Windows Registry: Difference between revisions
(→KB articles: Add other KB articles) |
(Switch to new KB template) |
||
(14 intermediate revisions by the same user not shown) | |||
Line 10: | Line 10: | ||
*It only sees the type registrations (<code>HKEY_CLASSES_ROOT</code> in <code>REGEDT16.EXE</code>). |
*It only sees the type registrations (<code>HKEY_CLASSES_ROOT</code> in <code>REGEDT16.EXE</code>). |
||
* |
*In verbose mode, spaces in keys are replaced with <code>#</code>. |
||
*There is only one value per key (<code>(Default)</code> in <code>REGEDT16.EXE</code>), and it is always a string. |
*There is only one value per key (<code>(Default)</code> in <code>REGEDT16.EXE</code>), and it is always a string. |
||
*A "Revert to Last Save" menu item exists. |
*A "Revert to Last Save" menu item exists. |
||
*Data is stored in <code>%WINDIR%\REG.DAT</code>.<ref>https://en.wikipedia.org/wiki/Windows_Registry#Windows_3.11</ref> |
*Data is stored in <code>%WINDIR%\REG.DAT</code>.<ref>https://en.wikipedia.org/wiki/Windows_Registry#Windows_3.11</ref> |
||
*Separate <code>REGEDIT.HLP</code> and <code>REGEDITV.HLP</code> files exist. The latter is used for the Help menu when running in verbose mode. |
*Separate <code>REGEDIT.HLP</code> and <code>REGEDITV.HLP</code> files exist. The latter is used for the Help menu when running in verbose mode. |
||
*Verbose mode takes significantly longer to start than standard mode. |
|||
=== <code>REGEDT16.EXE</code> === |
=== <code>REGEDT16.EXE</code> === |
||
Line 20: | Line 21: | ||
This one comes with the 16-bit version of Internet Explorer 5.01. |
This one comes with the 16-bit version of Internet Explorer 5.01. |
||
*This gets dumped into <code>%WINDIR%\SYSTEM</code> unlike the native <code>REGEDIT.EXE</code> |
|||
*The About dialog states this is for both Windows 3.1 and Windows NT 3.51. |
*The About dialog states this is for both Windows 3.1 and Windows NT 3.51. |
||
*<code>HKEY_CURRENT_USER</code> and <code>HKEY_LOCAL_MACHINE</code> are present too. |
*<code>HKEY_CURRENT_USER</code> and <code>HKEY_LOCAL_MACHINE</code> are present too. |
||
*String, Binary, and DWORD are the only types. |
*String, Binary, and DWORD are the only types. |
||
*Data is stored in <code>%WINDIR%\REG16X2.DAT</code>.<ref>https://win31.de/etips.htm</ref> |
*Data is stored in <code>%WINDIR%\REG16X2.DAT</code>.<ref>https://win31.de/etips.htm</ref> |
||
*<code>REG16X2.E<em>nn</em></code> for 00-99 are created next to the file for each installation and uninstallation attempt. |
*<code>REG16X2.E<em>nn</em></code> for 00-99 are created next to the file for each installation and uninstallation attempt. |
||
*The program starts significantly more quickly than <code>REGEDIT.EXE /V</code>. |
|||
*<code>%WINDIR%\SYSTEM\REGDATA</code> also gets created with a bunch of <code>.BIN</code> files. They are full of strings about certificate authorities. Microsoft states this directory is used for Terminal Server licensing, but the timestamps of the files show that they were created with the IE5 installation.<ref>https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/terminal-server-licensing</ref> |
|||
=== Native <code>.REG</code> file format === |
|||
This section details the <em>native</em> format understood by Windows 3.1. 16-bit Internet Explorer 5.01 and the like instead use the newer <code>REGEDIT4</code> format. |
|||
*The first line is <code>REGEDIT</code> with no version afterwards. Contrast this with <code>REGEDIT4</code> and <code>Windows Registry Editor Version 5.00</code> present in later versions. |
|||
*<code>HKEY_CLASSES_ROOT</code> is explicitly prepended to every key. Contrast this with <code>REGEDIT.EXE /V</code> strongly implying that the root is <code>\</code> instead. |
|||
*Every processed line has the format <code>HKEY_CLASSES_ROOT\path\to\key = Value of key</code>. |
|||
*Lines that do not start with <code>HKEY_CLASSES_ROOT</code> are ignored; no special character is needed to start a comment.<ref><code>%WINDIR%\SYSTEM\SETUP.REG</code> line 4</ref> |
|||
*If the <code> = </code> and value are omitted, the key is created without a value. |
|||
*Escape sequences are not understood. |
|||
=== Hive file format === |
|||
The native and IE5 file formats appear to be the same despite the enhanced functionality in the IE5 registry; they both even start with the same header (<code>SHCC3.10</code>). hivex 1.3.23 does not understand the format, saying "not a Windows NT Registry hive file".<ref>https://github.com/libguestfs/hivex/blob/v1.3.23/lib/handle.c#L174</ref> There is an undated document written by B.D. detailing the format of the Windows 3.1 registry and how it differs from later versions.<ref>https://web.archive.org/web/20110107144933fw_/http://files.volatileminds.net/winreg.txt</ref> |
|||
TODO: figure out where all the REGEDIT4-style data gets stored in the Windows 3.1-style <code>REG16X2.DAT</code> |
|||
=== KB articles === |
=== KB articles === |
||
* |
*{{KB|Q78346|Windows: Maximum Valid Size for REG.DAT and .INI Files}} |
||
* |
*{{KB|Q80393|How to Rebuild the Default Windows REG.DAT File}} |
||
* |
*{{KB|Q81530|Cannot Use How To Use Help in Registration Editor}} |
||
* |
*{{KB|Q82144|REG.DAT May Need Update if Both Windows 3.0, 3.1 Installed}} |
||
* |
*{{KB|Q82650|OLE: SETUP.REG Can Be Used to Repair REG.DAT}} |
||
* |
*{{KB|Q82810|Where Windows Searches for REG.DAT}} |
||
* |
*{{KB|Q82814|Re-Registering .REG Files}} |
||
* |
*{{KB|Q82821|Registration Info Editor (REGEDIT) Command-Line Switches}} |
||
*{{KB|Q84791|Associating Files and Passing Command-Line Parameters}} |
|||
* |
*{{KB|Q85326|Windows Err Msg: Failed to Register Server}} |
||
== References == |
== References == |
||
Line 42: | Line 64: | ||
<references /> |
<references /> |
||
[[Category:File Formats]] |
|||
[[Category:Windows]] |
[[Category:Windows]] |
Latest revision as of 02:33, 31 October 2023
The Windows Registry is a unnecessarily nested key-value store.
