Windows registry is a special database used to store a lot of information about the system, user, network, and other components. The registry requires privileged access in order to read, write, change, and delete keys and their related values. In this tutorial, we will look at operations like reading, write, change, and delete on the registry.
Open Regedit
Regedit is a GUI tool used to list, write, change, delete, import, and export registry keys in Windows operating systems. Regedit can be opened in different ways but the most popular and easy ways are providing regedit command into windows run like below.
regedit
As previously stated operations on the registry need Administrator privileges following User Account Control prompt will appear to gain these privileges. We will simply click Yes
Registry Editor
We will get Registry Editor like below. Registry Editor left sidebar is used to navigate in registry tree and the right area is used to list currently selected keys, values, and sub keys.
We can see that following root or main keys are listed.
- HKEY_CLASSES_ROOT key contains file name extensions associations and COM class registration information
- HKEY_CURRENT_USER key contains preferences of the current user such as variables, printers, network connections etc
- HKEY_LOCAL_MACHINE key contains configurations about all users inWindows.
- HKEY_USERS key contains all user-specific data required by operations system and applications.
- HKEY_CURRENT_CONFIG key does not contain any information itself but acts as a pointer about the hardware information.
List Existing Key
As a GUI based editor, we can navigate from the left sidebar to the key we want to list. Another way to list a key is by searching it in the registry database. We can open the search form by simply using CTRL+F shortcut or using Edit -> Find from menu bar like below.
Now we will get a Find Form like below. We will input the search term. There are 3 structures we can specifically look we can disable some of them.
Keyswill search in keysValueswill search in valuesDatawill search in data
We can also set Match whole string only to match whole word not a part of word.
Keep in mind that the search operation will be done currently selected key and its subs keys recursively. For example, in the following screenshot the HKEY_CURRENT_USER key and subkeys will be searched. By selecting the Computer we can search in all keys and subkeys.
Add New Registery Key
We can add new key just clicking the keys we want to add as child.
Add New Data
We can add new data similar to key but we need to select one of the datatypes like below.
Following data types are provided
String Valueis generally used to store text or character data like user name, variable name etc.Binary Valueis used to store binary and boolean dataDWORD Valueis used to store 8 bit or 1-byte dataQDWORD Valueis used to store 16 bit or 2-byte dataMulti-String Valueis used to store multiple string valuesExpendable String Value
Remove Registry Key
Registry key can be removed with right click on the key we want to remove.
Remove Registry Data
Removing data is similar to the removing key. We will just right click to the key we want to delete where this will open a menu and then left-click to the Delete from the menu like below.
Modify Registry Data
We can modify registry data like below. We will just right click to the key we want to delete where this will open a menu and then left-click to the Modify from the menu like below.
