Registry Keys

Registry keys are fundamental components of the Windows Registry. They act as containers for other keys and registry values, forming a hierarchical structure that stores configuration settings for the operating system and installed applications.

Key Structure and Hierarchy

The Windows Registry is organized as a tree, where each branch is a key. Keys can contain subkeys, which are themselves keys, creating a deep, nested structure. The root of this tree consists of several predefined top-level keys (hives), such as:

• HKEY_CLASSES_ROOT (HKCR)
• HKEY_CURRENT_USER (HKCU)
• HKEY_LOCAL_MACHINE (HKLM)
• HKEY_USERS (HKU)
• HKEY_CURRENT_CONFIG (HKCC)

Each key is identified by a unique path starting from one of the root hives. For example:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Key Properties

While keys themselves don't store data directly, they serve as containers. They have properties like:

• Name: The name of the key, which cannot contain certain characters like backslashes (\), forward slashes (/), colons (:), asterisks (*), question marks (?), double quotes ("), less than (<), greater than (>), or pipe (|).
• Security Descriptor: Defines the access control for the key and its subkeys/values.
• Timestamp: Records the last time the key or its contents were modified.

Accessing Registry Keys

Applications interact with registry keys using various Windows API functions. The primary functions for key manipulation include:

Function	Description
RegCreateKeyEx	Creates a specified key or opens it if it already exists.
RegOpenKeyEx	Opens an existing key for querying or modification.
RegDeleteKeyEx	Deletes a specified key. Must be called on a key that has no subkeys.
RegEnumKeyEx	Enumerates the subkeys of a specified key.
RegQueryInfoKey	Retrieves information about a key, such as the number of subkeys and values.

Key Naming Conventions

Key names are case-insensitive but case-preserving. The structure of key paths is crucial for correctly locating specific configuration data.