1 / 20

Microsoft Windows Internals, 4 ed

Microsoft Windows Internals, 4 ed. Chapter 4. Management Mechanisms The Registry 965202095 謝承璋 2008 年 05 月 07 日. Introduction. The registry is the repository for both systemwide and per-user settings. Regedit.exe A tool for editing the registry.

annora
Download Presentation

Microsoft Windows Internals, 4 ed

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft Windows Internals, 4ed • Chapter 4. Management Mechanisms • The Registry 965202095謝承璋 2008年05月07日

  2. Introduction • The registry is the repository for both systemwide and per-user settings. • Regedit.exe • A tool for editing the registry. • Windows Server 2003 Deployment Kit http://www.microsoft.com/windowsserver2003/techinfo/reskit/deploykit.mspx.

  3. Registry Usage • 3 principal times that configuration data is read: • During the boot process. • During login. • During applications' startup. • On an idle system there should be no registry activity.

  4. Registry Data Types • The registry is a database whose structure is similar to that of a disk volume. • The registry contains keys, which are similar to a disk's directories, and values, which are comparable to files on a disk. • A key is a container that can consist of subkeys or values. • Values store data. • Top-level keys are root keys. • Only root keys are not subkeys.

  5. Registry Data Types (Cont.) • Regedit displays the unnamed value as (Default). • The majority of registry values are REG_DWORD, REG_BINARY, or REG_SZ. • The REG_LINK type lets a key transparently point to another key or value. • Links aren't saved; they must be dynamically created after each reboot.

  6. Registry Value Type

  7. Table 4-2. The Six Root Keys

  8. Registry Logical Structure • Why do root-key names begin with an H? • Because the root-key names represent Windows handles (H) to keys (KEY).

  9. HKEY_CURRENT_USER • The HKCU root key contains • the preferences and software configuration of the locally logged-on user. • It points to the currently logged-on user's user profile, located on the hard disk at • \Documents and Settings\<username>\Ntuser.dat.

  10. HKEY_USERS • HKU contains • a subkey for each loaded user profile and user class registration database on the system. • It also contains a subkey named HKU\.DEFAULT that is linked to the profile for the system.

  11. HKEY_USERS (Cont.) • The following registry value defines the location of system profiles • HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\ProfilesDirectory. • It is by default set to • %SystemDrive%\Documents and Settings.

  12. Figure 4-1. The User Profiles Management Dialog Box

  13. HKEY_CLASSES_ROOT • The data under HKEY_CLASSES_ROOT comes from two sources: • 1. The per-user class registration data in HKCU\SOFTWARE\Classes • 2. Systemwide class registration data in HKLM\SOFTWARE\Classes

  14. HKEY_CLASSES_ROOT (Cont.) • The reason that there is a separation of per-user registration data from systemwide registration data is customizations. • Nonprivileged users can read systemwide data. • They can add new keys and values to systemwide data (which are mirrored in their per-user data). • But they can modify existing keys and values in their private data only.

  15. HKEY_LOCAL_MACHINE • HKLM is the root key that contains all the systemwide configuration subkeys: • HARDWARE • SAM • SECURITY • SOFTWARE • SYSTEM.

  16. HKLM • The HKLM\HARDWARE subkey maintains descriptions of the system's hardware and all hardware device-to-driver mappings. • HKLM\SAM holds local account and group information, such as user passwords, group definitions, and domain associations. • HKLM\SECURITY stores systemwide security policies and user-rights assignments. • HKLM\SAM is linked into the SECURITY subkey under HKLM\SECURITY\SAM.

  17. HKLM (Cont.) • HKLM\SOFTWARE is where Windows stores systemwide configuration information not needed to boot the system. • HKLM\SYSTEM contains the systemwide configuration information needed to boot the system, such as which device drivers to load and which services to start. • last known good control set

  18. HKEY_CURRENT_CONFIG • HKEY_CURRENT_CONFIG is just a link to the current hardware profile, stored under HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current.

  19. HKEY_PERFORMANCE_DATA • You won't find HKEY_PERFORMANCE_DATA by looking in the Registry Editor. • This key is available only programmatically through the Windows registry functions, such as • RegQueryValueEx. • Performance Data Helper API (Pdh.dll).

  20. Figure 4-2. Registry performance counter architecture

More Related