Windows Registry(English Windows Registry), or the system registry - a hierarchically built database of parameters and settings in most operating systems Microsoft Windows.

The registry contains information and settings for hardware, software, user profiles, presets. Most of the changes in the Control Panel, file associations, system policies, the list of installed software are fixed in the registry.

The Windows Registry was introduced to organize information that was previously stored in many INI files, provide a single mechanism (API) for writing and reading settings and getting rid of the problems of short names, lack of access rights and slow access to ini files stored on the file system FAT16, which had serious performance problems when searching for files in directories with a large number of them. Over time (finally - with the advent of file system NTFS) problems solved by the registry have disappeared, but the registry remains due to backward compatibility, and is present in all Windows versions, including the last one. Since there is currently no real prerequisite for using such a mechanism, Microsoft Windows is the only operating system in use today that uses the operating system registry mechanism. In general, the Registry is a rudiment.

The Windows Registry as it stands.

The registry, as it is used by Windows and as it is seen by the user in the process of using registry programs, is formed from various data. To get what the user sees when editing the registry, the following happens.

Initially, during the installation (installation) and windows settings, files are formed on the disk that store part of the data regarding the system configuration.

Then, during each system boot, as well as during each login and logout of each of the users, a certain virtual entity is formed, called the "registry" - the REGISTRY\ object. The data for the formation of the "registry" is partly taken from the same files (Software, System ...), partly from the information collected by ntdetect during boot (HKLM\Hardware\Description).

That is, part of the registry data is stored in files, and part of the data is formed during the Windows boot process.

To edit, view and explore the registry standard means Windows (programs regedit.exe and regedt32.exe) it is the registry branches that are available. After editing the registry and / or making changes to it, these changes are immediately written to the files.

However, there are third-party programs that allow you to work directly with files.

Registry optimization programs, tweakers, as well as program installers and uninstallers work through special registry functions.

Where are the Windows registry files located?

The registry files are located in the windows\System32\config\ folder, there is also a user registry key - in the %userprofile%\ntuser.dat file.Backup copies of the registry files are located in the windows\System32\config\RegBack folder.

What are the main sections (bushes) of the registry?

HKEY_CLASSES_ROOT section

This is the main Windows registry key, it contains file associations that associate file types with programs that can open and edit them, and class registrations for Component Object Model (COM) objects. The latter provides an opportunity to change an incredible number of rules for the behavior of the system - you should not do this without a good reason.

HKEY_CURRENT_USER section

It stores the settings for the current active user. The branch stores user folders, various personal settings and control panel settings. This information interacts directly with the user's profile. This branch consists of several subsections that contain paths sound files, used for voicing system events; various data that can be changed in the control panel, such as the ordering of icons; information about the current keyboard layout, user application settings, etc.

HKEY_LOCAL_MACHINE section

The configuration settings that apply to this computer are stored here (the settings are set simultaneously for all users). For example, it contains information about the configuration of the computer, installed drivers and programs, port names, file system settings, etc.

HKEY_USERS section

This branch contains information about the profiles of all users this computer(username, desktop settings, etc.). Also, this section stores default settings for the desktop, Start menu, etc. They are needed when New user logs in for the first time. At this point, the default settings are copied to his profile, and all further changes made by the user will be saved in this branch.

HKEY_CURRENT_CONFIG section

The key is responsible for Plug & Play devices and contains information about the current configuration of a computer with a variable composition of devices, such as flash cards, printers, faxes, external drives and so on. This section also contains information about the current hardware profile that is used by the computer when the system starts.

HKEY_DYN_DATA

This section is available only in the OS registry Windows families 9x/ME. Contains dynamically changing data about the computer (processor load, paging file size, etc.)

How to edit the registry?

Everything is simple in Windows search recruiting regedit and run the registry editor as an administrator. Before performing any operations in the registry, you must make a backup copy! If something goes wrong, it will be possible to return to the working version of the registry.

Registry optimization.

There is a debate about whether to optimize the Windows registry. I would say so for more weak computers optimization is more useful than for powerful ones. But there is one more nuance, sometimes not cleared registry settings can cause software and hardware crashes and conflicts, so I recommend cleaning the registry from unnecessary data.

In addition, the registry fragments over time, this is also due to purges. Therefore, for those who do registry cleaning all the time, I also recommend sometimes doing registry defragmentation.

To optimize the Windows registry, you can use programs, WinOptimizer, Reg Organizer, Auslogics Boostspeed.

