Skip to content

Admiration Tech News

  • Home
  • Cyber Attacks
  • Data Breaches
  • Vulnerability
  • Exploits
  • Crack Tutorials
  • Programming
  • Tools

How to use the Windows Registry Editor

Posted on August 3, 2024 - August 3, 2024 by Maq Verma

The Registry Editor is a powerful application that allows you to access and edit the configuration settings of the Windows operating system.

The Windows Registry is a database containing various settings used by the operating system and installed software applications.

However, it is essential to be careful when using the Registry Editor, as making incorrect changes to the Registry can cause serious problems with your system, including preventing it from booting correctly.

Therefore, before using this guide to modify the Windows Registry, please make a backup of the Registry first.

What is the Windows Registry

The Windows Registry database stores the configuration options and settings for the Windows operating system and software installed on your computer.

The Registry is organized in a hierarchical structure containing keys and values, with five different ‘root’ keys at the top, as shown below, that serve a particular purpose.

The Windows Registry Editor showing the five root keys
The Windows Registry Editor showing the five root keys
Source: BleepingComputer

The five different root keys in the Windows registry and their purposes are:

  1. HKEY_CLASSES_ROOT (HKCR): This key stores information about file associations and OLE object classes.
  2. HKEY_CURRENT_USER (HKCU): This key stores information about the current user’s settings and a specific user’s preferences for various applications.
  3. HKEY_LOCAL_MACHINE (HKLM): This key stores information that affects the entire computer, regardless of the logged-in user. These settings are for the computer’s hardware, operating system configuration, and software settings that affect all users.
  4. HKEY_USERS (HKU): This key stores information about all users who have logged on to the computer.
  5. HKEY_CURRENT_CONFIG (HKCC): This key stores information about the current hardware configuration of the computer.

For the most part, you will be modifying keys and values under the HKCU and HKLM root keys.

Registry keys are like folders containing other keys and values used to organize and group related settings.

For example, the HKEY_CURRENT_USER key contains settings for the current user account, such as a user’s desktop wallpaper, installed application preferences, and personal settings.

While keys are like folders, Registry values are the files stored within them, containing the specific settings for a particular key. They can have different data types, including text, numbers, and binary data.

There are several different types of registry value data types:

  • REG_SZ – A string value that contains text data, such as a username or folder path.
  • REG_DWORD – A numeric value that contains a 32-bit integer.
  • REG_QWORD – A numeric value that contains a 64-bit integer.
  • REG_BINARY – A value that contains binary data, such as an image or sound file.
  • REG_MULTI_SZ – A string value that contains multiple strings separated by null characters. This is often used for lists or arrays of values.

Each registry value type is used for a specific purpose, and understanding them can help you better manage and customize your Windows operating system.

Viewing Registry keys and values in the Windows Registry Editor
Viewing Registry keys and values in the Windows Registry Editor
Source: BleepingComputer

However, for the most part, when editing the Registry, you will be modifying REG_SZ values for text data and REG_DWORD for numeric data, as they are the most common data types used to stored user-editable data.

Using the Windows Registry Editor

The Windows Registry Editor is a software application created by Microsoft and built into all versions of Windows that allows you to edit the data in the Registry.

The Registry Editor application is located at C:\Windows\regedit.exe, and for the most part, requires administrative privileges to use it properly.

To open the Registry Editor, press the Windows key + R to open the Run dialog box. Next, type “regedit” in the search box and press Enter. If you are shown a prompt asking if you would like to allow the program to make changes, select ‘Yes‘ to continue.

When the Registry Editor is opened, you will see that the window is divided into two panes. The left pane displays a hierarchical tree structure of the Registry’s various keys (folders) and subkeys (subfolders).

The right pane displays the values and data associated with the selected key in the left pane.​

The Windows Registry Editor
The Windows Registry Editor
Source: BleepingComputer

To open a specific Registry key, use the left pane to navigate to the key you want to edit. Then expand a key and click on the plus sign (+) next to it.

To collapse a key, click the minus sign (-) next to it.

When you click on a key in the left pane, the values stored within it will be shown in the right pane.

Now that we know how to navigate the Windows Registry let’s learn how to modify data stored within it.

CREATE A NEW REGISTRY KEY

When configuring new settings in the Windows Registry, you may need to create a key at some point. 

Use these steps to create a new key in the Registry:

  1. Right-click on the key you want to create a new subkey under in the left pane.
  2. Select New -> Key.
  3. Enter a name for the new key and press Enter.

CREATING A REGISTRY VALUE

As Registry values contain the data that configure how an application or Windows works, it is common to need to create Registry values.

