.Reg文件格式
原作:J.Mostert
翻译:淡月儿
1 概述
注册表编辑器使用.Reg文件格式导入、导出注册表设置,支持的操作系统包括Windows3.X,Windows95/98/NT及以上。尽管注册表的作用和原理十分重要,但本文不打算介绍,你可以通过文末列出的网址,获得相关的信息。同时,Windows3.X的.Reg文件格式与Windows95以上不尽相同,本文将忽略这方面的内容,毕竟Windows3.X的注册表已经不太重要。
2 详细说明
.Reg文件是ASCII码组成的无格式纯文本,每一行以“cr/lf”结尾。
2.1 文件头
.reg文件开头是注册表编辑器的版本,Windows95/NT下版本是4,你可以使用这样的字符串:regedit4。在执行导入前,注册表编辑器将会检查版本是否正确,并在不匹配时给与提示,这也是注册表编辑器对.Reg文件做的唯一检查。一般情况下,注册表编辑器会默默忽略掉错误的文件内容不予导入注册表,更多情况下会把可能导致问题的内容导入注册表,这是微软注册表编辑器的一个缺陷。
2.2 键
键和子键被原样导出至.Reg文件,没有顺序差别。
例如:
hkey_classes_root\clsid键下面有hkey_classes_root\clsid\{21ec2020-3aea-1069-a2dd-08002b30309d}这个子键(这个键的作用是在控制面板上添加一个类声明),它按如下格式导出:
[hkey_classes_root\clsid]
[hkey_classes_root\clsid\{21ec2020-3aea-1069-a2dd-08002b30309d}]
任何一个有效键值都必须包含完整的路径,因此必定以根键开头,根键包括:
hkey_classes_root
hkey_current_user
hkey_local_machine
hkey_users
hkey_current_config
hkey_dyn_data
键名只可以由ASCII码中的可打印字符组成(即ASCII码32至127所代表的字符),键名不可以包含空格、反斜杠( \ )以及通配符( * 和 ? )。每一个键名下紧跟着它的键值,键值列表以空行结束,一个键的键值列表可以就是一个空行。
例如:
[key-name]
[second-key-name]
"value1"=something
"value2"=something
[third-key-name]
假如在文件中指定了一个不存在的键值,那么在导入的时候这个键连同它的根键(假如不存在的话)都将被创建。
例如:
文件中指定了hkey_users\jeroen\test\subkey这个键;
注册表中只存在hkey_users\jeroen这个键;
当导入以后,hkey_users\jeroen\test这个键会被创建。
注意,你只能添加或修改键和键值,而不能删除它们。
(译者注:事实上可以删除,方法是在键名前面加上 - 号,该键连同其子键将被删除;在指定键值为 - ,可以删除该键值。)
2.3 键值
注册表键值可以是三种数据类型:字符串(string)、二进制值(binary value)和双机器字(dword,即32位整数)。键值的名称以引号 " 包含,值紧跟在等号 = 之后。每一个键都包含至少一个字符串类型的键值,这个键值在注册表编辑器中显示为“默认值”(default)。你可以通过指定名称为 @ 的值来修改默认值。
例如:
@="this is the default value."
2.3.1 字符串
字符串可以是任意长度的,用引号 " 包含起来的由ASCII码字符组成的值。字符 " 和 \ 也可以包含在字符串中,不过需要用 \" 和 \\ 进行转义。同时,注册表编辑器可以导入导出除换行符(以及新行符,即ASCII码10所指定的字符)以外的非ACSII码字符。
当一个字符串值中包含换行符,在导出的时候会被输出成两行,但是再次导入时,只能导入第一行,第二行将被忽略。因此请牢记:不要在字符串值中包含换行符。
例如:
"foo"="bar"
"foopath"="c:\\windows\\system"
"foomessage"="this/nmessage/nactually/nconsists/nof/one/nlong/nline."
2.3.2 二进制值
在字符串和双字不适用的场合,可以使用二进制值。二进制值可以用来储存任意类型的数据,其格式为 hex:xx,yy,zz 等,其中xx、yy、zz是用16进制值表示的单字节值,二进制值可以是任意长度的。
较长的二进制值可以用C语言多行符 \ 分割成多行显示。
例如:
"bar"=hex:48,00,00,00,01,00,00,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a, 00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00, 0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,00,00,00,00,c4,ac,01, 00
请记住,\ 符只能够应用在二进制值当中。另外,微软声明一个二进制值不可以存储超过2K的资料,这也是值得注意的。
二进制值的例子:
"foo"=hex:00,de,ca,de,12,34
2.3.2.1 特定二进制类型
除了常规的二进制值,还有若干特定类型的二进制值。我们可以这样指定:
"foobar"=hex(type):xx,xx,xx,xx,...
