The Windows 98 Registry and Regedit.exe

Materials:
Working complete PC
Blank Diskette
Student Diskette, "New Boot A Ver 2.0+"
Student CD-ROM, "Room 6359"
Objectives:
The student will learn the basic functionality of the Windows Registry Editor, and
Learn the general concepts of the Registry including,
The nature of the six main registry Hive Keys, and
The nature of a registry key, a registry value, and registry data, and
How to use Regedit to find a particular key in the Registry.
Competency:
The student will build understanding of the nature and function of the Windows Registry and the Windows Registry Editor, and learn how to use the Registry Editor to locate a Key within the Registry.

Procedures

  1. The DOS operating system was modified during boot up by the instructions held within the CONFIG.SYS and the AUTOEXEC.BAT. Both of these are still supported in Windows 98, but they were at the time declared deprecated. Windows 98 also provided backwards compatibility support for the deprecated WIN.INI (read mostly, but not exclusively, by WIN.COM) and the SYSTEM.INI (read by many Windows kernel files) user definable boot configuration text files that were introduced by Windows 3.x. However, Microsoft expanded the concept of centralizing the location of settings for Windows startup and session operation into a structure known as the Registry.

  2. The Registry is not a text file although it does contain many individual pieces of information that are stored as plain text. The difference is that the entire structure is a data base and is organized as a hierarchy of keys that can contain more keys as well as value=data pairs. The keys are aligned in a raw binary internal hierarchical structure and the value=data pairs can hold raw binary data as well as ASCII text strings of data. Because it is no longer exclusively text, it cannot be inspected or modified using simple text editors like EDIT.COM or NOTEPAD.EXE.

  3. The Registry is not a single file either. In Windows 95/98 it is stored in the same folder as the operating system (usually C:\WINDOWS) within two separate files: SYSTEM.DAT and USER.DAT. All of the control panel applets are designed to allow the user to make changes to the operating system that will be properly saved into the Registry, in fact that is exactly what the control panel was made to do. However, on rare occasion, some items may have to be manually modified within the Registry and that is why the tool REGEDIT.EXE was included.

  4. REGEDIT.EXE should only be used as a last resort to modifying the Registry. It is by its very functionality a dangerous tool as will be seen in the Registry exercises. Reasons for using it include:

    1. Power hacks - modifications that can only be made manually, for which no control panel access was provided by Microsoft that can enhance performance.
    2. Bug fixes - modifications that can only be made manually, for which no control panel access was provided by Microsoft that can repair a well known bug.
    3. Repair malware - modifications that can only be made manually, for which no control panel access was provided by Microsoft that can remove references inserted into the Registry by Viruses/Spyware and their kin.

  5. Open the Start Menu and select "Run":

  6. A new window appears like this. Type "regedit" in the text box and press enter:

  7. The Windows Registry Editor appears. It looks like this:

  8. The contents of the top level keys whose names start with "HKEY" which means "Hive Key" are as follows:

    • HKEY_LOCAL_MACHINE - (HKLM) The contents of this key are the entire contents of the file SYSTEM.DAT. They are the operating system's complete settings including dependencies between executables, file extension associations, device drivers and their settings, etc.
    • HKEY_USERS - (HKU) The contents of the file USER.DAT. This holds the users personal preferences such as themes, backgrounds, system sounds and so on. When profiles are not in effect (users do not logon, instead the system always boots straight to the desktop) then all users are getting the same personal settings which are held in the .DEFAULT key under HKEY_USERS.
    • HKEY_CLASSES_ROOT - (HKCR) Open the [+] in front of HKLM, then then [+] in front of SOFTWARE, then the [+] in front of CLASSES. Now open the [+] in front of HKEY_CLASSES_ROOT, the contents are the same. In fact modifying one automatically modifies the other because HKEY_CLASSES_ROOT is nothing more than a shortcut to HKLM\SOFTWARE\CLASSES.
    • HKEY_CURRENT_CONFIG - (HKCC) Open HKLM then CONFIG then 0001, now open HKCC. If a system has more than one hardware configuration profile, they will be stored in HKLM\CONFIG as 0001, then 0002, etc. Which ever one launched and is currently in effect is the one that HKCC is a shortcut to (also called an "alias") This is very handy sincee it is not always easily determined which profile is in effect.
    • HKEY_CURRENT_USER - (HKCU) Open HKU then open .DEFAULT, now open HKCU. HKCU is an alias to .DEFAULT if user profiles have not been enabled, otherwise it is a shortcut to whoever is cuurently logged onto the operating system. Their key is under HKU and has their logon name.
    • HKEY_DYN_DATA - (HKDD) This is a transient hive full of data that Windows is currently using during the session that will NOT be saved back into the Registry. Because it is only dynamic data that is never permanently saved, it is of little value to the technician.

  9. Close all open keys and single click on the My Computer entry at the top. Click on Edit in the Window's Main menu and then click on the "Find..." choice. In the "Find What" text box type in "runonce" and be sure that only the "Keys" checkbox is checked then Click "Find Now":



  10. Now the key has been found. Note that the whole registry path to the key is displayed in the status bar at the bottom of the window:

  11. Add a value=data pair under the Key.

  12. Learn how to import and export Registry files.

Back to Page Top

Copyright©2000-2008 Brian Robinson ALL RIGHTS RESERVED