If you have any questions, watch the video above.

Today we will try to get into the Windows registry from the back door, without using the regular WinAPI functions intended for this. What will it give us in the end? The ability to write and read from the registry directly, bypassing the restrictions set by the developers of anti-virus solutions!

Looking ahead, I will note: this topic is interesting, but there is a whole set of serious problems. Although who said that we can't do it? 🙂

What is a register, or some lyrics

From an operating point of view Windows systems, the registry is a unique pantry. This peculiarly built hierarchical database stores settings, data, registration information and other crap about almost everything in the system, from programs to the settings of a particular user. Almost everything is stored in the registry. Despite the fact that some programs prefer to store their settings in ini-configs (especially programs written for Win 3.11. - Ed.), Windows itself reads all the necessary information about itself from the registry. In fairness, we note that in * nix-like operating systems, the system for storing settings in various configs still dominates.

Beginners - system administrators at the beginning of work with the registry, senior comrades are afraid that wrong setting and changing registry settings can completely overwhelm the system with its subsequent reinstallation. And indeed it is.

For example, the so-called restore points are copies of the registry. They are widely used by users when various problems operating system, software and hardware.

I must say that 99% of the information about the Windows registry is a description of the main keys plus tips on how to work with them. But how does the operating system itself work with the registry? And can we emulate her actions? Let's discuss a little.

So what?

The registry is both strong and weak side Windows. The strength of the registry is that there is no need for software developers to manipulate a bunch of configs, as is, for example, implemented in nix. The registry is also convenient for the creators of COM components - the system automatically registers such a component in the registry and facilitates the task of its further use.

The weakness of the registry is that access to modify sensitive areas of the registry allows you to control Windows any a program written by some new-found malware. Remember at least the most famous branch of the Windows registry, which allows you to run programs at the start of the OS :).

If in Windows 98 the registry could be repaired by anyone who thought of it, then starting with Windows XP, only users with account administrator. In Vista+, registry access is protected by UAC. It is understandable.

It must be admitted that with the release of Win7, the concepts of security when working with the registry have been revised for the better. For example, the HKEY_LOCAL_MACHINE key branch of the registry is under protection. In general, an attempt to write something to it will be redirected to the corresponding HKEY_CURRENT_USER branch for the current user.

Interface

To work directly with the registry, Windows offers the programmer a whole set of WinAPIs that should be familiar to any system developer - these are Reg * functions, such as RegOpenKey, RegQueryValue, and so on. In the Win kernel, these are NtOpenKey, NtQueryValueKey, and a whole host of others. There is not much point in describing them - all the documentation on the proper use of these functions can be found on MSDN.

Here is what is worth noting. To control user actions, antiviruses and proactives installed intercepts on the mentioned functions, both in the kernel and in the user mode.

With the release of Win7 x64, the situation has changed, and I already wrote about it somehow. The Windows developers decided to remove the ability to intercept potentially dangerous functions in the Win kernel. Now the KeServiceDescriptorTable variable is exported more in x64, and it won't work to rewrite the required code section - PatchGuard won't. There are, of course, sadomasochistic solutions to circumvent these restrictions - but there will be more hassle than profit. Moreover, Microsoft offers convenient ObRegisterCallbacks for registry control.

INFO

There is very little information on the Web about the structures that describe the main registry files. And almost all of them are in English. Basic knowledge can be found. In addition, it is well written about the registry in the bible of the system engineer “Internal Windows device from comrades M. Russinovich and D. Solomon.

And now - about the most interesting

But what is a registry, really? If you look into the WINDOWSsystem32config folder, you can see several files there: system, software, security, SAM, and several others.

These are registry files.

However, it would be unfair to talk about the registry simply as a combination of files loaded into memory. Much of what the registry contains is dynamic in nature, that is, a number of values \u200b\u200bare calculated at the stage of loading the system itself, first of all, this concerns certain hardware parameters. For example, this is the HKEY_DYN_DATA registry subkey, whose data is located in the operating system when the operating system boots. random access memory and remain there until the end of the operating system. By the way, the same can be said about the HKEY_LOCAL_MACHINE key subsection, which does not have its corresponding file on disk, but is actually formed from other registry files, such as software, system, and others.

Thus, the registry from the inside can be roughly called a "virtual combination of registry files." After the system starts, these files are located both in the paging file (paged pool) and in nonpaged memory (nonpaged).

