Why the Registry is So Funky

[baltoro]

My all-time favorite Windows coding blogster, Raymond Chen, has a great blog entry explaining just why the Registry exists in the form that it does.
Here it is: Why is the Registry a Hierarchical Database Instead of a Relational One?
...And, he doesn't even get into COM configuration or the security aspects of the Registry,...
Anyway,...it makes an interesting read. Many times I've wondered what they (Microsoft) were thinking when they came up with the original idea.
...Now, I know.
Clearly, there must be a better way. But, I have inadequate brainpower to visualize a solution.

UPDATE: Raymond Chen actually has numerous blog entries about the Registry. Here is a listing of the non-funky ones:   
The Inability To Lock Someone Out of the Registry is a Feature, Not a Bug, Mar 2009
What the Various Registry Data Types Mean Is Different From How They Are Handled, Feb 2009
Why Can't You Apply ACLs to Registry Values?, Jan 2009
Why Do Registry Keys Have a Default Value?, Jan 2008
How Did Registry Keys Work in 16-bit Windows?, Jan 2008
Why Are INI Files Deprecated in Favor of the Registry?, Nov 2007
The Performance Cost of Reading a Registry Key, Feb 2006
Beware of Non-Null-Terminated Registry Strings, Aug 2004

NOTE: The comments added to these blog entries from Raymond Chen's rabid fans tend to be extremely interesting and informative,...

[Vortex]

Hi baltoro,

I would prefer to use simple text files instead of the registry. Why? The registry is a sensitive and vulnerable database. If it's damaged seriously, you can lose the OS and even I saw cases where system restore does not solve the problem because of malware attack.

[dedndave]

they could have organized it a little better
if it was, we might not be so reluctant to use it as it was intended

i don't know if Ray Chen mentioned it, but going back to win 95 explains a lot about how it is organized
they should have "broken the mold" going from win98/me to nt/win2K

[baltoro]

VORTEX,   

The registry is a sensitive and vulnerable database. If it's damaged seriously, you can lose the OS and even I saw cases where system restore does not solve the problem because of malware attack.

You are so right. I've always wondered why Windows uses the standard security APIs to secure the Registry. This seems inadequate, as any programmer with administrative privileges (or the ability to escalate existing privileges) can access and alter the Registry at will. You'd think it would be protected within a kernel component.
As Raymond Chen points out,...the data formats are so disparate that creating an XML schema to mamage it would be doomed to failure.
...But, clearly, it's something that's in need of serious design evolution,...

I was reading a book that described the Registry features unique to Windows XP, and, I was amazed at how inconsistently the Registry is configured by individual users. Finding essential information about installed applications is really trial and error. When I first started incorporating Registry search functions into my applications, I thought I could rely on the data that was maintained in the Registry. That's a misleading concept. You must have a preconceived notion of where to search. If you can't find specific configuration data, you have to have a fall back stategy,...allowing your application to fail at that point is a wasted effort. You often have to make numerous different search sequences, just to find something that should be reliably available.

Here are a couple of general articles about Windows XP Registry security: Windows Registry Security - Part One, and, Windows Registry Security - Part Two

[Vortex]

Hi  baltoro,

Yes, I agree with you on your statements. What comes to my mind to protect the registry as possible :

- Install few applications modifying the registry. Portable applications are preferable.
- Use a tool like Cameyo ( freeware ) to virtualize applications. All the registry modifications are redirected to a subkey in HKEY_CURRENT_USER
- Use a tool like ccleaner to remove unneeded information from the registry.
- Prefer a restricted user account to prevent malwares accessing HKEY_LOCAL_MACHINE

[baltoro]

Ya know,...I don't have any good ideas at all.
In the past, you could run RegMon from SysInternals, and watch as the application logged all the activity happening in the Registry. It's amazing how many background applications constantly poll a specific Registry data value, looking for either a new key and data, or, a change in the current data. (By the way, I think they should build all those uber-cool SysInternal utilities right into the operating system.)

Any major architectural changes you would make to the Registry would introduce a cascade of breaking changes throughout the system on older versions of the operating system, and, almost certainly,...on the current system.   
You could create small dedicated registry-type Meta-data nodes,...but, it would be alot worse,...you'd have too much duplication,...and, information request APIs would constantly be colliding with whatever management component you designed to access the actual memory locations.
You could redesign and restructure the whole Registry, building a much more coherent and reliable data configuration,...but, this would mean, in all probability, creating hundreds of new Registry navigation functions, providing a means of storing all the information reliably with integrated systematic data verification checks,...and providing (just for laughs) an impenetrable COM security access delegation facility that only Spock could possibly understand,...And,...you'd have to design it all as a kernel component,...which would slow the whole system down to such a degree that entire societies would revert back to Neolithic life styles.
...Of course, you'd get alot of death threats,...
...And, you'd have so many breaking changes that you could never get it to work,...
My brilliant concept would be to optimize the chaos ! Maximize the random occurrence of bluescreens ! Maybe start a shadowy hedge fund and move to some country that we don't have an extradition treaty with,... :eek

[hutch--]

I have a view on the Registry, it should be exclusively used by the OS only and there should be no application access at all which means no API which gives access or editorial capacity. By it being programmatically alterable, it is a giant security leak that is regularly exploited by a variety of trojans which embed junk which can replicate items that are removed by the user and start up the trojan again.

