Better Registry Searchingby Mitch Tulloch
The registry is the central repository where Windows stores almost all per-machine and per-user configuration settings, both for the operating system itself and for applications you install on your computer. Sometimes you need to find some specific key or value in the registry in order to tweak Windows in some way or configure an application setting that isn't available from the user interface. How do you find things in the registry?
By searching, of course. Unfortunately, the search capabilities of Registry Editor (
regedit.exe) are somewhat limited. For one thing, using Edit -> Find to search for a particular registry key, value, or data can take some time. On a Pentium 4 3.2GHz machine with a bare-bones Windows installation, searching the entire registry for a random string takes about 15 seconds. On another machine, with a Pentium 4 3.0GHz hyperthreaded processor and lots of applications installed, including Microsoft Office Professional, the same search takes more than twice as long.
Speeding Up Registry Searches
One way you can speed up registry searching is to search only a portion of the registry instead of the entire registry. To do this, you need to know your way around the registry a bit. This means learning what kind of settings are stored under each of the root keys, including
HKU. It also means knowing what is stored in the main subkeys of each root key. For example,
HKLM, which stands for
HKEY_LOCAL_MACHINE, is a root key that contains per-machine settings that affect every user who logs on to the computer. Under this root key there are five subkeys named
SYSTEM. A good overview of the registry's basic structure can be found in this Knowledge Base article, while further drill-down details can be found in numerous other KB articles such as this one.
You don't have to know everything about the registry, however. And in fact, there's a lot of undocumented stuff there that you won't find anything about when you search Microsoft's website for more information. A basic understanding of what the different root keys are, together with knowledge of a few important subkeys, can take you a long way towards efficient registry searching. For example, if you are looking for a setting that affects any user of Windows, that setting is likely found within
HKLM. If the setting can be configured on a per-user basis, however, you'll likely find it in
HKCU instead (or
HKU). If you want to find per-machine or per-user settings that can help you configure some specific application installed on your system, then check under
HKCU\Software for these settings. Usually, application settings can be found under
HKCU\Software\Company\Program\Version. For example, per-machine settings for Adobe's Acrobat Reader 6.0 can be found under
Once you know the general layout of the registry, you can speed up your searching by opening Registry Editor, expanding the tree view of keys on the left, selecting the root key or subkey where you know what you're looking for will be found, and using Edit -> Find or
F in the usual way. You can also speed your search by selecting only the types of information you are looking for; i.e., keys, values, or data. As your search progresses and each matching result is found, you can press
F3 to continue your search, but as you do this, keep an eye on the status bar at the bottom of Registry Editor. The reason for doing this is because the status bar displays the currently selected key, and by watching this bar you can see whether you are still searching the root key or subkey you've targeted, or whether you've gone into other territory. If you've gone into other territory, your search may have been unsuccessful, either due to the non-existence of the thing you're looking for, or because you're looking in the wrong part of the registry.
One limitation of the search feature of Registry Editor is that it doesn't support wildcards. For instance, if you think a certain key begins with the string "myd," you can't search for "myd*" to find all keys whose names begin with "myd" (for example, "mydocs"). One way of doing this is to use a tool like Windows Grep, which can search text files using regular expressions that include wildcard characters. For example, say I wanted to search the entire registry on my machine for keys, values and data that begin with the string "myd." Here's how I could proceed:
- Start by opening Registry Editor and select the root node, "My Computer."
- Select File -> Export and export your entire registry as a text file (*.txt). For example, I saved my registry as entireregistry.txt in my My Documents folder.
- Now run Windows Grep and search for "myd*" within the specified file (see Figure 1).
Using Registry Search Tools
A better way of searching the registry is to try using one of the many registry search tools available. One that I like is Registry Crawler, and although it doesn't support wildcard searches, it does nicely display its search results, making them more useful. Figure 2 shows the results of searching for "myd" within my machine's registry:
Other third-party tools you can try using for registry searching include Registry Toolkit, RegSeeker, and others. I can't vouch for most of these tools, and you should be careful using them, especially if they purport to "clean" the registry of unneeded information. I've heard enough horror stories of what so-called "registry cleaners" have done to people's systems, and my advice is to stay well away from any such tools. Maybe you're using a registry search tool that you'd like to recommend to other WindowsDevCenter readers. If so, please feel free to add a comment to this article mentioning the tool and why you like it.
And of course, it shouldn't need to be repeated, but here it is anyway, one more time and direct from the source: "Warning: serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk." Yessir!
Return to the Windows DevCenter.