.Reg文件格式

原作：J.Mostert

翻译：淡月儿

1 概述

注册表编辑器使用.Reg文件格式导入、导出注册表设置，支持的操作系统包括Windows3.X，Windows95/98/NT及以上。尽管注册表的作用和原理十分重要，但本文不打算介绍，你可以通过文末列出的网址，获得相关的信息。同时，Windows3.X的.Reg文件格式与Windows95以上不尽相同，本文将忽略这方面的内容，毕竟Windows3.X的注册表已经不太重要。

2 详细说明

.Reg文件是ASCII码组成的无格式纯文本，每一行以“cr/lf”结尾。

2.1 文件头

.reg文件开头是注册表编辑器的版本，Windows95/NT下版本是4，你可以使用这样的字符串：regedit4。在执行导入前，注册表编辑器将会检查版本是否正确，并在不匹配时给与提示，这也是注册表编辑器对.Reg文件做的唯一检查。一般情况下，注册表编辑器会默默忽略掉错误的文件内容不予导入注册表，更多情况下会把可能导致问题的内容导入注册表，这是微软注册表编辑器的一个缺陷。

2.2 键

键和子键被原样导出至.Reg文件，没有顺序差别。

例如：

hkey_classes_root\clsid键下面有hkey_classes_root\clsid\{21ec2020-3aea-1069-a2dd-08002b30309d}这个子键(这个键的作用是在控制面板上添加一个类声明)，它按如下格式导出：

[hkey_classes_root\clsid]

[hkey_classes_root\clsid\{21ec2020-3aea-1069-a2dd-08002b30309d}]

任何一个有效键值都必须包含完整的路径，因此必定以根键开头，根键包括：

hkey_classes_root

hkey_current_user

hkey_local_machine

hkey_users

hkey_current_config

hkey_dyn_data

键名只可以由ASCII码中的可打印字符组成(即ASCII码32至127所代表的字符)，键名不可以包含空格、反斜杠( \ )以及通配符( * 和 ? )。每一个键名下紧跟着它的键值，键值列表以空行结束，一个键的键值列表可以就是一个空行。

例如：

[key-name]

[second-key-name]

"value1"=something

"value2"=something

[third-key-name]

假如在文件中指定了一个不存在的键值，那么在导入的时候这个键连同它的根键(假如不存在的话)都将被创建。

例如：

文件中指定了hkey_users\jeroen\test\subkey这个键；

注册表中只存在hkey_users\jeroen这个键；

当导入以后，hkey_users\jeroen\test这个键会被创建。

注意，你只能添加或修改键和键值，而不能删除它们。

(译者注：事实上可以删除，方法是在键名前面加上 - 号，该键连同其子键将被删除；在指定键值为 - ，可以删除该键值。)

2.3 键值

注册表键值可以是三种数据类型：字符串(string)、二进制值(binary value)和双机器字(dword，即32位整数)。键值的名称以引号 " 包含，值紧跟在等号 = 之后。每一个键都包含至少一个字符串类型的键值，这个键值在注册表编辑器中显示为“默认值”(default)。你可以通过指定名称为 @ 的值来修改默认值。

例如：

@="this is the default value."

2.3.1 字符串

字符串可以是任意长度的，用引号 " 包含起来的由ASCII码字符组成的值。字符 " 和 \ 也可以包含在字符串中，不过需要用 \" 和 \\ 进行转义。同时，注册表编辑器可以导入导出除换行符(以及新行符，即ASCII码10所指定的字符)以外的非ACSII码字符。

当一个字符串值中包含换行符，在导出的时候会被输出成两行，但是再次导入时，只能导入第一行，第二行将被忽略。因此请牢记：不要在字符串值中包含换行符。

例如：

"foo"="bar"

"foopath"="c:\\windows\\system"

"foomessage"="this/nmessage/nactually/nconsists/nof/one/nlong/nline."

