In the wide world of computing there are various concepts that are very useful for our work. Windows logs is one of them, in which we can view configuration settings within the system. You don’t need to be a hacker to edit or delete them, but we do need to be precise about what we want to do.
This is because we can cause an error that Windows cannot recover from. That is why in the following article we will show you how to create, edit and use REG files or Windows registries. In addition, to see some examples of how to use it in everyday problems.
Table of Contents
What are Windows logs?
We are talking about a hierarchical database, where all the components are stored at a low level of the system. In many articles they define it as the DNA of the Windows operating system due to its wide and necessary use. Thanks to it, Windows contains continuous reference of elements such as:
- Most programs installed on the computer
- The ports used by the connected hardware on the computer
- User profiles both local and connected to a domain.
- application icons
- Folder properties
- Driver backup path
- Team Settings
- File to know with which program to open each type of data
- Paths for file and folder access
In its beginnings, the use of Windows registries was exclusively to store information corresponding to the configuration of components that were based on COM (Component Object Model). Later in Windows 95 its use was extended to order and store configuration files for each program. In this way it was established that all configuration data is saved in files within a single directory called Registration. Although this article is not based on the history of its creation, it was important to know what its first use was and what for.
How is it accessed?
As mentioned above the Registration It comes by default in all versions of Windows. You do not need to download any external program or install any extra plugin. You just have to press the key combination Windows + Rwhere the Run window will open and there write the command regedit. Another way to open it is through the menu Start. Once opened we just have to type regedit and the executable will appear in the search box regedit.exe.
Structure of a record
The structure of a record is very simple as it only contains two elements key Y value.
The keys are something similar to folders where, in addition to their values, they can contain more keys. In other words, within a key there can be many subkeys and so on. In addition, they are referenced very similar to the paths within Windows since forward slashes are used ( ) to indicate the exact route or levels of what you are looking for. There is only one way to access a subkey and that is by using a root key identifier.
There are several root keys by default and they are named according to the identifier defined in the Windows API in Win32 by the abbreviations they have and depending on the applications they are associated with:
- HKEY_CLASSES_ROOT (contains information about registered applications)
- HKEY_CURRENT_USER (saves specific information of the currently logged in user on the device)
- HKEY_LOCAL_MACHINE (saves device-specific settings)
- HKEY_USERS (contains HKEY_CURRENT_USER subkeys from each active user profile on the computer)
- HKEY_CURRENT_CONFIG (works as a shortcut that saves information about the hardware profile used)
- HKEY_PERFORMANCE_DATA (cannot be viewed in the registry editor)
- HKEY_DYN_DATA (cannot be viewed in the registry editor)
Values are instructions that are closely related to the operating system or installed applications. They consist of a name and the information it contains. Each value of a record stored in a key has a unique name without distinction between characters whether they are uppercase or lowercase. Each value can store variable-length data, but associated with a data type that is defined according to a numeric constant that describes how the data is parsed.
The most commonly used value types are:
String or REG_SZ
Represented by an icon with the acronym ab in red. It contains numbers, letters and symbols.
Multiple string or REG_MULTI_SZ
Much like string values with the difference that you can store a list of values.
Expandable string or REG_EXPAND_SZ
Same as multiple string values with the difference that they can contain variables because, when called by a system program, these types of values have the ability to be extended or adapted according to what is defined in the variable.
Binary or REG_BINARY
Represented by a white icon filled with blue zeros and ones. As its name indicates, this type of value is represented in binary code.
DWORD 32 bit and QWORD 64 bit
Represented the same as binary type, but with record type REG_DWORD or REG_QWORD. They are expressed in hexadecimal or decimal format and despite being two different types I put it in one due to its similarity. The only difference between them is in the bit length of the value.
DWORD means double word and since the standard length of WORD is 16 bits, double is 32 so DWORD refers to this and not to the architecture of the operating system as previously thought.
QWORD means quadruple word and therefore stores much more information than the previous one, that is why it is generally represented in hexadecimal.
Create, edit and delete Windows registries
IMPORTANT: If you do not know about the subject or you are going to make an important change, it is recommended to make a backup copy of the entire registry to be sure that we have everything backed up before the change. In the Registry Editor select File/Export. In this way, if you want to restore the changes, you only have to select File/Import and restore the save.
On many occasions, when installing a program, we need to make some changes in the registries of the new software. Generally the update of these is automatic and we do not even notice its modification. But in cases like those who enjoy a video game on their PC, they have surely had to install or run a file .REG. This type of registry is simply an instruction to modify a value in the Windows registry that we could do manually, but it is much simpler to double-click.
Example to modify and update a record in advanced mode
In this example we are going to reduce or enlarge the space of the desktop icons. So on our PC we create a file with extension .txt
Once created we open it and place the following:
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USERControl PanelDesktopWindowMetrics] "IconSpacing"="-1395" "IconVerticalSpacing"="-1395"
Where the line 1 refers to the header that is standard since Windows XP.
In the line 2 must go blank space mandatory
The Line 3 reference to the key with your full address
Line 4 and 5 the values to modify, which in this case are the horizontal and vertical space, we only have to change the values since 1395 is the one that comes by default.
Once saved we change the extension .txt by .reg and execute by double clicking. When you run it, that information is added to the Windows registry and the effects are immediate. In many cases it is necessary to restart the computer to verify the change.
Example to modify and update a record in graphical mode in Windows
- Once you open the regedit.exe we locate the subkey WindowMetrics located at HKEY_CURRENT_USERControl PanelDesktop WindowMetrics. Remember that you must unfold from key to key until you find the one you want.
- Being there we locate the values to edit.
- We just have to double click or right click and Modify to open a window to edit the chain.
- We place the value we want and press accept.
Example to fix temporary user profile using Windows registries
A common problem when you are in a work domain. This type of error prevents you from saving user settings since you are in a “temporary profile” and every update you make is undone once you reboot the computer. To solve this we must locate the subkey ProfileList located in HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList. Once there we just have to locate the folder that has the ending .bak and remove it by clicking on it and selecting Get rid of or by pressing the key Delete of the keyboard. This way we will make sure that the temporary profile is eliminated and when we restart the computer we will enjoy our user profile normally.
Thanks to the correct use of the Windows registry editor we can eradicate many problems that may arise. In addition to being able to adapt or enjoy a more adaptable user experience to our needs or visual demands. It’s just a matter of good practice or consulting the correct tutorials to make the corrections or fixes we want. However, it is recommended not to use it if you do not know what you are doing because it can logically damage your computer.