I am much the same view as Erol here, applications should be portable and should maintain their own settings completely independently from the operating system. The whole centralised database of settings is a flawed concept in that once it is attacked its integrity is lost and the effort to clean up the mess often exceeds the time to rewrite a disk image over the damaged OS installation.

Diversity has much going for it on a machine that has many different applications, the settings for an application can be in any form convenient to its author, binary files, text files in whatever format they want and in no way predictable to any malicious software that may find its way onto a machine.

I am very much of the view that you treat the Registry like the plague.

[dedndave]

i have been working on an app that kept the view settings in the registry
window size, back/fore colors, etc

i changed it to locate the EXE file and write a binary sort of INI file in the same folder
i was happy with the registry version, but i know many in here do not appreciate registry modifications
that's really the only reason i changed it   :P

[Bill Cravener]

Well I think you just need to use it carefully and any installed app should clean up its mess when uninstalled. I use a registry cleaner called AVS Registry Cleaner and more often then not it shows Windows itself is the one that makes a mess of it.

I like having a quick link to my favorite editor Notepad when I right click on the Start button and to this day us my little Masm32 registry example called Append to place it there. :bg

[baltoro]

The registry was first introduced towards the end of Windows 3.1 as a way to manage configuration changes and get away from the endless .INI files that plagued the Windows 3.x environment. The problem has always been how to manage the registry and how to keep it from becoming corrupt.         

During system startup, the Operating System Kernel extracts information from the registry, such as which device drivers to load and their load order. The kernel also passes information about itself (such as its version number) to the registry. Device Drivers send and receive load parameters and configuration data from the registry. A device driver must report the system resources that it uses, such as hardware interrupts and DMA channels, so that the system can add this information to the registry. Programs and device drivers can access this registry information to provide users with smart installation and configuration programs.         
It is important to back up your registry regularly, and it is also important to back up your current, working registry before you edit it. The greatest challenge to using a backup to restore a severely damaged registry is that Windows requires the registry to operate. The system constantly reads and writes to the registry, so without a functional registry to run Windows, you cannot easily start the registry restore tools. The registry contains sensitive security and user information that an attacker can use to circumvent your network security or to damage your system.     
Windows gives members of the local Administrators and Backup Operators groups remote access to the registry. Because the Domain Admins group is a member of each computer's local Administrators group, all domain administrators can connect the registry of any computer that's joined to the domain.
It is important to remember that the registry belongs to programs, not to users.       

Windows Registry Overview, Wikipedia
Windows Server 2003 Resource Kit Registry Reference, TechNet
About the Windows Registry, TechNet, Updated 2003
Microsoft TechNet Search for Registry Security

Critical System Configuration Registry Data: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet. A complete set of the configuration data required to start devices and system services. The system always maintains at least two control sets in the registry. It identifies one as CurrentControlSet and the other as the LastKnownGood control set. In general, if you change the value of any entry in the CurrentControlSet subkey, you must restart the computer for the changes to take effect.       

Listing of types of configuration data used by the Operating System: Hardware Profiles, System Services, Autorun Locations, Wireless Networks, Local Area Network, USB Devices, Mounted Devices, Installed Programs, File Associations,       

Listing of types of configuration data associated with individual users: Windows Explorer, Most Recently Used Lists, Internet Explorer,     
Exclusive COM Registry Data: COM Server Registration, COM Classes and Interfaces, (HKEY_CLASSES_ROOT)...   

[PBrennick]

In the past, I used to use the registry for all my application's saved valuse. I remember when Ewayne and I attempted to develop some Registry handling apps and became very discouraged by the results. Ultimately, we gave it up. I use INI files now and the new release of my editor will use an INI file.

Hutch mentioned to me on more than one occasion to beware of the Registry and it turns out that he is right. Ultimately, MS will have to address the problems with that pig as they are losing control of it.

Paul

[daydreamer]

I am disappointed, shouldnt a thread in Coluseum, be kinda fight
a missing post in this thread should be someone who posts"you just posting bullshit, registry rocks!!!" :)

[Vortex]

I am disappointed, shouldnt a thread in Coluseum, be kinda fight
a missing post in this thread should be someone who posts"you just posting bullshit, registry rocks!!!" :)

daydreamer,

We are not fighting here. That should be clear.

Could you explain to us why and how the registry "rocks?"

[dedndave]

Erol
he was being facetious   :P

"you just posting bullshit, registry rocks!!!"

playing the devils advocate

[Vortex]

Thanks dave for your help.

daydreamer, my apologies if I misunderstood your statements.