Data in the Registry is stored in individual pieces called
values . Every value has a name and is capable of holding one of several types of data. Values are grouped and organized in
keys , which are represented by Folder icons in Registry Editor. Keys can also contain other keys, thereby forming the basis for the hierarchy in the Registry. Like Explorer, Registry Editor arranges the keys in a collapsible tree structure, allowing you to navigate through the branches to locate a particular key, and hence, all the values contained therein.
Often, in order to view or modify a certain key or value, one must follow a
Registry path . A path is merely a series of key names, separated by backslashes (\), used to specify an absolute location in the Registry. For example, to navigate to HKEY_CURRENT_USER\Control Panel\Keyboard, simply expand the HKEY_CURRENT_USER branch by clicking on the plus sign (+) next to it, then expand the Control Panel branch, and finally click on the Keyboard key name to display its contents. The path leading to the currently highlighted key is always shown at the bottom of the Registry Editor window.
|
Every key contains a value named (Default). If the default value contains no data, you'll see (value not set), as in Figure 8-1. If a given key contains other values, they will be listed below the default value. To modify the data stored in a value, simply double-click on the value name, or highlight it and select Modify from the Edit menu. To rename a value, which is not the same as changing its data, highlight it and press F2 or right-click it and select Rename.
For example, if I wanted to change the location of my Word Startup Folder, I could navigate to HKEY_CURRENT_USER\Software\Microsoft\Office\8.0\Word\Options, double-click on the Startup-Path value, and use the edit dialog box shown in Figure 8-1 to type new data.
The data stored in the Startup-Path value is a string of text, which means that Startup-Path is a
string value (the most common type). There are seven types of values in all, each having a common name and a symbolic name (shown in parentheses in the following list). While all value types can be viewed and modified in Registry Editor, only three can be created.
String values
(REG_SZ)
String values contain
strings of characters, more commonly known as text. Most values of interest to us are string values; they're the easiest to edit and are usually in plain English. In addition to standard strings, there are two far less common string variants, used for special purposes:
Contains several strings (usually representing a list of some sort), concatenated (glued) together and separated by null characters (ASCII code 00). You can't create these in the Registry Editor, but you can edit them. The dialog used to modify these values is the same as for binary values. Note that the individual characters in REG_MULTI_SZ keys are also separated by null characters, so you'll actually see three null characters in a row between multiple strings.
Contains special variables into which Windows substitutes information before delivering to the owning application. For example, an expanded string value intended to point to a sound file may contain %SystemRoot%\media\startup.wav. When Windows reads this value from the Registry, it substitutes the full Windows path for the variable, %SystemRoot%; the resulting data then becomes (depending on where Windows is installed) c:\windows\media\startup.wav. This way, the value data is correct regardless of the location of the Windows folder. You can't create these in the Registry Editor, but you can edit them.
(REG_BINARY)
Similarly to string values, binary values hold strings of characters. The difference is the way the data is entered. Instead of a standard text box, binary data is entered with hexadecimal codes in an interface commonly known as a
hex editor . Each individual character is specified by a two-digit number in base-16 (e.g., 6E is 110 in base 10), which allows characters not found on the keyboard to be entered. See Figure 8-2 for an example. Note that you can type hex codes on the left or normal ASCII characters on the right, depending on where you click with the mouse.
Binary values are often not represented by plain English and, therefore, should be left unchanged unless you either understand the contents or are instructed to do so by a solution in this book.
(REG_DWORD)
Essentially, a DWORD is a number. Often, the contents of a DWORD value are easily understood, such as 0 for no and 1 for yes, or 60 for the number of seconds in some timeout setting. A DWORD value is used only where numerical digits are allowed; string and binary types allow anything.
The DWORD format, like the binary type, is a hexadecimal number, but this time in a more conventional representation. The leading 0x is a standard programmer's notation for a hex value, and the number is properly read from left to right. The equivalent decimal value is shown in parentheses following the hex value. What's more, when you edit a DWORD value, the edit dialog box gives you a choice of entering the new value in decimal or hex notation.
In general, if a value is stored in binary or DWORD format, you can guess that it was either programmatically generated or the program's author wished to make the value a little more obscure and difficult to edit. However, if you know what you are doing, you can edit binary or DWORD values almost as easily as you can string values. For example, if I want to lie to my friends to tell them I've won 435 games of FreeCell rather than just one, I simply need to double-click on "wins" and edit the value as shown in Figure 8-3.
Even if you're not a programmer, you can figure out hexadecimal values pretty easily with the Windows Calculator (calc.exe; see Chapter 4). Just enter the number you want to convert and click the Hex radio button to see the hexadecimal equivalent; 435 decimal is equal to 1B3 hex. Note, however, that hex values stored in binary Registry values are displayed in a somewhat unconventional format, in which the lowest-order digits appear first, followed by the next-higher pair of digits, and so on. In other words, the digits in a binary value are paired, and their order reversed: the hex value 1B3 thus needs to be entered as B3 01. If you want to convert a binary value shown in Registry Editor to decimal, you'll have to reverse this notation. For example, to find the decimal equivalent of 47 00 65 6e, set Calculator to hexadecimal mode and enter 6e650047, and then switch to decimal mode to display the decimal equivalent, 1,852,112,967.
|
Figure 8-3 shows an additional
value, called "wins," which I
entered into the FreeCell key using Registry Editor
Windows Me Annoyances by David Karp [O'Reilly] for several examples.) The chief concern is in deleting or modifying existing entries; the odds of randomly creating a value that an application might be looking for are extremely small.
I take advantage of this fact by occasionally leaving myself notes in new Registry values. For example, before modifying a value, I might place a backup of its data in a new value in the same key. The application will ignore it, and it has sure come in handy for me to have a record of the original value!
A final note: any changes made in Registry Editor are saved automatically and immediately; there's no "undo" command in Registry Editor, and the automatic Registry backups made by Windows are of little use when small changes are made. The saving grace is the use of Registry patches, discussed later in this chapter.