2.3.2 二进制值

在字符串和双字不适用的场合，可以使用二进制值。二进制值可以用来储存任意类型的数据，其格式为 hex:xx,yy,zz 等，其中xx、yy、zz是用16进制值表示的单字节值，二进制值可以是任意长度的。

较长的二进制值可以用C语言多行符 \ 分割成多行显示。

例如：

"bar"=hex:48,00,00,00,01,00,00,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a, 00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00, 0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,00,00,00,00,c4,ac,01, 00

请记住，\ 符只能够应用在二进制值当中。另外，微软声明一个二进制值不可以存储超过2K的资料，这也是值得注意的。

二进制值的例子：

"foo"=hex:00,de,ca,de,12,34

2.3.2.1 特定二进制类型

除了常规的二进制值，还有若干特定类型的二进制值。我们可以这样指定：

"foobar"=hex(type):xx,xx,xx,xx,...

这些类型由 0 到 10 这些数字代表，具体如下：

0 reg_none

1 reg_sz

2 reg_expand_sz

3 reg_binary

4 reg_dword, reg_dword_little_endian

5 reg_dword_big_endian

6 reg_link

7 reg_multi_sz

8 reg_resource_list

9 reg_full_resource_descriptor

10 reg_resource_requirements_list

2.3.2.1.1 reg_none类型

默认的二进制值类型，应用在无特殊要求的场合。

2.3.2.1.2 reg_sz类型

以'\0'结尾的字符串。这是用二进制值来指定的字符串值，以下两种表达方法是一样的：

"barfoo"=hex(1):41,42,43,44,00

"barfoo"="abcd"

参见2.3.1，字符串。

2.3.2.1.3 reg_expand_sz类型

包含隐含串的字符串，一般是对环境变量的引用。当一个应用程序读到这样字符串，系统将把引用串转换为正确的环境变量值。

下面的例子表示字符串"%path%;something"，当这个值被引用的时候，"%path%"会被转化为当前系统的 path 值。

"forbaa"=hex(2):25,50,41,54,48,25,3b,53,6f,6d,65,74,68,69,6e,67,00

2.3.2.1.4 reg_dword, reg_dword_little_endian类型

小段对齐，是通常的双字数据类型，在这种格式下存储，高位字节在前，低位字节在后。

2.3.2.1.5 reg_dword_big_endian类型

大段对齐，是苹果机的双字数据类型，在这种格式下存储，低位字节在前，高位字节在后。

2.3.2.1.6 reg_link类型

Unicode符号连接。

2.3.2.1.7 reg_multi_sz

多字节字符串集，以连续两个'\0'结束，例如：

"farboo"=hex(7):41,42,43,44,00,45,46,47,48,00,00

表示"abcd"和"efgh"两个字符串。

2.3.2.1.8 reg_resource_list

设备驱动程序资源列表。

2.3.2.1.9 reg_full_resource_descriptor

微软保留数据类型，用于辅助设备驱动程序。

2.3.2.1.10 reg_resource_requirements_list

微软保留数据类型，用于辅助设备驱动程序。

2.3.3. 双字数据类型

双字数据类型，即32位整数，表示为 dword:xxxxxxxx，其中 x 是一个表示4位二进制的16进制值。

例如：

"foo"=dword:00decade

3 结语

本文简要介绍了.Reg文件的格式，由于作者水平有限，错漏之处在所难免，假如您发现了错误，请不吝赐教.

我的Email:j.mostert@oke.nl。

4 参考资料

以下是关于注册表知识的网址，希望对大家有所帮助。

(译者注：由于这些链接都是1997年4月以前的，因此不再翻译)

原文：

Thethe .reg file format

J.Mostert

1 introduction

the .reg file format is used by regedit, the program supplied with windows

3.x,

windows 95, and windows nt, to import and export settings from the

registry.

note that i will not explain what the registry is, how it works, or what

it can

be used for. there are other documents describing the registry and it's

most

interesting parts all over the net - check out some of the links at the

end of

this document. also, i will not provide you with information on regedit for

windows 3.x - i know that it exists, but not if it's format is in any way

the regedit of 95/nt. besides, the registry is much less interesting on

windows

3.x.

2 description

the file is formatted as plain ascii text. every line is ended with a cr/lf

combination.

2.1 header

it starts with regeditx, where x is regedit's version number - on 95/nt,

it's

4, making the string regedit4.

this is also the only part of the file actually checked by regedit when

it's

importing - if the file contains any formatting errors, regedit will not

notify

you and simply skip the settings that contain errors.

in particular, regedit will pretty much accept anything as long as it

starts

with regeditx, and ignore anything erroneous. yes, that does add up to the

microsoft stupid mistakes list.

