Windows XP Hacks, Second Edition

Hack 83. Don't Fear the Registry

The Registry is the single best tool available for hacking XP. Here's an introduction to how it's organized and how to use it.

If you haven't spent much time in the Registry, you can easily be cowed by it. At first glance, it's a maze of apparently incomprehensible settings. In fact, though, there's a method to the madness. The Registry is a hierarchical database of information that defines exactly how your system works, including virtually every part of XP and its applications. Editing the Registry database is often the best way to hack XP. In fact, you can make many changes to the operating system in no other way.

Even if you've never used the Registry directly before, you've changed it without realizing it. Whenever you change a setting using the Control Panel, for example, behind the scenes a Registry change is made that puts that new setting into effect. The menus and dialog boxes you see in XP are often little more than a visual frontend to the Registry.

If you want to optimize XP and master every part of it, you'll have to use the Registry. XP contains so many different settings and customizations that it simply wasn't possible for Microsoft to build a graphical interface for every conceivable option. And many times it's easier and you get more options when you edit the Registry instead of using the graphical XP interface. You can use Windows XP without ever editing the Registrymany users dobut advanced users understand its power tool status.

The way to edit the Registry is by using the Registry Editor, also called RegEdit, which is shown in Figure 9-1. To run it, type regedit in the Run box or at a command line and press Enter.

Figure 9-1. Controlling Registry settings by using the Registry Editor

Before you edit the Registry, though, first you should get a basic understanding of its structure.

Sometimes, we power users like to jump in without reading the manual. The Registry is not the best place to experiment and learn as you go until you understand at least a little of what's going on. You could render your system useless and unrecoverable with just a few changes. So, we recommend making a backup [Hack #86] and reading at least most of this chapter first. You'll be glad later if you do this now.

9.2.1. The Five Logical Registry Hives

The Registry has many thousands of settings; in fact, it often has tens of thousands of them. They are organized into five main Registry sections, called Registry hives. Think of each hive as a root directory. Each hive has a different purpose. When you start to delve into the Registry, you might notice that many of the settings seem to be exact duplicates of one anotherin other words, the settings in one hive mirror the settings in another hive. In fact, frequently one set of settings is merely an alias (called a symbolic link) of another, so when you change those settings in one hive, the changes are made in both hives.

The hives themselves are stored in the C:\Windows\system32\config and C:\Documents and Settings\{username} files.

Following are the five hives and what each does:

HKEY_CLASSES_ROOT

This hive contains information about file types, filename extensions, and similar information. It instructs XP on how to handle every different file type and controls basic user interface options, such as double-clicking and context menus. This hive also includes class definitions (hence the word CLASSES in its name) of unique objects, such as file types or OLE objects. Frequently, classes associated with file types contain the Shell subkey, which defines actions, such as opening and printing, that can be taken with that file type.

HKEY_CURRENT_USER

This hive contains configuration information about the system setup of the user that is currently logged in to XP. It controls the current user's desktop, as well as XP's specific appearance and behavior for the current user. This hive also manages network connections and connections to devices such as printers, personal preferences such as screen colors, and security rights. Also included in this hive are Security Identifiers (SIDs), which uniquely identify users of the PC and which have information about each user's rights, settings, and preferences.

HKEY_LOCAL_MACHINE

This hive contains information about the computer itself, as well as the operating system. It includes specific details about all hardware, including keyboard, printer ports, storagethe entire hardware setup. In addition, it has information about security, installed software, system startup, drivers, services, and the machine's specific XP configuration.

HKEY_USERS

This hive contains information about every user profile on the system.

HKEY_CURRENT_CONFIG

This hive contains information about the current hardware configuration of the system, in the same way HKEY_CURRENT_USER contains information about the current user of the system.

9.2.2. Using Keys and Values

Each hive is at the top of the hierarchy, and underneath each hive are keys, which can in turn contain subkeys, and those subkeys can contain subkeys, and so on, organized in folderlike fashion, much like a hard drive.

Keys and subkeys contain a value, which controls a particular setting. For example, this key:

HKEY_CURRENT_USER\Control Panel\Mouse\DoubleClickSpeed

determines the amount of time between mouse clicks that must elapse before Windows won't consider it to be a double-click. To set the amount of time, you change the key's value. In this case, the default value is 500, measured in milliseconds, and you can edit the Registry to change it to whatever value you want, as shown in Figure 9-2. You can also make the changes using the Mouse Properties dialog box (Start Control Panel Printers and Other Hardware Mouse). When you make changes to that dialog box, the changes are in turn made in the Registry, which ultimately controls the setting. In essence, the dialog box is merely a convenient frontend to the Registry.

Figure 9-2. Editing a Registry key's value

A key can contain one or more values. Following are the five primary datatypes of values in the Registry:

REG_SZ (string value)

This datatype is easy to understand and edit because it is made up of plain text and numbers. It is one of the most common datatypes in the Registry. The value for DoubleClickSpeed, mentioned earlier in this hack, is of this type.

