Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Microsoft Windows Internals, 4 ed Chapter 4. Management Mechanisms The Registry 965202095 謝承璋 2008 年 05 月 07 日.

Published byDamian Hamilton Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Microsoft Windows Internals, 4 ed Chapter 4. Management Mechanisms The Registry 965202095 謝承璋 2008 年 05 月 07 日."— Presentation transcript:

1 1 Microsoft Windows Internals, 4 ed Chapter 4. Management Mechanisms The Registry 965202095 謝承璋 2008 年 05 月 07 日

2 2 Introduction The registry is the repository for both systemwide and per-user settings. Regedit.exe A tool for editing the registry. Windows Server 2003 Deployment Kit http://www.microsoft.com/windowsserver2003/techin fo/reskit/deploykit.mspx. http://www.microsoft.com/windowsserver2003/techin fo/reskit/deploykit.mspx

3 3 Registry Usage 3 principal times that configuration data is read: During the boot process. During login. During applications' startup. On an idle system there should be no registry activity.

4 4 Registry Data Types The registry is a database whose structure is similar to that of a disk volume. The registry contains keys, which are similar to a disk's directories, and values, which are comparable to files on a disk. A key is a container that can consist of subkeys or values. Values store data. Top-level keys are root keys. Only root keys are not subkeys.

5 5 Registry Data Types (Cont.) Regedit displays the unnamed value as (Default). The majority of registry values are REG_DWORD, REG_BINARY, or REG_SZ. The REG_LINK type lets a key transparently point to another key or value. Links aren't saved; they must be dynamically created after each reboot.

6 6 Registry Value Type Table 4-1. Registry Value Type ValueDescription REG_SZ Fixed-length Unicode string. REG_BINARY Arbitrary-length binary data. REG_DWORD32-bit number. REG_LINKUnicode symbolic link.

7 7 Table 4-2. The Six Root Keys Root KeyDescription HKEY_CURRENT_USERData associated with the currently logged-on user HKEY_USERSInformation about all the accounts on the machine HKEY_CLASSES_ROOTFile association HKEY_LOCAL_MACHINESystem-related information HKEY_PERFORMANCE_DATA Performance information HKEY_CURRENT_CONFIG Current hardware profile

8 8 Registry Logical Structure Why do root-key names begin with an H? Because the root-key names represent Windows handles (H) to keys (KEY).

9 9 HKEY_CURRENT_USER The HKCU root key contains the preferences and software configuration of the locally logged-on user. It points to the currently logged-on user's user profile, located on the hard disk at \Documents and Settings\ \Ntuser.dat.

10 10 HKEY_USERS HKU contains a subkey for each loaded user profile and user class registration database on the system. It also contains a subkey named HKU\.DEFAULT that is linked to the profile for the system.

11 11 HKEY_USERS (Cont.) The following registry value defines the location of system profiles HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\ProfilesDirectory. It is by default set to %SystemDrive%\Documents and Settings.

12 12 Figure 4-1. The User Profiles Management Dialog Box

13 13 HKEY_CLASSES_ROOT The data under HKEY_CLASSES_ROOT comes from two sources: 1. The per-user class registration data in HKCU\SOFTWARE\Classes 2. Systemwide class registration data in HKLM\SOFTWARE\Classes

14 14 HKEY_CLASSES_ROOT (Cont.) The reason that there is a separation of per-user registration data from systemwide registration data is customizations. Nonprivileged users can read systemwide data. They can add new keys and values to systemwide data (which are mirrored in their per-user data). But they can modify existing keys and values in their private data only.

15 15 HKEY_LOCAL_MACHINE HKLM is the root key that contains all the systemwide configuration subkeys: HARDWARE SAM SECURITY SOFTWARE SYSTEM.

16 16 HKLM The HKLM\HARDWARE subkey maintains descriptions of the system's hardware and all hardware device-to-driver mappings. HKLM\SAM holds local account and group information, such as user passwords, group definitions, and domain associations. HKLM\SECURITY stores systemwide security policies and user-rights assignments. HKLM\SAM is linked into the SECURITY subkey under HKLM\SECURITY\SAM.

17 17 HKLM (Cont.) HKLM\SOFTWARE is where Windows stores systemwide configuration information not needed to boot the system. HKLM\SYSTEM contains the systemwide configuration information needed to boot the system, such as which device drivers to load and which services to start. last known good control set

18 18 HKEY_CURRENT_CONFIG HKEY_CURRENT_CONFIG is just a link to the current hardware profile, stored under HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current.

19 HKEY_PERFORMANCE_DATA You won't find HKEY_PERFORMANCE_DATA by looking in the Registry Editor. This key is available only programmatically through the Windows registry functions, such as RegQueryValueEx. Performance Data Helper API (Pdh.dll). 19

20 Figure 4-2. Registry performance counter architecture 20

Download ppt "1 Microsoft Windows Internals, 4 ed Chapter 4. Management Mechanisms The Registry 965202095 謝承璋 2008 年 05 月 07 日."

Similar presentations

Working with the Windows Registry Computer Club of the Sandhills November 12, 2012.

Working with the Windows Registry Computer Club of the Sandhills November 12, 2012.
1 Module 7 Configuring the Windows NT Environment.

1 Module 7 Configuring the Windows NT Environment.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 3 Configuring the Windows Server 2008 Environment.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 3 Configuring the Windows Server 2008 Environment.
Configuration Files CGS2564. DOS Config.sys Device drivers Memory configuration Autoexec.bat Run programs, DOS commands, etc. Environment settings File.

Configuration Files CGS2564. DOS Config.sys Device drivers Memory configuration Autoexec.bat Run programs, DOS commands, etc. Environment settings File.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Unit 3 IT278 Network Administration Course Name – IT278 Network Administration Instructor.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Unit 3 IT278 Network Administration Course Name – IT278 Network Administration Instructor.
Mastering Windows Network Forensics and Investigation Chapter 8: The Registry Structure.

Mastering Windows Network Forensics and Investigation Chapter 8: The Registry Structure.
The Windows Registry Adapted from

The Windows Registry Adapted from
Chapter 3: Configuring the Windows Vista Environment.

Chapter 3: Configuring the Windows Vista Environment.
Registry Analysis What is it? What does it contain?

Registry Analysis What is it? What does it contain?
Registry Structure What is it? What does it contain?

Registry Structure What is it? What does it contain?
The Windows XP Registry 70-270: MCSE Guide to Microsoft Windows XP Professional.

The Windows XP Registry : MCSE Guide to Microsoft Windows XP Professional.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.

Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
Application Repackaging - Naushad Ali T Doddamani.

Application Repackaging - Naushad Ali T Doddamani.
Chapter 11 Basic Windows and Windows Commands. Overview of what an Operating System does To identify and use common desktop and home screen icons To manipulate.

Chapter 11 Basic Windows and Windows Commands. Overview of what an Operating System does To identify and use common desktop and home screen icons To manipulate.
Operating System & Application Files BACS 371 Computer Forensics.

Operating System & Application Files BACS 371 Computer Forensics.
Working with the Windows XP Registry

Working with the Windows XP Registry
Mastering Windows Network Forensics and Investigation Chapter 9: Registry Evidence.

Mastering Windows Network Forensics and Investigation Chapter 9: Registry Evidence.
OS and Application Files BACS 371 Computer Forensics.

OS and Application Files BACS 371 Computer Forensics.
Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.

Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.

Similar presentations

Ads by Google