Inside the Windows 95 and NT Registry
Last updated August 20, 1996
O'Reilly & Associates has just released its first book for Windows
programmers, Inside the Windows 95 Registry by Ron Petrusha (edited by Andrew Schulman). The book also has
extensive overage of the registry in Windows NT. This book should be
available in bookstores by early September 1996. Right now, you can
order the book online.
This web page will be used for updates to the book and as a
collection of information on the registry in Windows 95 and Windows
NT. Of course, we'll also be advertising the book here. :-)
- Brief description of Inside the Windows 95
Registry
- Order Inside the Windows 95 Registry
online (550 pages; ISBN 1-56592-170-4; $32.95 US)
- An excerpt from Inside the Windows 95
Registry
, on Registry Locking and the internal use of mutexes in the Windows 95 implementation of the Win32 registry API.
- Cool new RegMon utility by Mark
Russinovich and Bryce Cogswell. Inside the Windows 95
Registry will come with a disk of registry utilities, including
not only REGMON, but also an even more informative (though admittedly
harder to use!) utility than REGMON, called RegSpy95, which was written by Alex Shmidt.
- NTRegMon utility by Mark Russinovich
and Bryce Cogswell. The authors say they have developed a new
system-monitoring technique for NT that allows an NT program to hook
"many more system events than previously thought possible."
- WREGCGI
is a registry browser based on Win-CGI. In case browsing someone
else's registry sounds like an odd thing to do, remember that
Microsoft's own Registry Editor supports remote registry access. But
WREGCGI uses Win-CGI, rather than
the RegConnectRegistry API, to provide remote registry access.
You can even link to specific locations within the registry, such as
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion. Of course, it only provides read-only
access.
The WREGCGI
source code still shows how simple all this is: WREGCGI really
does little more than enumerate the registry into HTML tables. HTML
tables are nice because the web browser has to do all the work of
figuring out column widths based on the text within each column. The
web browser also has to wrap lines within columns. In other words,
WREGCGI doesn't have to worry about this. It just outputs HTML with
rows of data, which look like this:
"<TR><TD>foo<TD>bar</TR>".
- The
Windows 95 Registry, Part 1 by Barry Simon (PC Magazine,
October 24, 1995)
Part 2
(PC Magazine, November 7, 1995)
Part 3
(PC Magazine, January 9, 1996)
-
Customizing Windows 95 with REGEDIT Macros by Matt Walkington.
-
Windows 95 Registry FAQ by Kent Bentkowski.
Click here to order ($32.95 US)
The Complete Guide for Creating Registry-Enabled Applications
The registry is a centralized database for Windows system and
application configuration information; its settings control the
behavior that appears to be "built in" to Windows and Windows NT.
For example, when the user clicks on an executable file, the
operating system "knows" to run it based exclusively on data from the
registry.
But since its appearance in Windows NT 3.1 and now in Windows 95, the
registry was and is a sparsely documented structure that has invited
fear, uncertainty, and dread. As a result, many developers have
avoided the registry, while others have failed to fully exploit the
power of the registry as a database for their applications'
configuration information.
Inside the Windows 95 Registry addresses the needs of both
groups of developers by demystifying the registry, showing how the
Win32 registry API can be used to get information into and out of the
registry, and examining the kinds of system, application, and user
information that applications can store in the registry. The book
features:
- Coverage of the registry in both Windows 95 and Windows NT 3.x and
4.0 that allows developers to create 32-bit applications that run on
both platforms.
- Numerous coding examples in both C and Visual Basic.
- Numerous undocumented topics, like the registry locking scheme,
accessing the Windows 95 registry from Win16 and DOS programs, how
the Win32 registry API is implemented in Windows 95, and bugs in the
registry API when used for remote registry access under Windows 95.
- Documentation of numerous registry settings. This, along with the
book's thorough discussion of RegEdit and its presentation of
graduated techniques for backing up the registry and restoring a
damaged registry, makes the book important for system administrators
and "power users" as well as developers.
- Thorough coverage of Remote Registry Access.