Registry structure

In order to learn how to work with the registry directly, one cannot do without knowledge of its internal structure. In general, Microsoft has never revealed the secrets of the internal structure of the files that make up the registry, as this threatens security. According to my observations, all available descriptions of the registry files and its structure (and there are very few of them, by the way) are the results of research by pioneer researchers. The most complete, in my opinion, such a "research" is possible, it belongs to Comrade Peter Norris.

We will not go into the details of the organization and structure of the registry now, this is a long, tedious business and does not exactly fit into the scope of the article. It is important to understand here that the registry is a hierarchical tree-like structure, sometimes also said to be like a honeycomb.

And what to do with all this now?

I’ll upset you right away: it’s impossible to easily fool around with the registry in the user mode, the system will not allow you to do this, as is usually the case with files occupied by other processes. If you try to dodge, then you can only read such a "busy" file, and then if you guess with the flags with which it was opened. Unfortunately, writing information to the “registry file” of interest to us will not work. By the way, the feature with the record necessary information it can work in the registry if you write to registry *.BAK files, they are definitely writable.

So, watch your hand :).

The first thing that may come to your bright mind is to open the registry file directly and write something there.

Theoretically, this can be done, for this you need, firstly, to be able to work with “occupied” files (look for ways on the Web) and, secondly, as I said above, you need to know the internal structure of registry files. This method is rather clumsy, but, despite its delusional, it is quite viable, although it is difficult to implement in practice (try experimenting with it yourself).

Here I will offer two ways that will help you cut the registry into small pieces.

The first way is that for the Configuration Manager (Configuration Manager, part of the operating system, if you don’t know), the registry is nothing more than a set of well-defined structures in operating memory, which, as it turns out, are very easy to work with. What are these structures, you ask? HBASE_BLOCK, HHIVE, HBIN, HCELL, HMAP_ENTRY, HMAP_DIRECTORY, a bunch of CM_* structures used by the config manager to manage the registry. From the point of view of the operating system, the registry is simply a set of regulated structures in RAM. For example, the signature "regf" that defines "registry file" is a predefined constant:

Define HBASE_BLOCK_SIGNATURE 0x66676572 typedef struct _HBASE_BLOCK ( ULONG Signature; //0x66676572 ULONG Sequence1; ULONG Sequence2; LARGE_INTEGER TimeStamp; .... )

That is, the meaning of all this my monologue is that there is a great opportunity to manipulate the registry at the operating system level, but without using its standard tools. How is this possible? We are just emulating the actions of the operating system itself, exactly as it works with the registry itself! It is important, as I said, to understand that for the OS itself, the registry is nothing more than a set of corresponding structures in memory.

If we have access to the registry files at the kernel level, then why are we worse than the OS itself to establish our own order?

And here the most interesting question appears on the scene - how to find these very structures in memory? It is true that there are no regular system tools for solving this issue, so you have to get out in a tricky way.

Knowing what the structures look like, you need to remember that each file, the registry hive, has its own constant signature. For example, "regf" is 0x66676572. For the hive, the signature will be 0xBEE0BEE0. Having access to memory from the kernel, we can find these signatures in memory quite easily by simply scanning it. You can also scan the memory in search of the "CM10" signature - it is this signature that is assigned by the config manager to the swapped memory block, which is allocated for the CMHIVE structure. I suppose, having found the element of interest to us in memory, you will figure out what to do with it next :).

How, for example, to change the value of a registry cell? The value is stored in the CM_KEY_VALUE->Data field, so if you have a task to change any field in a specific registry key, look for the value there:

Typedef struct _CM_KEY_VALUE ( WORD Signature; // #define CM_KEY_VALUE_SIGNATURE 0x6B76 WORD NameLength; ULONG DataLength; ULONG Data; //<---------- данные ячейки будут здесь ULONG Type; WORD Flags; WORD Spare; WCHAR Name; } CM_KEY_VALUE, *PCM_KEY_VALUE;

The second option is a kind of modification of the first. If you know, there is one peculiarity when working with the registry - all changes, that is, “creating new keys / writing / deleting keys”, as a rule, take effect after the system is rebooted (well, or after rebooting the explorer, this is such a hack method). Prior to this, all changes are in a suspended, "dirty" state. Moreover, when handling the registry, the system communicates with it through the file system cache. This is understandable - there can be hundreds of accesses to the registry per second, therefore, relying on the speed of the file system is unreasonable, here no speed will save. Therefore, the system works with the registry, as they say, virtually, through the file system cache. And here, in order to pull the guts of the registry into the light, you need to get into the cache! How this is done has already been described in tyrnets, including in.

