O'Reilly Hacks
oreilly.comO'Reilly NetworkSafari BookshelfConferences Sign In/My Account | View Cart   
Book List Learning Lab PDFs O'Reilly Gear Newsletters Press Room Jobs  


 
Buy the book!
Windows XP Hacks
By Preston Gralla
February 2005
More Info

HACK
#68
Don't Fear the Registry
The Registry is the single best tool available for hacking XP. Here's an introduction to how it's organized and how to use it

Contributed by:

[09/03/03 | Discuss (15) | Link to this hack]

If you haven't spent much time in the Registry, you can easily be cowed by it. At first glance, it's a maze of apparently incomprehensible settings. In fact, though, there's a method to the madness. The Registry is a hierarchical database of information that defines exactly how your system works, including virtually every part of XP and its applications. Editing the Registry database is often the best way to hack XP. In fact, there are many changes to the operating system that you can make in no other way.

Even if you've never used the Registry directly before, you've changed it without realizing it. Whenever you change a setting using the Control Panel, for example, behind the scenes a Registry change is made that puts that new setting into effect. The menus and dialog boxes you see in XP are often little more than a visual front-end to the Registry.

If you want to optimize XP and master every part of it, you'll have to use the Registry. XP contains so many different settings and customizations that it simply wasn't possible for Microsoft to build a graphical interface for every conceivable possibility. And there are many times when it's easier and you get more options when you edit the Registry rather than using the graphical XP interface. You can use Windows XP without ever editing the Registry—many users do—but advanced users understand its power tool status.

The way to edit the Registry is by using the Registry Editor , also called RegEdit, which is shown in . To run it, type regedit at the Run box or command line and press Enter.

Figure 1. Controlling Registry settings by using the Registry Editor

Before you edit the Registry, though, you should first get a basic understanding of its structure.

WARNING

Sometimes, we power users like to jump in without reading the manual. The Registry is not the best place to experiment and learn as you go, until you understand at least a little what's going on. You could render your system useless and unrecoverable with just a few changes. So, we recommend making a backup and reading at least most of this chapter first. You'll be glad later if you do this now.

The Five Logical Registry Hives

The Registry has many thousands of settings; in fact, it often has tens of thousands of them. They are organized into five main Registry sections, called Registry hives. Think of each hive as a root directory. Each of the hives has a different purpose. When you start to delve into the Registry, you may notice that many of the settings seem to be exact duplicates of one another—in other words, settings in one hive mirror the settings in another hive. In fact, frequently one set of settings is merely an alias (called a symbolic link) of another, so that when you change those settings in one place, the changes are made in both hives.

TIP

The hives themselves are stored in the C:\Windows\system32\config and C:\Documents and Settings\{username} files.

Following are the five hives and what each does:

HKEY_CLASSES_ROOT

This hive contains information about file types, filename extensions, and similar information. It instructs XP how to handle every different file type and controls basic user interface options, such as double-clicking and context menus. This hive also includes class definitions (hence the word "CLASSES" in its name) of unique objects, such as file types or OLE objects. Frequently, classes associated with file types contain the Shell subkey, which defines actions, such as opening and printing, that can be taken with that file type.

HKEY_CURRENT_USER

This hive contains configuration information about the system setup of the user that is currently logged into XP. It controls the current user's Desktop, as well as XP's specific appearance and behavior for the current user. This hive also manages network connections and connections to devices such as printers, personal preferences such as screen colors, as well as security rights. Also included in this hive are Security Identifiers (SIDs), which uniquely identify users of the PC and which have information about each user's rights, settings, and preferences.

HKEY_LOCAL_MACHINE

This hive contains information about the computer itself, as well as about the operating system. It includes specific details about all hardware, including keyboard, printer ports, storage—the entire hardware setup. In addition, it has information about security, installed software, system startup, drivers, services, and the machine's specific XP configuration.

HKEY_USERS

This hive contains information about every user profile on the system.

HKEY_CURRENT_CONFIG

This hive contains information about the current hardware configuration of the system, in the same way that HKEY_CURRENT_USER contains information about the current user of the system.

Using Keys and Values

Each hive is at the top of the hierarchy, and underneath each hive are keys, which can in turn contain subkeys, and those subkeys can contain subkeys, and so on, organized in folder-like fashion, much like a hard drive.

