windows under the hood. the registry stores information on everything windows found in...
TRANSCRIPT
![Page 1: Windows Under the Hood. The Registry Stores information on everything Windows Found in Windows\System32\config if you want to know Rarely do we go straight](https://reader036.vdocument.in/reader036/viewer/2022062312/551b16bc55034607418b55bc/html5/thumbnails/1.jpg)
Windows Under the Hood
![Page 2: Windows Under the Hood. The Registry Stores information on everything Windows Found in Windows\System32\config if you want to know Rarely do we go straight](https://reader036.vdocument.in/reader036/viewer/2022062312/551b16bc55034607418b55bc/html5/thumbnails/2.jpg)
The Registry
• Stores information on everything Windows• Found in Windows\System32\config if you
want to know• Rarely do we go straight to the Registry; use
Device Manager, Control Panel• Regedit or Regedt32 will get you to same
place; Start | Run• Be careful, you can break Windows easily
![Page 3: Windows Under the Hood. The Registry Stores information on everything Windows Found in Windows\System32\config if you want to know Rarely do we go straight](https://reader036.vdocument.in/reader036/viewer/2022062312/551b16bc55034607418b55bc/html5/thumbnails/3.jpg)
Registry Root Keys• HKEY_CLASSES_ROOT; class objects, file
associations, type of icon, program to open it• HKEY_CURRENT_USER; current user
preferences, desktop color and pattern• HKEY_USERS; All users for the computer• HKEY_LOCAL_MACHINE (HKLM); system’s
non-user-specific configurations• HKEY_CURRENT_CONFIG; hardware currently
being used
![Page 4: Windows Under the Hood. The Registry Stores information on everything Windows Found in Windows\System32\config if you want to know Rarely do we go straight](https://reader036.vdocument.in/reader036/viewer/2022062312/551b16bc55034607418b55bc/html5/thumbnails/4.jpg)
![Page 5: Windows Under the Hood. The Registry Stores information on everything Windows Found in Windows\System32\config if you want to know Rarely do we go straight](https://reader036.vdocument.in/reader036/viewer/2022062312/551b16bc55034607418b55bc/html5/thumbnails/5.jpg)
Registry Edits
• Use either program: REGEDIT or REGEDT32• Make a backup before you change anything
(File | Export) – use .REG extension• Be careful of value types if adding key(s)• Saves are automatic; no recovery from deletes
![Page 6: Windows Under the Hood. The Registry Stores information on everything Windows Found in Windows\System32\config if you want to know Rarely do we go straight](https://reader036.vdocument.in/reader036/viewer/2022062312/551b16bc55034607418b55bc/html5/thumbnails/6.jpg)
Types of Data in Registry
• String value: any form of data• Binary value: Ones and zeros• Dword value: Binary but limited to 32-bits• Qword value: Binary but limited to 64-bits
![Page 7: Windows Under the Hood. The Registry Stores information on everything Windows Found in Windows\System32\config if you want to know Rarely do we go straight](https://reader036.vdocument.in/reader036/viewer/2022062312/551b16bc55034607418b55bc/html5/thumbnails/7.jpg)
XP Boot Process
• System files start the boot process• NTLDR, boot.ini, and ntdetect.com
(ntbootdd.sys); on system partition• Edit boot.ini from System | Advanced |Startup
and Recovery• Later files: ntoskrnl.exe, hal.dll, Registry,
device drivers and winlogon.exe found in boot partition (Windows)
![Page 8: Windows Under the Hood. The Registry Stores information on everything Windows Found in Windows\System32\config if you want to know Rarely do we go straight](https://reader036.vdocument.in/reader036/viewer/2022062312/551b16bc55034607418b55bc/html5/thumbnails/8.jpg)
System Partition Files
• NTLDR – MBR starts it; reads Boot.ini to find Windows installations
• Boot.ini uses Advanced RISC Computing (ARC) naming system to identify partitions; edit from System applet in Control Panel
• Ntldr starts protected mode and then calls on ntdetect.com to find hardware
![Page 9: Windows Under the Hood. The Registry Stores information on everything Windows Found in Windows\System32\config if you want to know Rarely do we go straight](https://reader036.vdocument.in/reader036/viewer/2022062312/551b16bc55034607418b55bc/html5/thumbnails/9.jpg)