这些类型由 0 到 10 这些数字代表,具体如下:
0 reg_none
1 reg_sz
2 reg_expand_sz
3 reg_binary
4 reg_dword, reg_dword_little_endian
5 reg_dword_big_endian
6 reg_link
7 reg_multi_sz
8 reg_resource_list
9 reg_full_resource_descriptor
10 reg_resource_requirements_list
2.3.2.1.1 reg_none类型
默认的二进制值类型,应用在无特殊要求的场合。
2.3.2.1.2 reg_sz类型
以'\0'结尾的字符串。这是用二进制值来指定的字符串值,以下两种表达方法是一样的:
"barfoo"=hex(1):41,42,43,44,00
"barfoo"="abcd"
参见2.3.1,字符串。
2.3.2.1.3 reg_expand_sz类型
包含隐含串的字符串,一般是对环境变量的引用。当一个应用程序读到这样字符串,系统将把引用串转换为正确的环境变量值。
下面的例子表示字符串"%path%;something",当这个值被引用的时候,"%path%"会被转化为当前系统的 path 值。
"forbaa"=hex(2):25,50,41,54,48,25,3b,53,6f,6d,65,74,68,69,6e,67,00
2.3.2.1.4 reg_dword, reg_dword_little_endian类型
小段对齐,是通常的双字数据类型,在这种格式下存储,高位字节在前,低位字节在后。
2.3.2.1.5 reg_dword_big_endian类型
大段对齐,是苹果机的双字数据类型,在这种格式下存储,低位字节在前,高位字节在后。
2.3.2.1.6 reg_link类型
Unicode符号连接。
2.3.2.1.7 reg_multi_sz
多字节字符串集,以连续两个'\0'结束,例如:
"farboo"=hex(7):41,42,43,44,00,45,46,47,48,00,00
表示"abcd"和"efgh"两个字符串。
2.3.2.1.8 reg_resource_list
设备驱动程序资源列表。
2.3.2.1.9 reg_full_resource_descriptor
微软保留数据类型,用于辅助设备驱动程序。
2.3.2.1.10 reg_resource_requirements_list
微软保留数据类型,用于辅助设备驱动程序。
2.3.3. 双字数据类型
双字数据类型,即32位整数,表示为 dword:xxxxxxxx,其中 x 是一个表示4位二进制的16进制值。
例如:
"foo"=dword:00decade
3 结语
本文简要介绍了.Reg文件的格式,由于作者水平有限,错漏之处在所难免,假如您发现了错误,请不吝赐教.
我的Email:j.mostert@oke.nl。
4 参考资料
以下是关于注册表知识的网址,希望对大家有所帮助。
(译者注:由于这些链接都是1997年4月以前的,因此不再翻译)
原文:
Thethe .reg file format
J.Mostert
1 introduction
the .reg file format is used by regedit, the program supplied with windows
3.x,
windows 95, and windows nt, to import and export settings from the
registry.
note that i will not explain what the registry is, how it works, or what
it can
be used for. there are other documents describing the registry and it's
most
interesting parts all over the net - check out some of the links at the
end of
this document. also, i will not provide you with information on regedit for
windows 3.x - i know that it exists, but not if it's format is in any way
like
the regedit of 95/nt. besides, the registry is much less interesting on
windows
3.x.
2 description
the file is formatted as plain ascii text. every line is ended with a cr/lf
combination.
2.1 header
it starts with regeditx, where x is regedit's version number - on 95/nt,
it's
4, making the string regedit4.
this is also the only part of the file actually checked by regedit when
it's
importing - if the file contains any formatting errors, regedit will not
notify
you and simply skip the settings that contain errors.
in particular, regedit will pretty much accept anything as long as it
starts
with regeditx, and ignore anything erroneous. yes, that does add up to the
microsoft stupid mistakes list.