REG_MULTI_SZ (string array value)

This datatype contains several strings of plain text and numbers. The Registry Editor will let you edit these values, but it won't let you create them.

REG_EXPAND_SZ (expanded string value)

This datatype contains variables that Windows uses to point to the location of files. For example, to point to the location of the Luna theme file, the expanded string value in the Registry is %SystemRoot%\resources\Themes\Luna.theme.

REG_BINARY (binary value)

This datatype is made up of binary data: 0s and 1s. Figure 9-3 shows a typical example of a binary value. As a general rule, you won't edit binary valuesinstead you'll edit string values because they're made up of text and numbers, as shown in Figure 9-4.

Figure 9-3. Binary values

Figure 9-4. Editing string values

REG_DWORD (DWORD values)

This datatype is represented as a number. Sometimes a 0 turns on the key or a 1 turns off the key, though it can use other numbers as well. While you see and edit the value as a number, such as 456, the Registry itself views the number as a hexadecimal number, 1C8. Figure 9-5 shows a DWORD value being edited.

Figure 9-5. Editing DWORD values

9.2.3. Launching the Registry Editor

There's an upside and a downside to using XP's Registry Editor. The upside is that it's relatively simple to use. The downside is that it doesn't offer much functionality beyond basic Registry editing.

In some instances, when you make changes using the Registry the changes take effect as soon as you exit the Registry. In other instances, they'll take effect only after you log out and then log back in. And, in yet other instances, they'll take effect only after you restart Windows.

To run the Registry Editor, type regedit in the Run box or at a command prompt and press Enter. If this is the first time you've run the Registry Editor, it will open highlighting the HKEY_CURRENT_USER hive, as shown in Figure 9-6. If you've previously used the Registry Editor, it will open highlighting the last key you edited or the last place you were in the Registry.

Figure 9-6. Using the Registry Editor for the first time

You can browse through the Registry with the Registry Editor in the same way you browse through a hard disk using Windows Explorer. Clicking a + sign opens a key to reveal the next level down the hierarchy. Clicking a - sign closes the key.

The Registry can be several levels deep in keys and subkeys, so navigating it using a mouse can take a substantial amount of time. (Every time you open it, it jumps to the last-used key.) You can use shortcut keys, though, to more easily navigate through the Registry. The right-arrow key opens a key to reveal subkeys; the left-arrow key closes a key and moves one level up in the key hierarchy. To jump to the next subkey that begins with a specific letter, press that letter on the keyboard.

You use the Registry Editor to edit existing keys and values, create new keys and values, or delete existing keys and values. Again, sometimes the changes take effect as soon as you make the change and exit the Registry Editor; other times, you'll have to reboot for them to take effect. Keep in mind that there is no Save button. When you modify a value, it changes right then and there. There is also no Undo button, so make your changes carefully.

If you want to edit a particular key, an even faster way to navigate is to use the Find command from the Edit menu. (You can also use the Find command by pressing Ctrl-F.) To find successive keys with the same value, press the F3 key.

To edit the data associated with a value, double-click the value in the right pane of the Registry Editor; a box appears that lets you edit the value, as shown in Figure 9-7.

Figure 9-7. Editing a value

When you're editing the Registry, it's often hard to tell what key you're editing because the Registry Editor doesn't highlight that key. Instead, it shows only an open folder icon next to it, but it's easy to miss that icon. Check the status bar at the bottom of the Registry Editor; it should display the key you're editing. If it doesn't, choose View Status Bar from the Registry Editor menu.

To rename a key, select it and choose Edit Rename from the menu. You can also right-click the key and choose Edit Rename.

9.2.4. Adding and Deleting Keys and Values

Editing the Registry often requires that you add and delete keys and values. To add a new key, select the new key's parent key in the left pane. Then, choose Edit New Key from the menu. Type in the new key's name. You can also right-click the new key's parent key and choose Edit New Key. To delete a key, select it and press the Delete key.

Very often, you need to add values to a key for its changes to take effect. To add a value to a key, select the new key's parent key in the left pane. From the menu, choose Edit New, and from the submenu, select the type of value you want to create. We've already covered the five types of values you can create; as a reminder, they're detailed in Table 9-1.

Table 9-1. Values you'll encounter in the Registry

Value name

Registry datatype

String value

REG_SZ

Binary value

REG_BINARY

DWORD value

REG_DWORD

String array value

REG_MULTI_SZ

Expanded string value

REG_EXPAND_SZ

To create a new value, type in the name of the new value and press Enter. Press Enter again. The Edit String dialog box appears, as shown in Figure 9-7. Enter your data and press Enter.

9.2.5. See Also

  • For an excellent collection of Registry hacks, go to the Registry Guide for Windows at http://www.winguides.com/registry. Make sure to sign up for the newsletter that offers Registry advice and hacks.

    Related

    Категории