The diskette accompanying Inside the Windows 95 Registry features a
diverse collection of registry tools and utilities, including:
- RegSpy95, a configurable spying
utility by Alex Shmidt that intercepts all calls to the registry from
the Windows Virtual Machine Manager. Using RegSpy95, you can see what
data Windows 95 and individual applications write to and read from
the registry; and you can even see what data Windows and applications
look for, but fail to find, in the registry.
- A design-time version of the Desaware Registry Control, a custom
control for Visual Basic programmers who don't want to directly call
the registry API.
- OREGLIB.DLL, a collection of "convenience functions" that C and
Visual Basic programmers can use to make registry access less
painful.
RegMon: Windows 95 Registry Monitor
Copyright (c) 1996 Mark Russinovich and Bryce Cogswell
Click here to download REGMON.ZIP.
Regmon is a GUI/VxD combination that monitors and displays
information about all registry accesses. Since it includes a Virtual
Device Driver (VxD) that watches registry activity at the Virtual
Machine Manager (VMM) level, it will catch accesses made by all
applications, including Windows itself. RegMon will be described in
more detail in an article on "Examining the Windows 95 Registry,"
coming up in the October 1996 issue of Windows Developers
Journal.
The tool is useful for a variety of purposes:
- Watching key creation as applications install
- Learning about undocumented application settings
- Determining where Windows 95 stores critical information
Regmon is started by running Regmon.exe from the same directory
that regvxd.vxd resides in. Regmon will know the full registry
path for any keys that are opened after it has started. The root
keys are abbreviated to save screen-space:
| ROOT | HEY_CLASSES_ROOT |
| CURRENT | HKEY_CURRENT_USER |
| LOCAL | HKEY_LOCAL_MACHINE |
| USERS | HKEY_USERS |
| CONFIG | HKEY_CURRENT_CONFIG |
| DYNDATA | HKEY_DYN_DATA |
When a registry key is referenced that was opened or created before
Regmon was started, Regmon will not be able determine the full
registry pathname of the key, and will simply display the hex
value of the key.
Implementation
Regmon hooks all VMM registry services so that it can watch requests
and their results. Periodically the GUI requests a batch of buffered
request information from the VxD for display in the list window.
Because it uses a VxD, RegMon works only in Windows 95. To watch
registry activity under NT, see NTRegMon.
Reaching Us
We would appreciate any feedback you have concerning this utility
including suggestions and bug reports. Mark can be reached at
markr@numega.com, and Bryce
can be reached at cogswell@cs.uoregon.edu.
NOTE: this tool is in no way connected with, or endorsed
by, Nu-Mega Technologies or the University of Oregon.
NTRegMon: Windows NT Registry Monitor
Copyright (c) 1996 Mark Russinovich and Bryce Cogswell
Click here to download NTREGMON.ZIP.
NTRegMon is a Windows NT GUI/device driver combination that
intercepts and displays information about all registry activity on a
Windows NT system. All access types are listed along with the full
registry pathname being accessed and any values that are read or
written. Return values, such as key names returned by EnumerateKey,
and registry key object addresses that are returned by CreateKey, are
also displayed.
Installation and Usage
Running NTRegMon is as easy as typing "ntregmon" in the install
directory. The NTRegMon device driver, REGSYS.SYS, is automatically
loaded and then unloaded when NTRegMon exits.
To run NTRegMon, your account must have device-driver loading
privileges (which are usually only applied to administrator
accounts).
Root key names are abreviated to preserve screenspace with the
following translations:
| ROOT | HEY_CLASSES_ROOT |
| MACHINE | HKEY_LOCAL_MACHINE |
| USERS | HKEY_USERS |
| CONFIG | HKEY_CURRENT_CONFIG |
Implementation
NTRegmon watches registry activity using a new system monitoring
technique that we have developed. The details of this technique,
which allow monitoring of many more system events than previously
though possible, are forthcoming in our book, Windows NT
Internals, which will be published next Spring by IDG Books.
Reaching Us
Mark can be reached at markr@numega.com
and Bryce can be reached at
cogswell@cs.uoregon.edu.
Visit these O'Reilly online areas:
Our homepage, with product
information, feature articles, and more.
WebSite Central, home
of O'Reilly's hot, new, Windows Web server.
The O'Reilly Windows
Center
has Win 95 programming information, articles, and links.