Windows Registry
Dan Tobias (Talk | contribs) (→Windows 3.11) |
Dan Tobias (Talk | contribs) (→Links) |
||
| Line 30: | Line 30: | ||
* [http://www.forensicswiki.org/wiki/Windows_Registry Forensics Wiki: Windows Registry] | * [http://www.forensicswiki.org/wiki/Windows_Registry Forensics Wiki: Windows Registry] | ||
* [[Wikipedia:Windows Registry|Wikipedia: Windows Registry]] | * [[Wikipedia:Windows Registry|Wikipedia: Windows Registry]] | ||
| + | * [http://msdn.microsoft.com/en-us/library/ms724871.aspx MSDN registry reference] | ||
* [https://tzworks.net/prototype_page.php?proto_id=3 Yet Another Registry Utility (yaru)] | * [https://tzworks.net/prototype_page.php?proto_id=3 Yet Another Registry Utility (yaru)] | ||
Revision as of 02:06, 25 October 2013
The Windows Registry is used in various versions of Microsoft Windows to hold a number of configuration settings that affect how Windows and programs running under Windows run. The location and format differs by version of Windows.
Contents[hide] |
Windows 3.11
The registry file is called REG.DAT and is in the %WINDIR% directory (the directory configured as the one holding system files).
Windows 9x, ME
The registry is stored as USER.DAT and SYSTEM.DAT in the %WINDIR% directory, and also CLASSES.DAT in Windows ME. There may also be separate USER.DAT files in user profile directories.
Windows NT and up
The registry is stored in binary files in %SystemRoot%\System32\Config\.
.REG files
Registry entries can be exported in a text-based format as .REG files. In Windows 2000 and later, the file begins with "Windows Registry Editor Version 5.00", while earlier versions began with "REGEDIT4".
