Search notes:

Windows registry

Hives are just files. Some of them are located under %SystemRoot%\System32\Config.

Registry tree structure

The registry stores its data in a tree structure.

Data types

The data that is stored in the registry is constraint to a few data types.

Command line manipulation

reg allows to query the registry or chane values in the registry in cmd.exe.
For example, the following command adds a default value to a key: 
reg add "HKEY_CLASSES_ROOT\path\to\key" /t REG_SZ /ve /d "The value inserted"
See also the batch file regQuery.bat: it can be used in cmd.exe to query a specific value under a given key.
The batch file regat.bat can be used in cmd.exe to open the registry (regedit.exe) at a given key.

WinAPI

WinAPI registry functions are implemented in advapi32.dll.

Tools

Regshot is an open source registry compare utility.
It takes a snapshot of the registry then compare it with a second one taken after doing changes to the PC or installing a new software.

PowerShell

PowerShell has the special registry provider which allows to access the registry.
An example is here.

Visual Basic for Application

The VBA functions and statements saveSetting, getSetting and deleteSetting allow to persist values in the registry under the key HKEY_CURRENT_USER\Software\VB and VBA Program Settings.

Cygwin

In Cygwin, the registry seems to be mounted(?) unto /proc/registry.

See also

Registry tree
regedit.exe, Configuring Windows with registry
regini.exe is the registry initializer.
Perl module Win32::TieRegistry
Adding an item to the Windows desktop right click menu
Mouse related registry keys.
SQL Server has the stored procedure xp_regread that allows to read the registry.
A registry filtering driver allows to hook WinAPI calls to registry related functions.

Links

Enumerating Registry Subkeys with C++.
Offline registry tools and password resetter
Process Monitor (which replaced regmon) shows real-time registry (and file system and process/thread activity).

Index