Windows Registry
The Windows Registry is a unnecessarily nested key-value store.
Windows for Workgroups 3.11
The following things were noticed after installing the 16-bit version of Internet Explorer 5.01.
REGEDIT.EXE
This one is bundled with the operating system. Run it with the /v flag to make it actually usable.
- It only sees the type registrations (
HKEY_CLASSES_ROOTinREGEDT16.EXE). - In verbose mode, spaces in keys are replaced with
#. - There is only one value per key (
(Default)inREGEDT16.EXE), and it is always a string. - A "Revert to Last Save" menu item exists.
- Data is stored in
%WINDIR%\REG.DAT.[1] - Separate
REGEDIT.HLPandREGEDITV.HLPfiles exist. The latter is used for the Help menu when running in verbose mode. - Verbose mode takes significantly longer to start than standard mode.
REGEDT16.EXE
This one comes with the 16-bit version of Internet Explorer 5.01.
- This gets dumped into
%WINDIR%\SYSTEMunlike the nativeREGEDIT.EXE - The About dialog states this is for both Windows 3.1 and Windows NT 3.51.
HKEY_CURRENT_USERandHKEY_LOCAL_MACHINEare present too.- String, Binary, and DWORD are the only types.
- Data is stored in
%WINDIR%\REG16X2.DAT.[2] REG16X2.Ennfor 00-99 are created next to the file for each installation and uninstallation attempt.- The program starts significantly more quickly than
REGEDIT.EXE /V. %WINDIR%\SYSTEM\REGDATAalso gets created with a bunch of.BINfiles. They are full of strings about certificate authorities. Microsoft states this directory is used for Terminal Server licensing, but the timestamps of the files show that they were created with the IE5 installation.[3]
Native .REG file format
This section details the native format understood by Windows 3.1. 16-bit Internet Explorer 5.01 and the like instead use the newer REGEDIT4 format.
- The first line is
REGEDITwith no version afterwards. Contrast this withREGEDIT4andWindows Registry Editor Version 5.00present in later versions. HKEY_CLASSES_ROOTis explicitly prepended to every key. Contrast this withREGEDIT.EXE /Vstrongly implying that the root is\instead.- Every processed line has the format
HKEY_CLASSES_ROOT\path\to\key = Value of key. - Lines that do not start with
HKEY_CLASSES_ROOTare ignored; no special character is needed to start a comment.[4] - If the
=and value are omitted, the key is created without a value. - Escape sequences are not understood.
Hive file format
The native and IE5 file formats appear to be the same despite the enhanced functionality in the IE5 registry; they both even start with the same header (SHCC3.10). hivex 1.3.23 does not understand the format, saying "not a Windows NT Registry hive file".[5] There is an undated document written by B.D. detailing the format of the Windows 3.1 registry and how it differs from later versions.[6]
TODO: figure out where all the REGEDIT4-style data gets stored in the Windows 3.1-style REG16X2.DAT
KB articles
- Q78346: Windows: Maximum Valid Size for REG.DAT and .INI Files (variants)
- Q80393: How to Rebuild the Default Windows REG.DAT File (variants)
- Q81530: Cannot Use How To Use Help in Registration Editor (variants)
- Q82144: REG.DAT May Need Update if Both Windows 3.0, 3.1 Installed (variants)
- Q82650: OLE: SETUP.REG Can Be Used to Repair REG.DAT (variants)
- Q82810: Where Windows Searches for REG.DAT (variants)
- Q82814: Re-Registering .REG Files (variants)
- Q82821: Registration Info Editor (REGEDIT) Command-Line Switches (variants)
- Q84791: Associating Files and Passing Command-Line Parameters (variants)
- Q85326: Windows Err Msg: Failed to Register Server (variants)
References
- ↑ https://en.wikipedia.org/wiki/Windows_Registry#Windows_3.11
- ↑ https://win31.de/etips.htm
- ↑ https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/terminal-server-licensing
- ↑
%WINDIR%\SYSTEM\SETUP.REGline 4 - ↑ https://github.com/libguestfs/hivex/blob/v1.3.23/lib/handle.c#L174
- ↑ https://web.archive.org/web/20110107144933fw_/http://files.volatileminds.net/winreg.txt
