What is Windows registry?
The Windows registry is a central part of the Windows operating system and serves as a database that stores a wide range of system information.
Register contains important information and settings related to the operating system, installed programs, hardware, and user profiles. The registry information is organized into key-value pairs in different sections or 'branches' of the registry.
The registry contains settings and configuration information that control the operation of Windows and installed programs.
Registry Structure
The register consists of five main branches called "hives". These are:
HKEY_CLASSES_ROOT (HKCR)
Contains information related to file type associations and program associations.
HKEY_CURRENT_USER (HKCU)
Contains the settings and preferences of the active logged-in user.
HKEY_LOCAL_MACHINE (HKLM)
Contains system settings and information about all user profiles.
HKEY_USERS (HKU)
Contains the settings of all users.
HKEY_CURRENT_CONFIG (HKCC)
Contains information about hardware configuration.
What is Windows Registry Editor (Regedit)?
Windows Registry Editor, also known as regedit, is a built-in tool in the Windows operating system that allows viewing and modifying the Windows registry.
Be careful with the registry
Before modifying the registry, it is important to understand that incorrect changes to the registry can cause serious problems for the system, including system failure. It is recommended to make any changes thoughtfully.
Using the Registry Editor
The registry editor is called regedit.exe and can be found, for example, by pressing the Windows key and typing "regedit" into the search.
Browsing register values
Navigate in the registry just like in a file system, by clicking on forks to expand them and see their sub-branches and their values.
Modifying Registry Values:
- When you find the desired key, you can edit its values by double-clicking on the value. This opens a window where you can edit the value's data.
- It is important to know the value data type (e.g. String, Binary, DWORD) and make the changes accordingly.
Creating New Keys and Values:
- You can create a new key by right-clicking on the upper branch and selecting "New" > "Key".
- To create a new value, right-click on the key, select "New", and choose the value type.
Deleting Keys and Values:
- You can delete the key or value by right-clicking on it and selecting "Delete".
6. Register Backup and Restoration:
- Backup: Before making any changes, it is recommended to take a backup of the registry. This can be done by selecting the key and clicking "File" > "Export". Save the file in a secure location.
- Restore: If you encounter any issues, you can restore the registry by clicking "File" > "Import" and selecting the previously created backup file.
Tasks
Find the file name of the desktop wallpaper from the registry
In this task, you need to navigate to the Windows registry and find a specific registry value that determines the current desktop background.
- Open Windows Registry Editor. You can also do this by pressing Windows + R and typing the command regedit.
- Navigate to the registry path: HKEY_CURRENT_USER\Control Panel\Desktop This path contains settings related to the appearance and behavior of your user account's desktop.
- Find the key named Wallpaper. This registry value contains the path to the current desktop wallpaper. Note that if the wallpaper is not defined, the value may be empty or point to the default image.
What is the value? You don't need the full path, just the file name is enough.
Ready to become an ethical hacker?
Start today.
As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.