Understanding The Registry Part 2

Each registry value is stored as one of five main data types:

REG_BINARY:- This type stores the value as raw binary data. Most hardware component information is stored as binary data, and can be displayed in an editor in hexadecimal format.

REG_DWORD:- This type represents the data by a four byte number and is commonly used for boolean values, such as "0" is disabled and "1" is enabled. Additionally many parameters for device driver and services are this type, and can be displayed in REGEDT32 in binary, hexadecimal and decimal format, or in REGEDIT in hexadecimal and decimal format.

REG_EXPAND_SZ:- This type is an expandable data string that is string containing a variable to be replaced when called by an application. For example, for the following value, the string "%SystemRoot%" will replaced by the actual location of the directory containing the Windows NT system files.

REG_MULTI_SZ:- This type is a multiple string used to represent values that contain lists or multiple values, each entry is separated by a NULL character. (This type is only available using an advanced registry editor such as REGEDT32)
* REG_SZ - This type is a standard string, used to represent human readable text values.

Other data types not available through the standard registry editors include:

REG_DWORD_LITTLE_ENDIAN:- A 32-bit number in little-endian format.
REG_DWORD_BIG_ENDIAN:- A 32-bit number in big-endian format.
REG_LINK:- A Unicode symbolic link. Used internally; applications should not use this type.
REG_NONE:- No defined value type.
REG_QWORD:- A 64-bit number.
REG_QWORD_LITTLE_ENDIAN:- A 64-bit number in little-endian format.
REG_RESOURCE_LIST:- A device-driver resource list.

In the next post we will see its remaining part.Hope you like this.