the data stored in a value, simply double-click on the value name, or highlight it and select Modify from the Edit menu. To rename a value, which is not the same as changing its data, highlight it and press F2 or right-click it and select Rename.

For example, if I wanted to change the location of my Word Startup Folder, I could navigate to HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\Word\Options , double-click on the Startup-Path value, and use the edit dialog box shown in Figure 8-1 to type new data.

Figure 8-2. Editing a string value to change Microsoft Word Startup directory

The data stored in the Startup-Path value is a string of text, which means that Startup-Path is a string value (the most common type). There are seven types of values in all, each having a common name and a symbolic name (shown in parentheses in the following list). While all value types can be viewed and modified in Registry Editor, only three can be created.


String values (REG_SZ)

String values contain strings of characters , more commonly known as text. Most values of interest to us are string values; they're the easiest to edit and are usually in plain English. In addition to standard strings, there are two far less common string variants, used for special purposes:


String array value (REG_MULTI_SZ)

Contains several strings (usually representing a list of some sort ), concatenated (glued) together and separated by null characters (ASCII code 00). You can't create these in the Registry Editor, but you can edit them. The dialog used to modify these values is the same as for binary values. Note that the individual characters in REG_MULTI_SZ keys are also separated by null characters, so you'll actually see three null characters in a row between multiple strings.


Expanded string value (REG_EXPAND_SZ)

Contains special variables into which Windows substitutes information before delivering to the owning application. For example, an expanded string value intended to point to a sound file may contain %SystemRoot%\media\startup.wav . When Windows reads this value from the Registry, it substitutes the full Windows path for the variable, %SystemRoot% ; the resulting data then becomes (depending on where Windows is installed) c:\windows\media\startup.wav . This way, the value data is correct regardless of the location of the Windows folder. You can't create these in the Registry Editor, but you can edit them.


Binary values (REG_BINARY)

Similarly to string values, binary values hold strings of characters. The difference is the way the data is entered. Instead of a standard text box, binary data is entered with hexadecimal codes in an interface commonly known as a hex editor . Each individual character is specified by a two-digit number in base-16 (e.g., 6E is 110 in base 10), which allows characters not found on the keyboard to be entered. See Figure 8-2 for an example. Note that you can type hex codes on the left or normal ASCII characters on the right, depending on where you click with the mouse.

Binary values are often not represented by plain English and, therefore, should be left unchanged unless you either understand the contents or are instructed to do so by a solution in this book.

Figure 8-3. Binary values are entered differently from the common string values, but the contents are sometimes nearly as readable


DWORD values (REG_DWORD)

Essentially, a DWORD is a number. Often, the contents of a DWORD value are easily understood , such as for no and 1 for yes, or 60 for the number of seconds in some timeout setting. A DWORD value is used only where numerical digits are allowed; string and binary types allow anything.

In some circumstances, the particular number entered into a DWORD value is actually made up of several components , called bytes. The REG_DWORD_BIGENDIAN type is a variant of the DWORD type, where the bytes are in a different order. Unless you're a programmer, you'll want to stay away from these types of DWORD values.


The DWORD format, like the binary type, is a hexadecimal number, but this time in a more conventional representation. The leading 0x is a standard programmer's notation for a hex value, and the number is properly read from left to right. The equivalent decimal value is shown in parentheses following the hex value. What's more, when you edit a DWORD value, the edit dialog box gives you a choice of entering the new value in decimal or hex notation.

In general, if a value is stored in binary or DWORD format, you can guess that it was either programmatically generated or the program's author wished to make the value a little more obscure and difficult to edit. However, if you know what you are doing, you can edit binary or DWORD values almost as easily as you can string values. For example, if I want to lie to my friends to tell them I've won 435 games of FreeCell rather than just one, I simply need to double-click on "wins" and edit the value as shown in Figure 8-3.

Figure 8-4. Editing a DWORD value to alter the number of games won in FreeCell

Even if you're not a programmer, you can figure out hexadecimal values pretty easily with the Windows Calculator ( calc.exe ; see Chapter 4). Just enter the number you want to convert and click the Hex radio button to see the hexadecimal equivalent; 435 decimal is equal to 1B3 hex. Note, however, that hex values stored in binary Registry values are displayed in a somewhat unconventional format, in which the lowest -order digits appear first, followed by the next-higher pair of digits, and so on. In other words, the digits in a binary value are paired, and their order reversed : the hex value 1B3 thus needs to be entered as B3 01 . If you want to convert a binary value shown in Registry Editor to decimal, you'll have to reverse this notation. For example, to find the decimal equivalent of 47 00 65 6e , set Calculator to hexadecimal mode and enter 6e650047 , and then switch to decimal mode to display the decimal equivalent, 1,852,112,967 .

If you aren't sure about the meaning of a specific Registry value, don't be afraid to experiment. Experimenting might include editing a value with Registry Editor, but it might be easier or safer to work from the other end: open the application whose data is stored there (e.g., a Control Panel applet), change a setting, and watch how the Registry data changes. In this way, you can derive the meaning of many binary-encoded values. Note that while the Registry data will often change immediately, you may need to press F5 (Refresh) to force Registry Editor to display the newly affected data.It's a good idea, though, to make a backup copy of a Registry key before making any changes. See Section 8.2 and Section 8.6 later in this chapter for details.


Figure 8-3 shows an additional value, called "wins," which I entered into the FreeCell key using Registry Editor Edit New DWORD Value. This example illustrates a very important point: a Registry entry is superfluous unless a program actually reads it. You can enter new keys and values all you like, with the only consequence being that you've bloated your Registry. (Note that there are sometimes undocumented Registry values that are meaningful to a program but that are not normally present; adding them to the Registry can make useful changes; see Windows Me Annoyances by David Karp [O'Reilly] for several examples.) The chief concern is in deleting or modifying existing entries; the odds of randomly creating a value that an application might be looking for are extremely small.

I take advantage of this fact by occasionally leaving myself notes in new Registry values. For example, before modifying a value, I might place a backup of its data in a new value in the same key. The application will ignore it, and it has sure come in handy for me to have a record of the original value!

A final note: any changes made in Registry Editor are saved automatically and immediately; there's no "undo" command in Registry Editor, and the automatic Registry backups made by Windows are of little use when small changes are made. The saving grace is the use of Registry patches, discussed later in this chapter.



Windows XP in a Nutshell
Windows XP in a Nutshell, Second Edition
ISBN: 0596009003
EAN: 2147483647
Year: 2003
Pages: 266

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net