CSCI 2150
Windows XP Registry

Structure of Registry

Remember from last week's discussion that *.ini files, the "pre-registry" method of configuration of windows and other files, are divided into sections using a section name enclosed in square brackets. The section name is followed by a line defining an element using the format "keyname=value".

One of the problems with this method of configuration is that an *.ini file is a text file, and therefore limits the user to configuring things only in text. Another problem is that an *.ini file is flat. For example, assume that I want to configure the default window size for Windows Explorer™, Notepad™, and Paint™. I would need to have a separate *.ini file for each of these applications. The Windows registry stores data in a tree format allowing for categories all the way from top system level configuration down to the smallest details of the applications.

Each node of the registry tree is called a key. Each key can contain subkeys and/or data values. The data values can take on a number of formats including:

• 32- or 64-bit integers
• one or more strings
• raw binary data

One similarity that both *.ini files and the registry share is that the information within the registry is accessible through functions available in Microsoft Studio products. For example, RegQueryInfoKey() retrieves information about a specific key from the registry. Possible types of information include number of subkeys, number of values associated with the key, the key's values, and the last time the key was written to. Microsoft provides an exhaustive reference for developers at their MSDN website.

A user logged onto a Windows XP machine as an administrator may manually edit the registry. Editing includes:

• Finding a key and identifying values for it
• Adding a keys and values
• Changing values
• Deleting keys or values
• Renaming keys or value names

In this set of lab notes, a registry entry will be identified using the standard Windows file folder\file notation. For example, the VIDEO key highlighted in the Registry tree below is a subkey of DEVICEMAP which in turn is a subkey of HARDWARE which is a subkey of HKEY_LOCAL_MACHINE. In these notes, this would be referred to using the string HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\VIDEO.

Note that the window in the previous figure is from an application called the Registry Editor or "regedit." To open the Registry editor, select "Run" from the "Start" menu and type "regedit" in the "Open" text box. Clicking "OK" will open this application. The left pane in the window contains the tree of keys and subkeys. The value names, data, and types appear in the right pane.

Exporting

CAUTION: Modification of the Windows Registry may render a system useless. Edit the Registry at your own risk. Do not perform this lab using the CSCI hard drives installed in the machines. Be sure to use only your XP installation on your own hard drive.

Before doing anything with the Registry, you should back up the Registry as a safety precaution. Perform the following steps on your XP installation to perform a registry backup.

1. From the Start menu, select Programs -> Accessories ->System Tools -> Backup
2. The window that pops up will most likely be the "Backup or Restore Wizard." Click on the link titled "Advanced Mode."
3. Click the "Backup" tab.
4. From the "Job" menu, click "New".
5. Under "My Computer," you should see a sub category titled "System State." Placing a check in the box next to "System State" will back up your system state data. This includes the registry along with the system boot files.
6. "File" should be selected in the "Backup destination list" below which should be a field for you to enter the path and name of the file under which you can store the backup.
7. Click on "Start Backup."
8. In the "Backup Job Information" dialog box that appears, you may select whether to append this data to existing data in the file (if a previous back up exists) or to overwrite the data with the new backup.
9. Click Advanced, then from the dialog box that appears, select "Verify data after backup."
10. Scrolling through the available values under Backup Type allows you to see a description of each one in the field below the box. For this export of the registry, simply select "Normal."
11. Click OK to close the "Advanced" box, then click "Start Backup" to begin the backup. A Backup Progress dialog box should appear.
12. When the backup is finished, click "Close."

Individual subkeys may be backed up without going through the process of backing up the entire Registry. Use the following steps to do this.

1. Open the Registry editor by selecting "Run" from the "Start" menu, typing "regedit" in the "Open" text box, then clicking "OK".
2. Using the Registry tree, highlight the key you wish to save.
3. From the "File" menu, select "Export." (You can also right-click on the key and from the context-specific menu select "Export.")
4. Using the file dialog box that appears, select the folder and file name under which you wish to save the key. The file should have the ".reg" extension.

Restoring Registry

To restore the entire Registry and all other system data backed up using Windows Backup, use the following steps.

1. From the Start menu, select Programs -> Accessories ->System Tools -> Backup
2. The window that pops up will most likely be the "Backup or Restore Wizard." Click on the link titled "Advanced Mode."
3. Click the "Restore and Manage Media" tab.
4. In the window that appears, you should be able to select which file to restore from. Clicking on the plus sign next to the file should allow you to select system state.
   
   
   
5. Place a check in the box next to "System State."
6. Select "Original location" from the "Restore files to:" box. This will put the system state back in the locations where the operating system will use them. The "Alternate location" and "Single folder" options are used primarily for files that are to be restored.
7. From the "Tools" menu, select "Options." This allows you to specify how the files will treat existing files. If you are restoring components of the operating system, you need to click "Always replace the file on my computer."
8. Click "Start Restore."
9. Note: When restoring the system state, you will get a warning that the current system state will be overwritten. Confirm this.
10. When the restore is complete, click on "Close."

