Windows Registry
From Just Solve the File Format Problem
(Difference between revisions)
Dan Tobias (Talk | contribs) (Move primary category to Configuration Files) |
Dexvertbot (Talk | contribs) m (→Sample files) |
||
| (6 intermediate revisions by 4 users not shown) | |||
| Line 4: | Line 4: | ||
|subcat2=Windows configuration files | |subcat2=Windows configuration files | ||
|extensions={{ext|dat}}, {{ext|reg}} | |extensions={{ext|dat}}, {{ext|reg}} | ||
| + | |kaitai struct=regf | ||
}} | }} | ||
The [[Windows Registry]] is used in various versions of Microsoft [[Windows]] to hold a number of configuration settings that affect how Windows and programs running under Windows run. Registry contents are stored in several separate files called hives, whose location and format differ by version of Windows. | The [[Windows Registry]] is used in various versions of Microsoft [[Windows]] to hold a number of configuration settings that affect how Windows and programs running under Windows run. Registry contents are stored in several separate files called hives, whose location and format differ by version of Windows. | ||
| Line 15: | Line 16: | ||
The registry is stored as USER.DAT and SYSTEM.DAT in the %WINDIR% directory, and also CLASSES.DAT in Windows ME. There may also be separate USER.DAT files in user profile directories. | The registry is stored as USER.DAT and SYSTEM.DAT in the %WINDIR% directory, and also CLASSES.DAT in Windows ME. There may also be separate USER.DAT files in user profile directories. | ||
| − | * [ | + | * [{{ForensicsWikiURL|windows_9x_registry_file_%28creg%29}} Forensics Wiki: Windows 9x Registry File (CREG)] |
== Windows NT and up == | == Windows NT and up == | ||
| Line 21: | Line 22: | ||
The registry is stored in binary files in %SystemRoot%\System32\Config\. | The registry is stored in binary files in %SystemRoot%\System32\Config\. | ||
| − | * [ | + | * [{{ForensicsWikiURL|windows_nt_registry_file_%28regf%29}} Forensics Wiki: Windows NT Registry File (REGF)] |
== .REG files == | == .REG files == | ||
| − | |||
Registry entries can be exported in a text-based, [[INI]]-like format as .REG files. In Windows 2000 and later, the file begins with "Windows Registry Editor Version 5.00", while earlier versions began with "REGEDIT4". | Registry entries can be exported in a text-based, [[INI]]-like format as .REG files. In Windows 2000 and later, the file begins with "Windows Registry Editor Version 5.00", while earlier versions began with "REGEDIT4". | ||
| + | |||
| + | == Sample files == | ||
| + | * {{DexvertSamples|text/reg}} | ||
| + | * {{DexvertSamples|other/registryHive}} | ||
== Links == | == Links == | ||
* [https://github.com/libguestfs/hivex hivex] | * [https://github.com/libguestfs/hivex hivex] | ||
| − | * [ | + | * [{{ForensicsWikiURL|windows_registry}} Forensics Wiki: Windows Registry] |
* [[Wikipedia:Windows Registry|Wikipedia: Windows Registry]] | * [[Wikipedia:Windows Registry|Wikipedia: Windows Registry]] | ||
* [http://msdn.microsoft.com/en-us/library/ms724871.aspx MSDN registry reference] | * [http://msdn.microsoft.com/en-us/library/ms724871.aspx MSDN registry reference] | ||
* [https://tzworks.net/prototype_page.php?proto_id=3 Yet Another Registry Utility (yaru)] | * [https://tzworks.net/prototype_page.php?proto_id=3 Yet Another Registry Utility (yaru)] | ||
| + | * [https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md regf/Windows registry file format specification.md] | ||
| + | |||
[[Category:Microsoft]] | [[Category:Microsoft]] | ||
| + | [[Category:Windows]] | ||
[[Category:System files]] | [[Category:System files]] | ||
| + | [[Category:File formats with a distinctive filename]] | ||
Latest revision as of 04:36, 28 December 2023
The Windows Registry is used in various versions of Microsoft Windows to hold a number of configuration settings that affect how Windows and programs running under Windows run. Registry contents are stored in several separate files called hives, whose location and format differ by version of Windows.
Contents |
[edit] Windows 3.11
The registry file is called REG.DAT and is in the %WINDIR% directory (the directory configured as the one holding system files).
[edit] Windows 9x, ME
The registry is stored as USER.DAT and SYSTEM.DAT in the %WINDIR% directory, and also CLASSES.DAT in Windows ME. There may also be separate USER.DAT files in user profile directories.
[edit] Windows NT and up
The registry is stored in binary files in %SystemRoot%\System32\Config\.
[edit] .REG files
Registry entries can be exported in a text-based, INI-like format as .REG files. In Windows 2000 and later, the file begins with "Windows Registry Editor Version 5.00", while earlier versions began with "REGEDIT4".