Pro & Cons, or instead of a conclusion

What to say in the end? The variation offered to the reader in the article on the topic of direct control over the registry is purely experimental. I do not argue that it is too heavy for practical implementation, and many will say that it is better to use normal WinAPI functions designed to work with the registry - and they will be right to some extent. However, the implemented die_hard, in fact, based on the principles given in the article, will have a truly thermonuclear power that is not subject to either avers or the operating system itself.

I'll finish it. Good luck compiling and may the Force be with you!

www

A must-read article by Mark Russinovich about the registry "Inside the Registry", there was even a Russian translation. A wonderful tool for gathering information about the registry: http://goo.gl/iSSVy.

In files SYSTEM.DAT and USER.DAT in the catalog Windows 95/98 or in a folder C:\W\System32\Config\ V Windows NT the so-called system registry is stored, containing a large amount of information. In addition to the records required windows, most programs install their own information there as well. To make changes to the registry, you must open it with a program designed for this. An example is the program REGEDIT, supplied as standard Windows. Open the dialog box to launch it. Start/Run, enter regedit and press OK.

You will see a window divided into two parts. On the left is a navigator similar to Explorer's navigator, and on the right is the actual information. The register consists of six sections: HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, HKEY_USERS, HKEY_CURRENT_CONFIG And HKEY_DYN_DATA. Each section contains folders. If a folder or section has subfolders, then to the left of this folder is the icon " plus". When you click on it, this folder " unfolds", and the icon turns into " minus" by clicking on which you can again " collapse". If you click on the folder icon or its name, then a list of those parameters that are contained in this folder (but not in subfolders!) will appear in the right window. Each parameter consists of its name and value. Each parameter has its own path, where it can be found.The path consists of a sequence of folders in which this setting is located, starting with the parent folder (this is one of the six main sections listed above. An example of such a path would be HKEY_CURRENT_CONFIG\Display\Settings, and the name of the parameter resolution. In a union, the two values, the parameter and its path (often referred to as an address), point to a unique parameter. For example, two different parameters may have the same path, two parameters may have the same name but be in different folders and subfolders, but there cannot be two parameters with the same address and name. The registry can be searched (using the menu, or using a keyboard shortcut CTRL+F).

By selecting the desired section (by clicking on the section icon or its name), you can create a parameter or subsection in it. To do this, use the menu Edit/Create. In the system registry Windows There are 3 types of parameters: string, binary, And DWORD. A string stores one string ( string), V binary - binary value, V DWORD- decimal or hexadecimal value. When creating a parameter, you must specify its name. Then, by double-clicking on it in the right window, you can enter the parameter value (or change the existing one).

If the advice says to set the value of a parameter, it means that you need to change the existing value of the parameter to the value you want, or if there is no parameter with that name, create it and then change the content.

At the end of the work, for most changes, you need to close REGEDIT and restart your computer. Well, firstly, let's figure out what it is: registry Windows. When we install or remove programs, change settings Windows we put new equipment, all this is fixed and recorded in the registry. You can say this, the registry is the heart Windows. To view or edit the registry, you need to run the program Regedit (Start - Run - Regedit). Physically, the registry is stored in the directory Windows (95/98) under the names User.dat And System.dat. I say right away if you don’t know what you want to change to 100% do not change, otherwise the price is worthless. Well, for those who still changed, I give a hint. Upon successful upload, Windows makes backup copies of the registry under the names User.da0 And System.da0. This is what we will use. Of course, you can create your own backup copies for every "fireman". If Windows does not load, then when loading, hold down Ctrl. As the menu appears, select " command prompt only", go to the folder Windows ("CD C:\Windows") and type the command scanreg/restore(V Windows NT - rdisk). Now reboot and Windows should start. If there is no such program, then you will have to dial in command line from a folder Windows:

attrib -h -r -s system.dat
attrib -h -r -s system.da0
copy system.da0 system.dat
attrib -h -r -s user.dat
attrib -h -r -s user.da0
copy user.da0 user.dat

Well, now let's go directly to the registry.

1.) Open regedit, find the key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall.

Here you will find a complete list of installed programs. If some programs are no longer there, delete unnecessary folders with their names (an incomplete list is displayed in " Control Panel - Add/Remove Programs).

