The Registry is one of the key elements on a windows system. It contains a lot of information on various aspects of the operating system. Almost all applications installed on a windows system interact with the registry in some form or the other.
The Registry contains two basic elements: keys and values. Registry keys are container objects similar to folders. Registry values are non-container objects similar to files. Keys may contain values or further keys. Keys are referenced with a syntax similar to Windows' path names, using backslashes to indicate levels of hierarchy.
This chapter looks at various functions such as querying values, adding, deleting and editing values from the registry.
Reading from the Registry
Reading from the registry is done via the REG QUERY command. This command can be used to retrieve values of any key from within the registry.
Syntax
REG QUERY [ROOT\]RegKey /v ValueName [/s] REG QUERY [ROOT\]RegKey /ve --This returns the (default) value
Where RegKey is the key which needs to be searched for in the registry.
Example
@echo off REG QUERY HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows\
The above command will query all the keys and their respective values under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows\
Output
The output will display all the keys and values under the registry key.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows\
This location in the registry has some key information about the windows system such as the System Directory location.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows Directory REG_EXPAND_SZ %SystemRoot% SystemDirectory REG_EXPAND_SZ %SystemRoot%\system32 NoInteractiveServices REG_DWORD 0x1 CSDBuildNumber REG_DWORD 0x4000 ShellErrorMode REG_DWORD 0x1 ComponentizedBuild REG_DWORD 0x1 CSDVersion REG_DWORD 0x0 ErrorMode REG_DWORD 0x0 CSDReleaseType REG_DWORD 0x0 ShutdownTime REG_BINARY 3AFEF5D05D46D101
Adding to the Registry
Adding to the registry is done via the REG ADD command. Note that in order to add values to the registry you need to have sufficient privileges on the system to perform this operation.
Syntax
The REG ADD command has the following variations. In the second variation, no name is specified for the key and it will add the name of “(Default)” for the key.
REG ADD [ROOT\]RegKey /v ValueName [/t DataType] [/S Separator] [/d Data] [/f] REG ADD [ROOT\]RegKey /ve [/d Data] [/f]
Where
ValueName − The value, under the selected RegKey, to edit.
/d Data − The actual data to store as a "String", integer, etc.
/f − Force an update without prompting "Value exists, overwrite Y/N".
/S Separator − Character to use as the separator in REG_MULTI_SZ values. The default is "\0".
/t DataType − These are the data types defined as per the registry standards which can be −
REG_SZ (default)
REG_DWORD
REG_EXPAND_SZ
REG_MULTI_SZ
Example
@echo off REG ADD HKEY_CURRENT_USER\Console /v Test /d "Test Data" REG QUERY HKEY_CURRENT_USER\Console /v Test
In the above example, the first part is to add a key into the registry under the location HKEY_CURRENT_USER\Console. This key will have a name of Test and the value assigned to the key will be Test Data which will be of the default string type.
The second command just displays what was added to the registry by using the REG QUERY command.
Output
Following will be the output of the above program. The first line of the output shows that the ‘Add’ functionality was successful and the second output shows the inserted value into the registry.
The operation completed successfully. HKEY_CURRENT_USER\Console Test REG_SZ Test Data
Deleting from the Registry
Deleting from the registry is done via the REG DEL command. Note that in order to delete values from the registry you need to have sufficient privileges on the system to perform this operation.
Syntax
The REG DELETE command has the following variations. In the second variation, the default value will be removed and in the last variation all the values under the specified key will be removed.
REG DELETE [ROOT\]RegKey /v ValueName [/f] REG DELETE [ROOT\]RegKey /ve [/f] REG DELETE [ROOT\]RegKey /va [/f]
Where
ValueName − The value, under the selected RegKey, to edit.
/f − Force an update without prompting "Value exists, overwrite Y/N".
Example
@echo off REG DELETE HKEY_CURRENT_USER\Console /v Test /f REG QUERY HKEY_CURRENT_USER\Console /v Test
In the above example, the first part is to delete a key into the registry under the location HKEY_CURRENT_USER\Console. This key has the name of Test. The second command just displays what was deleted to the registry by using the REG QUERY command. From this command, we should expect an error, just to ensure that our key was in fact deleted.
Output
Following will be the output of the above program. The first line of the output shows that the ‘Delete’ functionality was successful and the second output shows an error which was expected to confirm that indeed our key was deleted from the registry.
The operation completed successfully. ERROR: The system was unable to find the specified registry key or value.
Copying Registry Keys
Copying from the registry is done via the REG COPY command. Note that in order to copy values from the registry, you need to have sufficient privileges on the system to perform this operation on both the source location and the destination location.
Syntax
REG COPY [\\SourceMachine\][ROOT\]RegKey [\\DestMachine\][ROOT\]RegKeyExample
@echo off REG COPY HKEY_CURRENT_USER\Console HKEY_CURRENT_USER\Console\Test REG QUERY HKEY_CURRENT_USER\Console\TestIn the above example, the first part is to copy the contents from the location HKEY_CURRENT_USER\Console into the location HKEY_CURRENT_USER\Console\Test on the same machine. The second command is used to query the new location to check if all the values were copied properly.
Output
Following is the output of the above program. The first line of the output shows that the ‘Copy’ functionality was successful and the second output shows the values in our copied location.
The operation completed successfully. HKEY_CURRENT_USER\Console\Test HistoryNoDup REG_DWORD 0x0 FullScreen REG_DWORD 0x0 ScrollScale REG_DWORD 0x1 ExtendedEditKeyCustom REG_DWORD 0x0 CursorSize REG_DWORD 0x19 FontFamily REG_DWORD 0x0 ScreenColors REG_DWORD 0x7 TrimLeadingZeros REG_DWORD 0x0 WindowSize REG_DWORD 0x190050 LoadConIme REG_DWORD 0x1 PopupColors REG_DWORD 0xf5 QuickEdit REG_DWORD 0x0 WordDelimiters REG_DWORD 0x0 ColorTable10 REG_DWORD 0xff00 ColorTable00 REG_DWORD 0x0 ColorTable11 REG_DWORD 0xffff00 ColorTable01 REG_DWORD 0x800000 ColorTable12 REG_DWORD 0xff
Comparing Registry Keys
Comparing registry keys is done via the REG COMPARE command.
Syntax
REG COMPARE [ROOT\]RegKey [ROOT\]RegKey [/v ValueName] [Output] [/s] REG COMPARE [ROOT\]RegKey [ROOT\]RegKey [/ve] [Output] [/s]
Wherein Output − /od (only differences) /os (only matches) /oa (all) /on (no output).
Example
@echo off REG COMPARE HKEY_CURRENT_USER\Console HKEY_CURRENT_USER\Console\Test
The above program will compare all of the values between the registry keys HKEY_CURRENT_USER\Console & HKEY_CURRENT_USER\Console\Test.
Output
Result Compared: Identical The operation completed successfully.
If there is a difference between the values in either registry key, it will be shown in the output as shown in the following result. The following output shows that the value ‘EnableColorSelection’ is extra I the registry key ‘HKEY_CURRENT_USER\Console’.
< Value: HKEY_CURRENT_USER\Console EnableColorSelection REG_DWORD 0x0 Result Compared: Different The operation completed successfully.
沒有留言:
張貼留言