Registry
(Redirected from Regedit.exe)
This page should probably serve as a place to document the registry.
Purpose
The purpose of the Registry is to contain most configuration-related information related to ReactOS (Windows) in one spot. The Registry is composed of a number of on disk files, accessed through the registry API. The on disk files are called "hives", and while the Operating System is running it keeps copies of (the most important?) registry areas in memory.
Links
(original non-working link - http://amnesia.gtisc.gatech.edu/~moyix/suzibandit.ltd.uk/MSc/ )
- https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md
- http://sentinelchicken.com/data/TheWindowsNTRegistryFileFormat.pdf
- https://2017.zeronights.org/wp-content/uploads/materials/ZN17-Suhanov-Registry.pdf
- https://github.com/msuhanov/yarp
- https://www.mandiant.com/resources/digging-up-the-past-windows-registry-forensics-revisited
- https://andreafortuna.org/2021/02/06/windows-registry-transaction-logs-in-forensic-analysis/
- https://www.nist.gov/itl/ssd/software-quality-group/computer-forensics-tool-testing-program-cftt/cftt-technical/ms
- (More Windows 2000-oriented): https://www.itprotoday.com/windows-78/inside-registry
Build
Registry hive files in ReactOS are built with the tool mkhive.