Keys and subkeys contain a value, which controls a particular setting. For example, this key:

HKEY_CURRENT_USER\Control Panel\Mouse\DoubleClickSpeed

determines the amount of time between mouse clicks that must elapse before Windows won't consider it to be a double-click. To set the amount of time, you change the key's value. In this case, the default value is 500, measured in milliseconds, and you can edit the Registry to change it to whatever value you want, as shown in . You can also make the changes using the Mouse Properties dialog box (Start → Control Panel → Printers and Other Hardware → Mouse). When you make changes to that dialog box, the changes are in turn made in the Registry, which ultimately controls the setting. In essence, the dialog box is merely a convenient front-end to the Registry.

Figure 2. Editing a Registry key's value

A key can contain one or more values. Following are the five primary data types of values in the Registry:

REG_SZ (String value)

This data type is easy to understand and edit because it is made up of plain text and numbers. It is one of the most common data types in the Registry. The value for DoubleClickSpeed, mentioned earlier in this hack, is of this type.

REG_MULTI_SZ (String array value)

This data type contains several strings of plain text and numbers. The Registry Editor will let you edit these values, but it won't let you create them.

REG_EXPAND_SZ (Expanded string value)

This data type contains variables that Windows uses to point to the location of files. For example, to point to the location of the Luna theme file, the expanded string value in the Registry is %SystemRoot%\resources\Themes\Luna.theme.

REG_BINARY (Binary values)
This data type is made up of binary data: 0s and 1s. Figure 7-3 shows a typical example of a binary value. As a general rule, you won't edit binary values—instead you'll edit string values because they're made up of text and numbers, as shown in Figure 7-4.

Figure 3. Binary values

Figure 4. Editing String values

REG_DWORD (DWORD values)
This data type is represented as a number. Sometimes a 0 turns on the key or 1 turns off the key, though it can use other numbers as well. While you see and edit the value as a number, such as 456, the Registry itself views the number as a hexadecimal number, 1C8. Figure 7-5 shows a DWORD value being edited.

Figure 5. Editing DWORD values

Launching the Registry Editor

There's an upside and a downside to using XP's Registry Editor. The upside is that it's relatively simple to use. The downside is that it doesn't offer much functionality beyond basic Registry editing.

TIP

In some instances, when you make changes using the Registry the changes take effect as soon as you exit the Registry. In other instances, they'll take effect only after you log out and then log back in. And, in yet other instances, they'll take effect only after you restart Windows.

To run the Registry Editor, type regedit in the Run box or a command prompt and press Enter. If this is the first time you've run the Registry Editor, it will open highlighting the HKEY_CURRENT_USER hive, as shown in . If you've previously used the Registry Editor, it will open highlighting the last key you edited or the last place you were in the Registry.

Figure 6. Using the Registry Editor for the first time

You can browse through the Registry with the Registry Editor in the same way you browse through a hard disk using Windows Explorer. Clicking a + sign opens a key to reveal the next level down of the hierarchy. Clicking a - sign closes the key.

The Registry can be several levels deep in keys and subkeys, so navigating it using a mouse can take a substantial amount of time. (Every time you open it, it jumps to the last-used key.) You can use shortcut keys, though, to more easily navigate through the Registry. The right arrow key opens a key to reveal subkeys; the left arrow key closes a key and moves one level up in the key hierarchy. To jump to the next subkey that begins with a specific letter, press that letter on the keyboard.

You use the Registry Editor to edit existing keys and values, create new keys and values, or delete existing keys and values. Sometimes, the changes take effect as soon as you make the change and exit the Registry Editor; other times, you'll have to reboot for them to take effect. Keep in mind that there is no "Save" button. When you modify a value, it changes right then and there. There is also no Undo button, so make your changes carefully.

If there's a particular key that you want to edit, an even faster way to navigate is to use the Find command from the Edit menu. (You can also use the Find command by pressing Ctrl-F.) To find successive keys with the same value, press the F3 key.

To edit the data associated with a value, double-click on the value in the right pane of the Registry Editor; a box appears that lets you edit the value, as shown in .

Figure 7. Editing a value

When you're editing the Registry, it's often hard to tell what key you're editing, because the Registry Editor doesn't highlight that key. Instead, it shows only an open folder icon next to it, but it's easy to miss that icon. Check the status bar at the bottom of the Registry Editor; it should display the key you're editing. If it doesn't, choose View → Status Bar from the Registry Editor menu.

To rename a key, select it and choose Edit → Rename from the menu. You can also right-click on the key and choose Edit → Rename.

See also:

  • For an excellent collection of Registry hacks, go to the Registry
    Guide for Windows at http://www.winguides.com/registry. Make sure
    to sign up for the newsletter that offers Registry advice and
    hacks.



O'Reilly Home | Privacy Policy

© 2007 O'Reilly Media, Inc.
Website: | Customer Service: | Book issues:

All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.