Understanding The Registry Editor
When it comes to hacking Windows, we need to know how to use the Registry which contains the underlying organization of the entire OS. The Registry is the single best tool available for hacking in windows, so we shouldn’t fear the Registry. The Registry is a hierarchical database of information that defines exactly how your system works, including virtually every part of Windows and its applications. Windows contains so many different settings and customizations that it simply wasn’t possible for Microsoft to build a graphical interface for every conceivable option. And many times it’s easier, and you get more options when you edit the Registry instead of using the graphical Windows interface. You can use Windows without ever editing the Registry—many users do—but advanced users understand its power tool status.
The Five Logical Registry Hives:
The Registry has thousands of settings. In fact, it often has tens of thousands of them. They are organized into five main Registry sections, called Registry hives. Think of each have as a root directory. Each hive has a different purpose but the settings in different hives may be exactly same.
1. HKEY_CLASSES_ROOT
This hive contains information about file types, filename extensions, and similar information and how to handle them.
2. HKEY_CURRENT_USER
This hive contains configuration information about the system setup of the user that is currently logged in to Windows which manages user’s rights & network connection.
3.HKEY_LOCAL_MACHINE
This hive contains information about the computer itself, as well as the operating system including the entire hardware setup and the installed software.
4. HKEY_USERS
This hive contains information about every user profile on the system.
5. HKEY_CURRENT_CONFIG
This hive contains information about the current hardware configuration of the system
Using Keys and Values
Each hive is at the top of the hierarchy, and underneath each hive are keys, which can in turn contain subkeys, and those subkeys can contain subkeys, and so on, organized in folder like fashion, much like a hard drive.
A key can contain one or more values. Here are the six primary datatypes of values in the Registry:
REG_SZ (string value)
This datatype is easy to understand and edit because it is made up of plain text and numbers. It is one of the most common datatypes in the Registry.
REG_MULTI_SZ (string array value)
This datatype contains several strings of plain text and numbers. The Registry Editor will let you edit these values, but it won’t let you create them.
REG_EXPAND_SZ (expanded string value)
This datatype contains variables that Windows uses to point to the location of files. For example, to point to the location of the nature theme file, the expanded string value in the Registry is %SystemRoot%\resources\Themes\nature.theme.
REG_BINARY (binary value)
This datatype is made up of binary data: 0s and 1s. As a general rule, you won’t edit binary values; instead you’ll edit string values because they’re made up of text and numbers.
REG_DWORD (DWORD values)
This datatype is represented as a number. Sometimes a 0 turns on the key or a 1 turns off the key, though it can use other numbers as well. While you see and edit the value as a number, such as 456, the Registry itself views the number as a hexadecimal number, 1C8.
REG_QWORD (QWORD values)
This is like REG_DWORD, except that it can hold larger values. A DWORD holds 32 bits (D stands for double, and Q stands for quad), and a QWORD holds 64 bits.
This is the basic things we need to understand about the Registry Editor in order to use it and handle it properly. In the next blog, I will put some examples so that every one can understand the power of registry editor.
**Avert disaster by backing up the Registry so that you’ll
always be able to revert to a clean copy.