2.) In key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run

is a list of all startup programs at boot Windows. You can remove an unnecessary program, or you can add it. For this you need to create String parameter, enter the name of the program for the name, and enter the path to the program as the parameter value. If there are several users on your computer, then the lists of programs can be here:

HKEY_USERS\.DEAFAULT\Software\Microsoft\Windows\CurrentVersion and
HKEY_USERS\(Username)\Software\Microsoft\Windows\CurrentVersion

3.) That's it, the warm-up is over and we move on to Main menu.

To get rid of an item Favorites (Windows 98), go to the section

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Policies\Explorer

and create here Binary parameter NoFavoritesMenu with meaning 01 00 00 00 . All! Now the Favorites item will no longer appear. Delete the created parameter or change its value to 00 00 00 00 to return the item to its place. You can get rid of other items in the same way:

Documentation- parameter NoRecentDocsMenu
Settings - NoSetFolders
Find - NoFind
Shutdown - NoClose
Logging out... - NoLogOff.

You can also cancel a job. right click mouse in the main menu, for this create the same DWORD-parameter under the name NoChangeStartMenu with meaning 1 . Ready! Well, the final touches. Like the message about which button to get started with? No? Then we create DWORD- named parameter NoStartBanner and meaning 1.

4.) Go to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon

and create String parameter LegalNoticeCaption. Enter "Chernobyl virus detected" as the value, create another string parameter LegalNoticeText with the value "Click OK and all data on the hard drive will be destroyed". Restart Windows and enjoy the result. In the first parameter we enter the title, and in the second - the text itself.

5.) Now you can change the clock in the lower right corner. Go to

HKEY_CURRENT_USER\Control Panel\International

and create a string parameter sTimeFormat

Its meaning " HH:mm", where HH is the hours, : is the separator character, and mm is the minutes. A reboot is required for the changes to take effect. It's fun to see how a friend will be tormented by adjusting the clock if you swap HH and mm! Well, if you want to spoil very much, then you need to do this: Hm:mH "mH; Hm and so on.

6.) So that there are no arrows in the shortcut icons, find the key HKEY_CLASSES_ROOT\Piffile and remove the option IsShortcut, the same should be done in the folder lnkfile. Restart your computer and enjoy the result.

7.) Path to installation files Windows 95/98 lies in

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup.

Change it and Windows will look for installation files when adding features or changing system settings.

8.) To remove the "palm" from shared resources, just delete the value Default from the key

HKEY_CLASSES_ROOT\Network\SharingHandler

9.) You can also remove all icons from the desktop altogether. To do this, create in the key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

DWORD value named " NoDesktop". Reboot and see the cleanest desktop in the world.

10.) In order to hide disks in the explorer, go to

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

and create here binary parameter With name " NoDrives".

The value will depend on which drives you want to hide:

Disk A- meaning 01 00 00 00
B - 02 00 00 00
C - 04 00 00 00
D - 08 00 00 00
E - 10 00 00 00
F - 20 00 00 00

If you want to hide multiple drives, then you need to sum their values. But note that these numbers are in hexadecimal. To calculate correctly, use the calculator ( Programs - standard - Calculator). Select from the menu Calculator "View - Engineering", then select "Hex" and count. For example, to hide drives C And D it is necessary to add 04 00 00 00 And 08 00 00 00 . Enter in the parameter value 0C 00 00 00. To hide drives A And E must be summed up 01 00 00 00 And 10 00 00 00, we get the result 11 00 00 00.

11.) Open Properties: Screen, here we cover some tabs. In the registry editor, find the key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

create here DWORD-named parameter NoDispBackgroundPage and meaning 1 . Now tab Background will not be displayed. The rest of the tabs are hidden by the following options:

NoDispAppearancePage - Appearance
NoDispScrSavPage - Screensaver
NoDispSettingPage - Setting.

12.) Now let's make the item To open with... always appeared in the context menu. To do this, find the key HKEY_CLASSES_ROOT\*\ and create a section in it shell(if it doesn't exist). Here we will create another section " openas", and in it still " command".Change the value of " Default" on " C:\WINDOWS\rundll32.exe shell32.dll,OpenAs_RunDLL %1". Done, you can check.

13.) To change the drop rate main menu enter the key

HKEY_CURRENT_USER\Control Panel\desktop

and create String parameter Menu Show Delay. Enter the delay time (in milliseconds) into the value and reboot.