2.2 keys

key names are exported as they are encountered, but need not be in any

order.

subkeys are explicitly named. for example, if you had the key

hkey_classes_root\clsid and it's subkey

hkey_classes_root\clsid\{21ec2020-3aea-1069-a2dd-08002b30309d} (which

represents the classid of the control panel, by the way), they would be

exported as:

[hkey_classes_root\clsid]

[hkey_classes_root\clsid\{21ec2020-3aea-1069-a2dd-08002b30309d}]

for a key name to be valid, it must start with one of the root key names:

hkey_classes_root, hkey_current_user, hkey_local_machine, hkey_users,

hkey_current_config and hkey_dyn_data.

a key name may only contain printable ascii characters (that is, characters

with values from 32 through 127) and may not contain spaces, backslashes \

the wildcards * and ?.

every key name is followed by it's values, starting on the line directly

following it. the list of values is terminated with an empty line, and may

empty itself.

for example:

[key-name]

[second-key-name]

"value1"=something

"value2"=something

[third-key-name]

if a key is specified which does not exist, it is created, along with any

parent keys that do not exist. for example, if the key

hkey_users\jeroen\test\subkey is specified, and only the key

hkey_users\jeroen

exists, the key hkey_users\jeroen\test is also created.

note that you cannot delete keys or values - you can only add them if they

don't already exist, or modify them if they do.

2.3 values

there are three kinds of values in the registry: strings, binary values,

and

dwords. they represent a collection of characters, a collection of bytes,

and a

32-bit integer, respectively.

values consist of a name, enclosed in quotes "", followed by an equal sign

= ,

followed by the value value (there's no other way to put it).

every key, even if created empty, contains at least one string value -

this is

the value shown as (default) in regedit. to set it's value, use @ as the

value

name, and omit the usual quotes around the value name.

example:

@="this is the default value."

2.3.1 strings

strings may be any size. they are represented within quotes "", and contain

normal ascii characters.

the quote " and backslash \ are also allowed in strings - however, they

must be

represented as \" and \\, respectively. also, regedit can import and

export all

non-ascii characters except for linefeed (or newline, ascii code 10).

should a

linefeed end up in a string, regedit will export this as a real newline,

splitting the string in two lines. when reimporting this string, regedit

will

only read the first line. the moral of the story: don't store linefeeds in

strings.

examples of strings:

"foo"="bar"

"foopath"="c:\\windows\\system"

"foomessage"="this/nmessage/nactually/nconsists/nof/one/nlong/nline."

2.3.2 binary values

binary values are used where strings and dwords fail. they can be used to

represent any type of data. they are represented as hex:xx,yy,zz where

xx,yy

and zz are hexadecimal representations of single bytes. they may be any

length.

lengthy binary values can be divided into multiple lines using the c line

separator \. for example:

also take note that this is only allowed with binary values. in

particular, you

cannot divide strings this way. and yes, this is pretty stupid.

although i usually ignore microsoft, they recommend you shouldn't store

than around two kilobytes of binary data at most, and i agree with them for

once.

example of binary values:

"foo"=hex:00,de,ca,de,12,34

2.3.2.1 types of binary values

along with 'regular' binary values, there are also some special types of

data

which regedit represents as special binary values, like this:

"foobar"=hex(type):xx,xx,xx,xx,...

where type is a number ranging from zero to ten in the current versions of

windows, as follows:

type name

0 reg_none

1 reg_sz

2 reg_expand_sz

3 reg_binary

4 reg_dword, reg_dword_little_endian

5 reg_dword_big_endian

6 reg_link

7 reg_multi_sz

8 reg_resource_list

9 reg_full_resource_descriptor

10 reg_resource_requirements_list

2.3.2.1.1 reg_none

reg_none means 'no defined value type'. no, i don't know what it's good

for -

reg_binary is already a catch-all type for everything that has no type.

perhaps

it's used for values that have no contents, although i can't imagine what

that

would be good for.

2.3.2.1.2 reg_sz

a null-terminated string. this is the same as the string type, represented

bytes. for example, these definitions are equal:

"barfoo"=hex(1):41,42,43,44,00

and

"barfoo"="abcd"