To restore a key from an exported file, find the file using Windows Explorer. Double clicking on the *.reg file allows you to add all of the registry information contained in the file to the Registry.

Registry Data Types

Just like programs, a database can define the type of number a value or variable is to represent. The following table is a modification of the Registry data types taken from the MSDN Registry Reference.

• REG_BINARY: Binary data in any form.
• REG_DWORD: A 32-bit number.
• REG_MULTI_SZ: A sequence of null-terminated strings, terminated by an empty string (\0). The final string is terminated with two nulls (\0\0).
• REG_NONE: No defined value type.
• REG_QWORD: A 64-bit number.
• REG_SZ: A single null-terminated string.

Finding Keys

If you're familiar with Windows Explorer, you should be able to navigate the Registry Editor interface without any problems. As an exercise, open the Registry Editor. Remember that you open the Registry editor by selecting "Run" from the "Start" menu, typing "regedit" in the "Open" text box, then clicking "OK". Now, find the key \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector. Highlight this key and see if the data values make sense. You should also be able to see the data types.

The order of elements in the Start -> All Programs menu can also be found in the registry. Find the key \HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs. The subkeys to this key should be the list of programs identified in the Start->All Programs menu.

Modifying an Existing Key

This section will take you through the modification of a simple Registry value.

1. Find the key \HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz. This value determines the number of days between times when Windows runs the Desktop Cleanup Wizard. The default is 60 days. There is no method to modify this value without going into the Registry.
2. Right-click on the value name "Days between clean up."
3. From the context-specific menu that appears, select "Modify."
   
   
   
4. Click on the "Decimal" radio button. The value in the "Value data:" window should change to 60.
5. Modify this value to 30.
6. Click "OK" and verify that the value changed in the right pane of the Registry Editor.

Notice that the "Last time run" for the Cleanup Wizard is also maintained in the Registry.

Creating a New Key

The Registry Editor can also be used to create a new key. The following steps come from the Microsoft Support Website's page titled "How to back up, edit, and restore the registry in Windows XP and Windows Server 2003. These steps create a new subkey named "TestSubkey" to the \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft subkey.

1. Use the Registry Editor to navigate to the key \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.
2. Highlight the Microsoft key by clicking on it.
3. From the "Edit" menu, select "New," then click "Key." (Note that you can also do this by right-clicking in a blank area of the right pane and selecting "New" from the context-specific menu.)
4. A new key should appear highlighted below the Microsoft key allowing you to name it. Type "TestSubkey" without the quotes into this field.
5. You can rename a key by highlighting the key and pressing the F2 key. Highlighting the key and selecting "Rename" from the "Edit" menu will do the same thing.

Adding a Value to a Key

Creating a key doesn't give it a value. You must do this manually. Use the following steps to add a value to our new key.

1. Using the left pane of the Registry Editor, navigate to the \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TestSubkey key and highlight it.
2. From the "Edit" menu, select New -> String Value. In the right pane, a new value should appear with type "REG_SZ."
3. For the name of the value, type "TestSZ" without the quotes.
4. Right-click the "TestSZ" name and select "Modify."
5. Enter "This is my test string" (without the quotes) or some other such nonsense for a value. The Registry Editor window should now look something like the following figure.

Deleting a Key

You can delete the key we created above by simply right-clicking on the key name and selecting "Delete" or by selecting "Delete" from the Edit menu.

Starting in Safe Mode

The complexity of a system sometimes makes it susceptible to errors, especially during boot. If your machine is experiencing problems, it is possible to boot it in "safe mode". Safe mode loads only the basic files and drivers such as those needed for the keyboard and mouse, base video, and access to the hard drive and other mass storage devices such as the CDROM. It is possible to boot into safe mode with networking. From safe mode, it is possible to:

• remove a device to determine if it is causing the problem;
• restore the last known good configuration from the registry; or
• backup files in case repairing the operating system is not possible.

"Last Known Good Configuration" rolls back the registry to the state saved at the last shutdown making it possible to fix problems caused by things such as incorrectly installed drivers. If, however, your problem is a result of missing or corrupted O/S files, "Last Known Good Configuration" will not solve the problem.

Use the following steps to start your computer in safe mode.

1. From the start button, select "Shut down" or "Turn of computer"
2. Once the computer is rebooting and the BIOS screen has cleared, press the F8 key.
3. From the options that appear, select the safe mode that you wish to use.

Developed by David Tarnoff for CSCI 2150 -- Computer Organization at ETSU