Windows Registry

The Windows Registry is a hierarchical database that stores low-level settings for the operating system and for applications that opt to use it. It provides a unified, central location for configuration data, system policies, device drivers, services, and user preferences.

On this page

Registry Structure
Root Hives
Keys and Values
Value Types
Access Permissions
Using the Registry API (C++)
PowerShell Access
Best Practices

Registry Structure

The registry is organized as a tree of keys and values. Keys act like folders, while values hold the actual data.

HKEY_CURRENT_USER
│   └─ Software
│        └─ MyApp
│            ├─ Settings (value)
│            └─ Preferences (value)

Root Hives

Hive	Description
`HKEY_CLASSES_ROOT`	Associates file extensions with applications.
`HKEY_CURRENT_USER`	Settings specific to the currently logged‑on user.
`HKEY_LOCAL_MACHINE`	Settings for the local computer that apply to all users.
`HKEY_USERS`	All user profiles loaded on the system.
`HKEY_CURRENT_CONFIG`	Hardware configuration information at boot.

Keys and Values

Each key can contain subkeys and values. Values consist of a name, type, and data.

Key: HKEY_CURRENT_USER\Software\MyApp
└─ Value: (Default) REG_SZ = "My Application"
└─ Value: InstallPath REG_EXPAND_SZ = "%ProgramFiles%\\MyApp"
└─ Value: Enabled REG_DWORD = 1

Value Types

Type	Identifier	Use
String	`REG_SZ`	Standard text.
Expandable String	`REG_EXPAND_SZ`	Contains environment variables.
Binary	`REG_BINARY`	Raw binary data.
DWORD (32‑bit)	`REG_DWORD`	Unsigned integer.
QWORD (64‑bit)	`REG_QWORD`	Unsigned 64‑bit integer.
Multi‑String	`REG_MULTI_SZ`	Multiple null‑terminated strings.
None	`REG_NONE`	Unspecified data type.

Access Permissions

Security descriptors control who can read, write, or delete keys. Use the RegSetKeySecurity and RegGetKeySecurity APIs to manage ACLs.

Using the Registry API (C++)

Below is a minimal example that reads a string value from HKEY_CURRENT_USER.

#include <windows.h>
#include <iostream>

int main()
{
    HKEY hKey;
    LONG result = RegOpenKeyExW(
        HKEY_CURRENT_USER,
        L"Software\\MyApp",
        0,
        KEY_READ,
        &hKey);

    if (result != ERROR_SUCCESS) {
        std::wcerr << L"Failed to open key: " << result << std::endl;
        return 1;
    }

    wchar_t buffer[256];
    DWORD bufSize = sizeof(buffer);
    result = RegQueryValueExW(
        hKey,
        L"InstallPath",
        nullptr,
        nullptr,
        reinterpret_cast<LPBYTE>(buffer),
        &bufSize);

    if (result == ERROR_SUCCESS) {
        std::wcout << L"InstallPath = " << buffer << std::endl;
    } else {
        std::wcerr << L"Failed to read value: " << result << std::endl;
    }

    RegCloseKey(hKey);
    return 0;
}

PowerShell Access

PowerShell provides Get-ItemProperty and Set-ItemProperty cmdlets for registry interaction.

# Read the InstallPath value
$path = Get-ItemProperty -Path "HKCU:\Software\MyApp" -Name InstallPath
Write-Output $path.InstallPath

# Write a new DWORD value
Set-ItemProperty -Path "HKCU:\Software\MyApp" -Name Enabled -Value 1 -Type DWord

Best Practices

Avoid storing large binary blobs; use files instead.
Never write to HKEY_LOCAL_MACHINE from a standard user process.
Always check return codes of Registry API functions.
Document the purpose of each custom key/value you create.
Use REG_EXPAND_SZ for paths containing environment variables.