Windows for Workgroups 3.11
The following things were noticed after installing the 16-bit version of Internet Explorer 5.01.
REGEDIT.EXE
This one is bundled with the operating system. Run it with the /v
flag to make it actually usable.
- It only sees the type registrations (
HKEY_CLASSES_ROOT
inREGEDT16.EXE
). - In verbose mode, spaces in keys are replaced with
#
. - There is only one value per key (
(Default)
inREGEDT16.EXE
), and it is always a string. - A "Revert to Last Save" menu item exists.
- Data is stored in
%WINDIR%\REG.DAT
.[1] - Separate
REGEDIT.HLP
andREGEDITV.HLP
files exist. The latter is used for the Help menu when running in verbose mode. - Verbose mode takes significantly longer to start than standard mode.
REGEDT16.EXE
This one comes with the 16-bit version of Internet Explorer 5.01.
- This gets dumped into
%WINDIR%\SYSTEM
unlike the nativeREGEDIT.EXE
- The About dialog states this is for both Windows 3.1 and Windows NT 3.51.
HKEY_CURRENT_USER
andHKEY_LOCAL_MACHINE
are present too.- String, Binary, and DWORD are the only types.
- Data is stored in
%WINDIR%\REG16X2.DAT
.[2] REG16X2.Enn
for 00-99 are created next to the file for each installation and uninstallation attempt.- The program starts significantly more quickly than
REGEDIT.EXE /V
. %WINDIR%\SYSTEM\REGDATA
also gets created with a bunch of.BIN
files. They are full of strings about certificate authorities. Microsoft states this directory is used for Terminal Server licensing, but the timestamps of the files show that they were created with the IE5 installation.[3]
Native .REG
file format
This section details the native format understood by Windows 3.1. 16-bit Internet Explorer 5.01 and the like instead use the newer REGEDIT4
format.
- The first line is
REGEDIT
with no version afterwards. Contrast this withREGEDIT4
andWindows Registry Editor Version 5.00
present in later versions. HKEY_CLASSES_ROOT
is explicitly prepended to every key. Contrast this withREGEDIT.EXE /V
strongly implying that the root is\
instead.- Every processed line has the format
HKEY_CLASSES_ROOT\path\to\key = Value of key
. - Lines that do not start with
HKEY_CLASSES_ROOT
are ignored; no special character is needed to start a comment.[4] - If the
=
and value are omitted, the key is created without a value. - Escape sequences are not understood.
Hive file format
The native and IE5 file formats appear to be the same despite the enhanced functionality in the IE5 registry; they both even start with the same header (SHCC3.10
). hivex 1.3.23 does not understand the format, saying "not a Windows NT Registry hive file".[5] There is an undated document written by B.D. detailing the format of the Windows 3.1 registry and how it differs from later versions.[6]
TODO: figure out where all the REGEDIT4-style data gets stored in the Windows 3.1-style REG16X2.DAT
KB articles
- Q78346: Windows: Maximum Valid Size for REG.DAT and .INI Files (variants)
- Q80393: How to Rebuild the Default Windows REG.DAT File (variants)
- Q81530: Cannot Use How To Use Help in Registration Editor (variants)
- Q82144: REG.DAT May Need Update if Both Windows 3.0, 3.1 Installed (variants)
- Q82650: OLE: SETUP.REG Can Be Used to Repair REG.DAT (variants)
- Q82810: Where Windows Searches for REG.DAT (variants)
- Q82814: Re-Registering .REG Files (variants)
- Q82821: Registration Info Editor (REGEDIT) Command-Line Switches (variants)
- Q84791: Associating Files and Passing Command-Line Parameters (variants)
- Q85326: Windows Err Msg: Failed to Register Server (variants)
References
- ↑ https://en.wikipedia.org/wiki/Windows_Registry#Windows_3.11
- ↑ https://win31.de/etips.htm
- ↑ https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/terminal-server-licensing
- ↑
%WINDIR%\SYSTEM\SETUP.REG
line 4 - ↑ https://github.com/libguestfs/hivex/blob/v1.3.23/lib/handle.c#L174
- ↑ https://web.archive.org/web/20110107144933fw_/http://files.volatileminds.net/winreg.txt