The Windows registry was first introduced in Windows 3.1 as storage for settings related to Component Object Model (COM) objects. In later versions (Windows 95, Windows NT), registry functionality was extended to be used by other Windows components and applications.

The Windows registry is designed as a central hierarchical storage/database to store information and settings for applications, Windows components, user account settings, devices, drivers, and so on. The Windows registry can be used by any application to store application-related information.

In this chapter you will find information about most common registry operations monitoring.

Windows Registry Basics

The registry was designed as a replacement for flat configuration files (.ini, .conf). The most noticeable differences between the registry database and text files are:

• The registry has built-in security and auditing mechanisms to control access to specific keys and audit access attempts.
• The registry has built-in backup and restore mechanisms that help to restore registry files in case of corruption or unnecessary changes.
• The registry has a mechanism to easily export and import specific settings to/from it.

The most common way to view the Windows registry is to use the built-in Windows Registry Editor (regedit.exe), as shown in the Figure 14-1.