Vista/7 Boot• 32-bit BIOS scans for master boot record; loads
boot sector; bootmgr• 64-bit UEFI loads bootmgr directly• Bootmgr asks which OS to load using Boot
Configuration Data (BCD) file. Edit with bcdedit.exe; then loads winload.exe; then the OS kernel
• Vista/7 boot files and the system files must all reside on the same partition
![Page 10: Windows Under the Hood. The Registry Stores information on everything Windows Found in Windows\System32\config if you want to know Rarely do we go straight](https://reader036.vdocument.in/reader036/viewer/2022062312/551b16bc55034607418b55bc/html5/thumbnails/10.jpg)
Processes, Services and Threads
• Applications are processes loaded into RAM; have a window and end when you close the window
• Processes without need for a window are called Services
![Page 11: Windows Under the Hood. The Registry Stores information on everything Windows Found in Windows\System32\config if you want to know Rarely do we go straight](https://reader036.vdocument.in/reader036/viewer/2022062312/551b16bc55034607418b55bc/html5/thumbnails/11.jpg)
Task Manager
• One-stop place for Applications, Processes and Services
• CTRL-SHIFT-ESC, CTRL-ALT-DELETE, Start|Run | taskmgr
• Click View | Select Columns for Process Identifier (PID)
• Can log off a user from Users tab if they did not
![Page 12: Windows Under the Hood. The Registry Stores information on everything Windows Found in Windows\System32\config if you want to know Rarely do we go straight](https://reader036.vdocument.in/reader036/viewer/2022062312/551b16bc55034607418b55bc/html5/thumbnails/12.jpg)
Task Manager, 2• Applications tab; shows all running applications;
go here to force application to stop• Processes tab; everything is a process; can end
processes but for some, Windows won’t allow you to end them
• Performance tab; quick check of what is going on – CPU use and memory use
• Networking and Users tabs; not really exciting; can see how busy network is
![Page 13: Windows Under the Hood. The Registry Stores information on everything Windows Found in Windows\System32\config if you want to know Rarely do we go straight](https://reader036.vdocument.in/reader036/viewer/2022062312/551b16bc55034607418b55bc/html5/thumbnails/13.jpg)
Services Applet
• Control Panel |Administrative Tools | Services• Click on Services button in Services pane of
Task Manager• Run services.msc• Can start, or stop, a service from here;
Windows will not let you stop critical services• This has services in alphabetic order where
Task Manager does not
![Page 14: Windows Under the Hood. The Registry Stores information on everything Windows Found in Windows\System32\config if you want to know Rarely do we go straight](https://reader036.vdocument.in/reader036/viewer/2022062312/551b16bc55034607418b55bc/html5/thumbnails/14.jpg)
Performance Console
• Object is a system component that is given a set of characteristics and is a single entity
• Counters track specific information about objects
• Lots of counters; not many books on the Console, read over Michael’s section
![Page 15: Windows Under the Hood. The Registry Stores information on everything Windows Found in Windows\System32\config if you want to know Rarely do we go straight](https://reader036.vdocument.in/reader036/viewer/2022062312/551b16bc55034607418b55bc/html5/thumbnails/15.jpg)
Performance – Vista and 7
• Reliability and Performance Monitor in Vista• Performance Monitor in 7• Start with Performance Information and Tools
in Control Panel• Wander with it to get a sense of what it can
tell you – we will do that in lab sessions
![Page 16: Windows Under the Hood. The Registry Stores information on everything Windows Found in Windows\System32\config if you want to know Rarely do we go straight](https://reader036.vdocument.in/reader036/viewer/2022062312/551b16bc55034607418b55bc/html5/thumbnails/16.jpg)
Honorable Mention
• Component Services: Allows sharing of objects between programs
• Data Sources: Open DataBase Connectivity (ODBC); sharing of databases among programs