Page 1 of 1
- FreeBooterSite Admin
OS : Windows 10
Arch. : x64 (64-bit)
Anti-Malware : ESET Smart Security
Posts : 2096
Rubies : 829949
Likes : 208
Learn How to Work With Windows Registry
Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components and for applications running on the platform that have opted to use the Registry. The kernel, device drivers, services, SAM, user interface and third-party applications can all make use of the Registry.
The registry hive files stored at C:\WINDOWS\SYSTEM32\CONFIG folder.
There is one copy of the registry for each user in hidden files called NTUSER.dat located in the root of each user account profile folder on your Windows drive.
The Windows registry can be manually edited using Registry Editor. To open this panel, type regedit.exe into Start Menu search box or Run box, and then select Registry Editor from the search results that appear.
Registry is separated into five different sections:
• HKEY_CLASSES_ROOT You should not change these settings. They include essential Windows system settings along with other things such as file associations.
• HKEY_CURRENT_USER These are the custom settings for the currently logged-in user . These will include settings for Windows and installed software. These are the most commonly changed settings.
• HKEY_LOCAL_MACHINE This section is for general Windows and software settings which means the settings in this branch apply to the computer's configuration and affect every user who logs on to it. You may need to make changes in this section.
• HKEY_USERS This section is for general controls for user accounts; you will not need to change these settings.
• HKEY_CURRENT_CONFIG These are additional settings related to your current configuration; you will not need to change these settings.
These sections are called hives, which are analogous to root directories on your hard drive. Each hive, by definition, has its own storage location (a file) and log file. Inside a hive you find both keys (and subkeys, analogous to directories and subdirectories on your hard disk) and values. The term value (or data value, as it is sometimes called) refers to the information, or data, assigned to a key, making the key analogous to a file on your hard drive as well. A key or subkey may have zero, one, or more value entries, a default value, and from zero to many subkeys. Each value entry has a name, data type, and a value.
Each registry value is stored as one of five main data types:
- REG_BINARY - This type stores the value as raw binary data. Most hardware component information is stored as binary data, and can be displayed in an editor in hexadecimal format. This datatype is made up of binary data: 0s and 1s. As a general rule, you won’t edit binary values; instead, you’ll edit string values because they’re made up of text and numbers.
- REG_DWORD - This datatype is represented as a number. Sometimes a 0 turns on the key or a 1 turns off the key, though it can use other numbers as well. While you see and edit the value as a number, such as 456, the Registry itself views the number as a hexadecimal number, 1C8. You can switch between both views in the Registry editor when you change the value.
- REG_EXPAND_SZ - This type is an expandable data string that is string containing a variable to be replaced when called by an application. For example, for the following value, the string "%SystemRoot%" will replaced by the actual location of the directory containing the Windows NT system files. (This type is only available using an advanced registry editor such as REGEDT32)
- REG_MULTI_SZ - This type is a multiple string used to represent values that contain lists or multiple values, each entry is separated by a NULL character. (This type is only available using an advanced registry editor such as REGEDT32)
- REG_SZ - This type is a standard string, used to represent human readable text values.This datatype is easy to understand and edit because it’s made up of plain text and numbers. It’s one of the most common data types in the Registry.
There are other data types not available through the standard registry editors.
Occasionally, you may have to change or remove a setting in the Windows registry. You should always be very careful when you do this, because changing the wrong setting in the registry can cause Windows OS to become unresponsive or unable to boot. You should always create a backup before making any changes to the registry . You can create a backup copy of the registry by selecting Export on the File menu. You can restore this backup the same way by selecting Import on the File menu. (Note that you may have to do this in Safe Mode if the changes you have made make Windows unstable.) If you export the registry as a Registration File with an REG file extension you can restore this backup by double clicking on it. Exporting to a hive file is my choice most of the time. There is a undesirable disadvantage when you backup registry as Registration File reason is that the Registration File backup does not delete values or keys that has been created after you export registry as a Registration File backup, it will only restores what has been backup but if you export registry as a hive file its much more accurate than either type of REG file. They are the same format as the Windows working hive files, so they represent settings exactly the same way. Also, when you import a hive file, Registry Editor deletes the branch it's replacing before importing the settings. In other words, the editor removes any settings that exist in the working registry but not in the hive file you're importing. When restoring keys from a backup after an unsuccessful registry edit, this is exactly the behavior you want.
The Windows registry hive files load every time the computer boots. Windows does a pretty good job of protecting your registry hive files from corruption, but from time to time something may slip by Windows and it will attempt to load a bad registry hive. These errors may show up as BSoD's with a message “Registry File Failure”, text errors that say “Windows could not start” or boot error message indicating one of the registry hive missing or corrupted.