14.) Now let's try the item Open in Notepad put in the context menu. Let's go to the section HKEY_CLASSES_ROOT\*\shell(If not, create one). Create a section " open and change Default on " Open in Notepad".Now create a partition" command" and in it change Default on " notepad.exe %1". Ready.
15.) And now let's play with Internet Explorer "om. Want to change your browser wallpaper? Please. Enter the key

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar

and create String parameter "BackBitmap". And as a parameter, enter the path to the picture in the format bmp and restart your browser. But that is not all.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

create a new String parameter Window Title. In the value, enter what you want to see in the header after the page title, restart your browser and enjoy. The conductor will look exactly the same.

16.) If you want to admire a name or just a word after the clock in Systray(bottom panel) then go to

HKEY_CURRENT_USER\Control Panel\International\

and create two string parameters: s1159 And s2359. Enter the desired name in their value. Restriction - 8 letters.

17.) When you need to restart the registry, and you don’t want to restart the machine, in some cases the following will help: click Ctrl+Alt+Del, then select explorer and button " Complete Task". When asked to turn off the machine, refuse, then press " End task" in the next window, after which you will see how it disappeared and appeared " Task bar".

Not everything works in Windows 95

Registry recovery

Care must be taken when working with the registry. Deleting any important data by accident or unknowingly can lead to the crash of the operating system. Then only the restoration of the last working copy can save the situation.

If you are going to experiment with the registry, first save the SYSTEM.DAT and USER.DAT files to disk. They are located in the directory where the operating system was installed and have read-only and hidden attributes. If the registry is seriously damaged, you can overwrite these files in the Windows directory, set the necessary attributes and the registry will be as good as new. Just do not try to restore these files when Windows is loaded, otherwise the system will completely shut down and only a complete reinstallation will save it! To restore these files, you must first reboot into DOS and already there replace the damaged files with good ones.

But this is not the only option for data recovery. The fact is that the operating system, on each successful launch, saves a copy of the registry in a CAB file, which is written to the hidden SYSBCKUP directory of the Windows directory. By default, the last five copies are kept. This number can vary from 0 to 99 and is set by the value of the MaxBackupCopies key in the scanreg.ini file in the Windows directory. True, you should not set too large a value, because. files take up a lot of space (one file is larger than a megabyte).

To restore the registry from one of these backups, you need to reboot into DOS and run the command

A list of available registry backups will appear sorted by the time they were created. After choosing the right copy, the data will be safely restored, and you will receive a registry that meets the state of affairs at the time of its creation.

But if you installed any programs or changed the settings of the operating system between the last backup and the failure in the registry, then all this data will be irretrievably lost. Do we need it? Definitely not! To back up the registry at any time, use the command

which, in the case of a normally passed check, will create a backup copy.

Another option for backing up and restoring the registry is to export the partition or entire branch that you plan to modify. This can be done in Regedit for Windows under the "Registry" menu. Select the desired section and click on the "Export registry file" item. After specifying the file name, the data of this section will be exported to it. The file has a .reg extension. To import it into the registry, just double-click on it and the data will be transferred. True, this method of information recovery has one significant drawback: all deleted or modified records will be restored, but the added records will not be deleted. Therefore, this method is more suitable if you are making some minor changes, and in order to roll them back without entering the old data again, you can use export / import.

In general, you need to work with the registry very carefully, but if you periodically back it up, then no problems should arise.

Good day, dear readers. In today's article we will talk about such a thing as Windows registry.

For most users, the registry is associated with something completely unknown, has some downright mythical character and causes almost awe.

I must say that all this is not in vain, because joking with the registry is quite dangerous, and even a small wrong move often leads to the most serious consequences. However, when handled correctly, it becomes an indispensable tool for customizing Windows.

The tips below will clear things up for you and pave the way for you to learn the basics of working with the registry so that you can make changes to its settings without much fear, if necessary.

Windows Registry - Introduction and Terms

We can say that the Windows system registry is a database that stores various values of the parameters of the OS (operating system) and the applications you have installed.

The advantage of using the registry is the ability to change settings that you can't access using Windows windows.

However, on the other hand, changing these options is not supported by hints, visual design and all sorts of warnings against incorrect actions, which are often given when using the control panel or other system / program options.

Thus, working with them is, so to speak, walking through a minefield for uninformed users and, especially due to the lack of visual clarity, many do not even come close to this tool.

What does the Windows registry do?