Use these steps to create a Registry value:

  1. Navigate to the key where you want to create the value.
  2. Right-click on the key and select “New” and then select the type of value you want to create. The kinds of values you can make are explained in the previous section.
  3. Give the new value a name by typing it in the box that appears.
  4. Double-click on the new value to edit its data.
  5. Enter the desired value data and click OK.

RENAMING REGISTRY KEY

Sometimes you may need to rename a Registry value, such as when introducing a typo.

To rename a Registry key, please follow these steps:

  1. Navigate to the key you want to rename. 
  2. Right-click the key and select Rename.
  3. Enter the new name for the key in the editable field.
  4. Click anywhere to save the changes.

RENAMING A REGISTRY VALUE

Sometimes you may need to rename a Registry value, such as when introducing a typo.

To rename a Registry value, please follow these steps:

  1. Right-click the value you want to rename in the right pane and select Rename.
  2. Enter the new name for the key in the editable field.
  3. Click anywhere to save the changes.

EDITING REGISTRY VALUE DATA

To make changes to a Registry value, follow these steps:

  1. Double-click on the value you want to edit in the right pane.
  2. The Edit dialog box will appear.
  3. Enter the new value for the key in the ‘Value data’ field.
  4. Click OK to save your changes.

EXPORT A REGISTRY KEY

It is possible to export Registry keys and all their subkeys and values to a registry file. 

A registry file ends with .reg, and when you double-click on one in Windows, it will import the data back into the Registry. Exporting a registry key helps create a backup before you make changes to the Registry.

  1. Right-click on the key you want to export in the left pane.
  2. Select Export.
  3. Choose a location to save the exported key and give it a name.
  4. Click Save.

IMPORT A REGISTRY KEY

If you had previously exported a key, you could import its data into the Registry by importing the file using these steps:

  1. Click on File -> Import.
  2. Navigate to the location where you saved the exported key.
  3. Select the key file and click Open.

DELETE A REGISTRY KEY

If you need to delete a Registry key, use the following steps.

  1. Right-click on the key you want to delete in the left pane.
  2. Select ‘Delete‘ from the context menu.
  3. Confirm that you want to delete the key by clicking Yes.

Note: If you delete a key, all subkeys and values underneath them will be deleted too!

Note 2: You should only delete a registry key if you know it will not cause issues with your computer!

DELETE A REGISTRY VALUE

If you need to delete a Registry value, use the following steps.

  1. Right-click on the value you want to delete in the right pane.
  2. Select ‘Delete‘ from the context menu.
  3. Confirm that you want to delete the value by clicking Yes.

Note: You should only delete a registry value if you know it will not cause issues with your computer

When done using the Registry Editor, you can close it by clicking on the X in the Window or clicking on File > Exit.

With these steps, you should now be able to use the Windows Registry Editor to navigate and edit the Registry.

However, it is vital to be careful when making changes to the Registry, as incorrect changes can cause severe problems with your system.

It is always recommended to create a backup of your Registry before making any changes.

  • Facebook
  • Twitter
  • LinkedIn
  • Reddit
  • WhatsApp
  • Telegram
Posted in VulnerabilityTagged Cyber Attacks, Data Security, malware, Spyware

Post navigation

Hackers abuse free TryCloudflare to deliver remote access malware
Netflix Open Sources Maestro, a Next-Gen Data Workflow Engine