Windows XP could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM
Whatever the case, when you run into these sorts of scenarios, you need to restore a good registry hive copy. The best way to do this is to start Windows with “Last Known Good Configuration” boot option from Advanced Boot Options menu but this option only restores one of the ControlSetxxx subkeys. A control set contains system configuration information such as device drivers and services. Control sets are stored in the HKEY_LOCAL_MACHINE subtree, under the SYSTEM key. If that fails, you can restore an earlier version of the Registry through the Recovery Console in Windows 2000 and Windows XP or through Windows Recovery Environment in Windows Vista/7/8/8.1 and Windows 10.
Replacing the Registry in Windows XP
Boot you computer with Windows Installation CD, and get to the Recovery Console, and type following commands one at a time to restore registry hive files.
Ren C:\Windows\System32\config\SAM SAM.BAK
Ren C:\Windows\System32\config\SYSTEM SYSTEM.BAK
Ren C:\Windows\System32\config\SECURITY SECURITY.BAK
Ren C:\Windows\System32\config\DEFAULT DEFAULT.BAK
Ren C:\Windows\System32\config\SOFTWARE SOFTWARE.BAK
Copy C:\Windows\repair\SYSTEM C:\Windows\System32\config
Copy C:\Windows\repair\SOFTWARE C:\Windows\System32\config
Copy C:\Windows\repair\SAM C:\Windows\System32\config
Copy C:\Windows\repair\SECURITY C:\Windows\System32\config
Copy C:\Windows\repair\DEFAULT C:\Windows\System32\config
This procedure assumes that Windows XP is installed to the C:\ partition. Make sure to replace C:\ drive letter to the appropriate Windows installed partition drive letter if it is a different location.
Above commands renames the registry hive files at their existing location, and then copies the registry hive files from the Repair folder to the C:\Windows\System32\Config folder. When you have finished this procedure, a registry is created that you can use to start Windows XP. This registry was created and saved during the initial setup of Windows XP. Therefore any changes and settings that occurred after the Setup program was finished are lost.
Replacing the Registry Hive Files in Windows Vista/7/8/8.1/10
Windows Vista/ 7/8/8.1/10 keep a regular backup of the registry hive files handy in case you need to overwrite a corrupted registry. By default, the RegIdleBackup task runs every 10 days, so that’s as far back as you would lose if you replaced the current registry hive files with the automatically backed-up registry hive files. You can find the backed-up registry hive files in \Windows\System32\config\RegBack folder.
To replace the Registry hive files, boot you computer with Windows Installation DVD to access Windows Recovery Environment and get to the Command Prompt shell.
Type below command into Command Prompt and press Enter key.
Above command will list registry hive files stored at RegBack folder and there file size, make sure registry hive files are not zero size if they are do not follow below instructions.
Please replace partition letter C: with Windows installed partition letter. When computer boots into Windows Recovery Environment (WinRE) environment the drive letter assign to Windows partition may not be C: drive letter because Windows 7, 8 , 8.1 and 10 creates a separate system partition when it's installed from scratch. The system partition contains boot files WinRE assigns the system partition the C: drive letter and the Windows installed partition will be assign any other drive letter usually D: drive letter is assign to Windows installed partition. The Bcdedit /enum | find "osdevice" command can be use to find out the drive letter of the Windows installed partition the output of the Bcdedit command is similar to this osdevice partition=D:. The drive letter after partition= is the drive letter of the Windows partition.
Type below commands one at a time at the Command Prompt and for each command you have typed press Enter key.
Ren C:\windows\system32\config\SAM SAM.BAK
Ren C:\windows\system32\config\SYSTEM SYSTEM.BAK
Ren C:\windows\system32\config\SECURITY SECURITY.BAK
Ren C:\windows\system32\config\DEFAULT DEFAULT.BAK
Ren C:\windows\system32\config\SOFTWARE SOFTWARE.BAK
Copy C:\Windows\System32\config\RegBack\SAM C:\windows\system32\config
Copy C:\Windows\System32\config\RegBack\SYSTEM C:\windows\system32\config
Copy C:\Windows\System32\config\RegBack\SECURITY C:\windows\system32\config
Copy C:\Windows\System32\config\RegBack\DEFAULT C:\windows\system32\config
Copy C:\Windows\System32\config\RegBack\SOFTWARE C:\windows\system32\config
This procedure assumes that Windows Vista/7/8/8.1 and Windows 10 is installed on the C:\ partition. Make sure to replace C:\ drive letter to the appropriate Windows installed partition drive letter if it is a different location.
Above commands renames the registry hive files at their existing location, and then copies the registry hive files from the RegBack folder to the C:\Windows\System32\Config folder.
If you would like to learn more about Windows registry, you can read Microsoft Windows XP Registry Guide ebook.
Did you find this tutorial helpful? Don’t forget to share your views with us.
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 1
Permissions in this forum:You cannot reply to topics in this forum