In general, the mechanism of its work is quite simple. When you install the program (or change any Windows setting in any of the settings menus), the system itself looks for desired parameters and makes adjustments to one of the registry values.

For example, this happens when you uninstall applications using the " Installation and removal of programms» (« Control Panel»).

By the way, when you carelessly delete a folder with an installed program by simply clicking Delete in My computer, and not through the appropriate tools in the system, the registry entries responsible (namely, containing program settings, location information, etc., etc.) for this program, do not disappear, but remain in the system and thus litter it.

That is why it is so important to correctly remove applications, clean and care for the system in a timely manner, which I have repeatedly written about in my articles - "" or, say, "".

What does the registry look like? This is a kind of table that contains all the registry entries, which is stored on the hard disk in the form of several files, but it is packed in such a way that the only way to work with it is to use the built-in Windows tools or third-party programs.

regedit - look at the Windows registry with our own eyes

To enter the Windows registry tool, open , then in the window that appears, write and press Enter.

A thing will appear in front of you (it is the built-in Windows registry editor), in which you can see what this miracle is, which I am talking about in this article.

The stored values are categorized and placed in folders like the ones you're used to seeing in My Computer. To open a folder, click on it a couple of times with the mouse or use the small plus sign next to its name.

The folders in a section are called keys, and the contents of the folders that appear on the right are called values.

Why the Windows Registry might be needed

Before you start torturing and picking the system, I warn you: the information stored in the registry is very important for the correct operation of Windows, changing or deleting it can lead to a computer malfunction.

It is also worth noting that changes take effect when you make them. The Windows Registry is not a Word document where you confirm or cancel changes to settings, so never change settings you don't know.

The easiest way to secure the system is to create a restore point before taking any action (read about it below), which will automatically make a copy of the registry and you will most likely (but not always) be able to return to it in case of problems.

Sometimes it’s worth writing down the changes made on paper, which will greatly simplify troubleshooting if something doesn’t go as planned (you can’t keep everything in your head).

How important the Windows registry is can be judged by the fact that the system independently creates backup copies of all its values \u200b\u200bat each boot, and therefore the system has such an option as “ Loading Last Known Good Configuration"(It lives in the same place as the safe mode, namely when you press it in front of the boot screen (a strip creeps there)).

What and how to edit the registry

There are many programs that provide a wide range of functions for working with the registry, but you need to be careful when choosing such tools, since non-professional implementations of programs can adversely affect the system.

Therefore, it is worth using only proven applications or system tools. I prefer the built-in Windows tool, which has already been discussed a little higher (and will go a little lower :)).

In general, managing the registry is not as difficult as it seems, first of all, you need to know which values to change and what to change them to. And then there's the matter of technology.

The main control window of the program practically does not differ in appearance from the explorer familiar to the user of Windows.

In addition, she, like, has a Favorites menu, which can be used to quickly access the parameters of various keys.

To do this, highlight the desired value, click Favorites - Add to favorites, enter a name, and click the OK button. This feature is very useful if you need to make changes to one or more options on a regular basis.

What registry categories are responsible for and what you can do in it

Each of the five main categories is responsible for storing its own set of parameters. For example, HKCU - aka HKEY_CURRENT_USER - contains keys that control the settings of a particular user, and HKEY_LOCAL_MACHINE - the operating system as a whole.

I will give some simple examples of working with the registry so that you understand the basics:

Clearing history

Despite the fact that the list of sites that you have visited using Internet Explorer can be deleted manually, they will still pop up when you enter similar options in the address bar;
You can get rid of this history using third-party programs or by editing the registry. We open and go along the path " HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs»;
Once you go there, on the right side of the editor you will see a list of addresses that you can delete by highlighting and clicking on the "Delete" button (having previously right-clicked on what we want to delete).

Well, or for example.

Blocking the task manager

Using the registry, you can unblock or block the task manager:

Open and go to " HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\»;
If on the left side, below " Policies", You will not find the directory " System", Right-click on " Policies"And select " Create", And then " Partition»;
A new folder will appear a little lower, which you need to rename to " System»;
Next, in the options window (this is on the right), right-click, select New -> DWORD Value and name it DisableTaskMgr ;
Right-click on it and select " Edit";
In the value input line, put 1 to turn off (or 0 to turn on) the task manager, and then select the radio button " Number system» to «Decimal»;
After that, when you try to call the task manager, "" will appear (or vice versa, this message will disappear if it was blocked).

