لطفا منتظر باشید ...
8.4. Hives
HKEY_USERS and
HKEY_LOCAL_MACHINE can be thought of as the only
true root keys, since the Registry's three other
root keys are simply symbolic links, or mirrors, of different
portions of these two. This means that these two branches are the
only ones that actually need to be stored on your hard disk, and this
is where
hives
come into play.For every branch in HKEY_LOCAL_MACHINE, a
corresponding hive file is stored in your
\Windows\System32\config folder. For example,
HKEY_LOCAL_MACHINE\Software is stored in a file
called software (no filename extension). Since
new branches can be added to HKEY_LOCAL_MACHINE,
new hives can be generated at any time. Most systems will have the
following hives: sam ,
security , software , and
system .Not all Registry data is stored on your hard disk, however. Some keys
are dynamic, in that they are held only in memory, and are forgotten
when you shut down. An example of a dynamic branch is
HKEY_LOCAL_MACHINE\HARDWARE, which is built up
each time Windows is started (an artifact of plug-and-play). Only
non-dynamic branches are stored in hives, so you
won't see a hive called
hardware .The branches in HKEY_USERS, one for each
configured user, are similarly stored in hives. The hive file for
each user is called ntuser.dat, and is located
in \Documents and
Settings\{username}. For
example, the hive for the Administrator user is stored in the file
\Documents and
Settings\Administrator\ntuser.dat.Knowing which files comprise the Registry is important only for
backup and emergency recovery procedures (see Section 8.5, next), and for
troubleshooting (and so you don't accidentally
delete them). The storage mechanism is quite transparent to the
Registry Editor and the applications that use the Registry;
there's no reason to ever edit the hive files
directly. If you want to migrate a key or a collection of keys from
one computer to another, don't even think about
trying to copy the hive files. Instead, use Registry patches,
discussed later in this chapter.