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • New Malicious PyPI Packages used by Lazarus(By Shusei Tomonaga)
  • Recent Cases of Watering Hole Attacks, Part 1(By Shusei Tomonaga)
  • Recent Cases of Watering Hole Attacks Part 2(By Shusei Tomonaga)
  • Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of Lazarus’s Subgroup(By Hayato Sasaki)
  • SPAWNCHIMERA Malware: The Chimera Spawning from Ivanti Connect Secure Vulnerability(By Yuma Masubuchi)
  • DslogdRAT Malware Installed in Ivanti Connect Secure(By Yuma Masubuchi)
  • DslogdRAT Malware Targets Ivanti Connect Secure via CVE-2025-0282 Zero-Day Exploit
  • Lazarus Group’s “Operation SyncHole” Targets South Korean Industries
  • North Korean APT ‘Contagious Interview’ Launches Fake Crypto Companies to Spread Malware Trio
  • SocGholish and RansomHub: Sophisticated Attack Campaign Targeting Corporate Networks
  • Critical Flaw Exposes Linux Security Blind Spot: io_uring Bypasses Detection
  • Discord Used as C2 for Stealthy Python-Based RAT
  • Earth Kurma APT Targets Southeast Asia with Stealthy Cyberespionage
  • Triada Trojan Evolves: Pre-Installed Android Malware Now Embedded in Device Firmware
  • Fake GIF and Reverse Proxy Used in Sophisticated Card Skimming Attack on Magento
  • Fog Ransomware Group Exposed: Inside the Tools, Tactics, and Victims of a Stealthy Threat
  • Weaponized Uyghur Language Software: Citizen Lab Uncovers Targeted Malware Campaign
  • 4Chan Resumes Operation After Hack, Cites Funding Issues
  • ResolverRAT Targets Healthcare and Pharmaceutical Sectors Through Sophisticated Phishing Attacks
  • CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability
  • Dissecting the Cicada
  • LockBit Analysis
  • Attacking PowerShell CLIXML Deserialization
  • Threat Hunting Report: GoldPickaxe
  • Exploiting Microsoft Kernel Applocker Driver (CVE-2024-38041)
  • Acquiring Malicious Browser Extension Samples on a Shoestring Budget
  • Type Juggling and Dangers of Loose Comparisons
  • Exploring Deserialization Attacks and Their Effects
  • Hunting for Unauthenticated n-days in Asus Routers
  • Element Android CVE-2024-26131, CVE-2024-26132 – Never Take Intents From Strangers
  • A Journey From sudo iptables To Local Privilege Escalation
  • AlcaWASM Challenge Writeup – Pwning an In-Browser Lua Interpreter
  • Fortinet Confirms Third-Party Data Breach Amid Hacker’s 440 GB Theft Claim
  • Adversary Emulation is a Complicated Profession – Intelligent Cyber Adversary Emulation with the Bounty Hunter
  • Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps
  • RPKI Security Under Fire: 53 Vulnerabilities Exposed in New Research
  • CVE-2024-5102: Avast Antivirus Flaw Could Allow Hackers to Delete Files and Run Code as SYSTEM
  • Build Your Own Google: Create a Custom Search Engine with Trusted Sources
  • Rogue AI: What the Security Community is Missing
  • Ransomware Roundup – Underground
  • Emansrepo Stealer: Multi-Vector Attack Chains
  • Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401
  • In-depth analysis of Pegasus spyware and how to detect it on your iOS device
  • GoldPickaxe exposed: How Group-IB analyzed the face-stealing iOS Trojan and how to do it yourself
  • Beware CraxsRAT: Android Remote Access malware strikes in Malaysia
  • Boolka Unveiled: From web attacks to modular malware
  • Ajina attacks Central Asia: Story of an Uzbek Android Pandemic
  • SMTP/s — Port 25,465,587 For Pentesters
  • POC – CVE-2024–4956 – Nexus Repository Manager 3 Unauthenticated Path Traversal
  • Unauthenticated RCE Flaw in Rejetto HTTP File Server – CVE-2024-23692
  • CVE-2024–23897 — Jenkins File Read Vulnerability — POC
  • Why Django’s [DEBUG=True] is a Goldmine for Hackers
  • Extracting DDosia targets from process memory
  • Dynamic Binary Instrumentation for Malware Analysis
  • Meduza Stealer or The Return of The Infamous Aurora Stealer
  • Unleashing the Viper : A Technical Analysis of WhiteSnake Stealer
  • MetaStealer – Redline’s Doppelgänger
  • Pure Logs Stealer Fails to Impress
  • MetaStealer Part 2, Google Cookie Refresher Madness and Stealer Drama
  • From Russia With Code: Disarming Atomic Stealer

Recent Comments

  1. Maq Verma on Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs
  2. binance Registrera on Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs
  3. Hal on FBI: BlackSuit ransomware made over $500 million in ransom demands
  4. canadian pharmaceuticals on Linux: Mount Remote Directories With SSHFS
  5. situs togel resmi on Extracting DDosia targets from process memory

Archives

  • April 2025 (19)
  • November 2024 (20)
  • October 2024 (13)
  • September 2024 (2)
  • August 2024 (119)
  • July 2024 (15)

Categories

  • Crack Tutorials
  • Cyber Attacks
  • Data Breaches
  • Exploits
  • Programming
  • Tools
  • Vulnerability

Site Visitors

  • Users online: 0 
  • Visitors today : 7
  • Page views today : 7
  • Total visitors : 2,665
  • Total page view: 3,289

$22 Million AWS Bitmagnet BlackCat Bytecode CrowdStrike Cyber Attacks cyber security Data Breach Data Security DDOS Decentralized Encryption fake github Indexer Injection Activity kernel Linux Maestro malware Microsoft Model Architecture Netflix Open Source Phishing Phishing Scam Programming Ransomware Reverse Engineering Safe Delete Safe Erase Scam Security tool Software Crack Software Design software protection SOLID SOLID Principles Sophos Intercept X Advanced Spyware Tools Torrent TryCloudflare vulnerability Workflow Engine

Proudly powered by Admiration Tech News | Copyright ©2023 Admiration Tech News | All Rights Reserved