Caution in use

I would like to once again warn you against changing unknown values. Every time you dive into settings, create restore checkpoints, and also perform backup important files. This will protect you from accidental failures and loss of information.

To create a restore point, click "Start - Run - msconfig - System Restore". In the window that opens, you need to select " Create a restore point”, after which, following the prompts, you can save the current state of the OS without any problems. You can also restore the previous state using this menu using the adjacent item.

In order to make a backup copy of the entire registry\registry branch, run , select the desired section\branch\folder, click "File - Export", and then choose where to save the .reg file.

In order to use this backup later, either click File - Import, or simply click on the file and confirm with the "Yes" button adding data to the Windows registry.

If you save some branch, then it is saved (and imported, respectively, too) with subfolders and with all the values in it.

Afterword

These are the pies. By the way, there are a lot of websites on the World Wide Web that talk about various settings and changes in the registry. Be careful, you should not use the first advice that comes across without knowing the result.

Again, I cannot fail to mention other spyware modules that consider the Windows registry to be their second home. In order to be sure to have it on hand, as well as check the system for Spyware using, for example, and the software indicated in it.

If you have any questions or additions to the article - you are welcome, leave comments;)

PS : The article was written thanks to the great efforts of a regular reader - Sergey Nekrash - for which many thanks to him. The work he has done is commendable.

Perhaps each of you has heard the word "registry", but the question "What is it" was asked by a few, but in vain. After all, the ability to edit the registry can save a lot of time, money, nerves and effort. How to start the registry of the Windows 7 operating system, as well as the main ways to use it, are discussed in detail in this article.

First you need to understand what exactly is the registry. To better understand this, imagine a notebook with some entries in a certain sequence. If all the sheets from this notebook are torn out and mixed, then the information will remain the same, but it will be much more difficult to read it. Have to find first desired page before reading it, and this is extra time.

A similar situation occurred during the use of the Fat16 file system, which had serious performance problems. Then it was decided to introduce a registry to streamline information. Over time, the problems solved by the registry disappeared, but it was left due to backward compatibility.

The Windows Registry is a hierarchical database of parameters and settings for installed programs.

Physically, all registry settings are written in files and scattered throughout the system. When the program starts, the registry finds the necessary parameters and operates with them. The more applications on computers, the more parameter files, and the longer it will take to find the right one. Therefore, from time to time the registry needs to be cleaned to maintain system performance.

There are two ways to start the Windows 7 registry:

Start → in the search bar we write regedit → in the results found, open the file regedit.exe.
Launch Explorer → go to the C:\Windows folder → look for the regedit.exe file and open it.

If you did everything correctly, the Registry Editor will open.

Registry editing. Export Import

Before us is the Windows 7 registry editing window:

Sections are on the left side.
On the right are the options.
At the bottom is the status bar, which displays the path to the parameter.

When working with registry settings, you need to be extremely careful and careful, because the registry is the nervous system of Windows. Therefore, it is recommended that you create a copy of the registry before changing any settings.

Right-click on the "Computer" section - Export - set the name, check the export range (it should be "Entire Registry") and specify the folder - click save.

After the above steps, a file with the .reg extension will appear. Now, if you mess up with changing the settings, the registry can always be returned to its original state.

To do this, click "File" - Import ... - look for the Registry.reg we saved earlier and click "Open". All settings will revert to the time the copy was created.

Recovering an Administrator Password Using the Registry

For an example showing what tasks can be performed in the registry, consider this problem. Let's assume you are. No problem! It can be changed using the registry. To do this, we need an installation Windows disk 7.

Boot from installation disk. After copying the new data, we will be prompted to select a language. Leave everything as it is and click "Next".
In the new window, select "", after which the computer will search for installed operating systems.
A window may appear with the text "Problems found in boot options." Ignore and choose operating system and click "Next".
In the next window, select the lowest parameter ""
In the command line, we type the regedit command already known to us and press Enter.
In the editor, select HKEY_LOCAL_MACHINE
Then, from the File menu, select Load Hive.
Go to the C:\Windows\System32\config folder (the letter may differ from the usual C). We are interested in the SYSTEM file.
Enter any section name. For example: 888.
Go to the HKEY_LOCAL_MACHINE\888\Setup section. Click 2 times on the parameter:
- CmdLine , enter cmd.exe and click OK
- SetupType , replace 0 with 2 and click OK.
As a result of the above manipulations, it should turn out like this: