What Is the Windows Registry?
The Windows registry can best be seen as a central configuration location for Windows. The Windows registry contains most of the settings that both Windows and Windows programs use during execution. If you are familiar with older versions of Windows, you can see the registry as a replacement of all the .ini files in earlier Windows versions. Older programs can still use .ini files or .xml files for configuration, but most modern applications use the registry to store are their settings.
Anything from the hardware configuration, security to user level preferences is stored in the Windows registry.Of course the amount of configuration data that is stored in the Windows registry is enormous. To deal with the size and complexity of all this data, the registry has been split up in folders. The top level of folders (or hives, or keys in Microsoft terminology) are:
|HKEY_CLASS_ROOT||This key contains all configuration data that determines which program is used to open which file. You will find a list of all file extensions and data classes in this key.|
|HKEY_CURRENT_USER||This key contains all the configuration data for the currently logged in user. The complete user profile is stored in here.|
|HKEY_LOCAL_MACHINE||This key contains all data that is specific to the computer. Hardware, software, security, etc., everything that is central to the computer is stored in here.|
|HKEY_USERS||This key contains all user profiles defined on the computer. One of which will always be the HKEY_CURRENT_USER.|
|HKEY_CURRENT_CONFIG||This key contains information about the hardware profile used for computer startup. Different hardware profiles can be defined and used to enable or disable hardware in a specific configuration (Safe Mode is an example of a variation).|
Physically you can find the files related to the registry in %SystemRoot%\System32\Config, which in most cases will be C:\Windows\System32\Config. The files in this location have either no extension, or .log, .sav (and in older Windows versions .dat).
Starting with the main keys or folders, the registry is further divided into subkeys or subfolders, which can contain values. Each value has a name, a type and an actual value. These values are the settings that are used by different programs as well as Windows itself. Values can be numeric (DWORD), textual (SZ) and some other types.
The result is a hierarchical structure of folders and values, most of which is loaded in physical memory (RAM) during runtime to speed up overall performance. The Windows registry is managed by the Windows Configuration Manager. The Configuration Manager is a kernel level system that controls all access to the registry and registry files. This is to ensure the registry’s integrity and prevent abuse by malicious software.
For a more technical view on the Windows registry, you can read an article from Windows NT Magazine.