2.2 keys
key names are exported as they are encountered, but need not be in any
order.
subkeys are explicitly named. for example, if you had the key
hkey_classes_root\clsid and it's subkey
hkey_classes_root\clsid\{21ec2020-3aea-1069-a2dd-08002b30309d} (which
represents the classid of the control panel, by the way), they would be
exported as:
[hkey_classes_root\clsid]
[hkey_classes_root\clsid\{21ec2020-3aea-1069-a2dd-08002b30309d}]
for a key name to be valid, it must start with one of the root key names:
hkey_classes_root, hkey_current_user, hkey_local_machine, hkey_users,
hkey_current_config and hkey_dyn_data.
a key name may only contain printable ascii characters (that is, characters
with values from 32 through 127) and may not contain spaces, backslashes \
or
the wildcards * and ?.
every key name is followed by it's values, starting on the line directly
following it. the list of values is terminated with an empty line, and may
be
empty itself.
for example:
[key-name]
[second-key-name]
"value1"=something
"value2"=something
[third-key-name]
if a key is specified which does not exist, it is created, along with any
parent keys that do not exist. for example, if the key
hkey_users\jeroen\test\subkey is specified, and only the key
hkey_users\jeroen
exists, the key hkey_users\jeroen\test is also created.
note that you cannot delete keys or values - you can only add them if they
don't already exist, or modify them if they do.
2.3 values
there are three kinds of values in the registry: strings, binary values,
and
dwords. they represent a collection of characters, a collection of bytes,
and a
32-bit integer, respectively.
values consist of a name, enclosed in quotes "", followed by an equal sign
= ,
followed by the value value (there's no other way to put it).
every key, even if created empty, contains at least one string value -
this is
the value shown as (default) in regedit. to set it's value, use @ as the
value
name, and omit the usual quotes around the value name.
example:
@="this is the default value."
2.3.1 strings
strings may be any size. they are represented within quotes "", and contain
normal ascii characters.
the quote " and backslash \ are also allowed in strings - however, they
must be
represented as \" and \\, respectively. also, regedit can import and
export all
non-ascii characters except for linefeed (or newline, ascii code 10).
should a
linefeed end up in a string, regedit will export this as a real newline,
splitting the string in two lines. when reimporting this string, regedit
will
only read the first line. the moral of the story: don't store linefeeds in
strings.
examples of strings:
"foo"="bar"
"foopath"="c:\\windows\\system"
"foomessage"="this/nmessage/nactually/nconsists/nof/one/nlong/nline."
2.3.2 binary values
binary values are used where strings and dwords fail. they can be used to
represent any type of data. they are represented as hex:xx,yy,zz where
xx,yy
and zz are hexadecimal representations of single bytes. they may be any
length.
lengthy binary values can be divided into multiple lines using the c line
separator \. for example:
"bar"=hex:48,00,00,00,01,00,00,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a, 00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00, 0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,0a,00,00,00,00,00,c4,ac,01, 00
also take note that this is only allowed with binary values. in
particular, you
cannot divide strings this way. and yes, this is pretty stupid.
although i usually ignore microsoft, they recommend you shouldn't store
more
than around two kilobytes of binary data at most, and i agree with them for
once.
example of binary values:
"foo"=hex:00,de,ca,de,12,34
2.3.2.1 types of binary values
along with 'regular' binary values, there are also some special types of
data
which regedit represents as special binary values, like this:
"foobar"=hex(type):xx,xx,xx,xx,...
where type is a number ranging from zero to ten in the current versions of
windows, as follows:
type name
0 reg_none
1 reg_sz
2 reg_expand_sz
3 reg_binary
4 reg_dword, reg_dword_little_endian
5 reg_dword_big_endian
6 reg_link
7 reg_multi_sz
8 reg_resource_list
9 reg_full_resource_descriptor
10 reg_resource_requirements_list
2.3.2.1.1 reg_none
reg_none means 'no defined value type'. no, i don't know what it's good
for -
reg_binary is already a catch-all type for everything that has no type.
perhaps
it's used for values that have no contents, although i can't imagine what
that
would be good for.
2.3.2.1.2 reg_sz
a null-terminated string. this is the same as the string type, represented
as
bytes. for example, these definitions are equal:
"barfoo"=hex(1):41,42,43,44,00
and
"barfoo"="abcd"
see also 2.3.1, strings.
2.3.2.1.3 reg_expand_sz
a null-terminated string that contains unexpanded references to environment
variables. when an application reads this string from the registry, it can
let
windows replace the references with the environment variable value.
for example, the following value
"forbaa"=hex(2):25,50,41,54,48,25,3b,53,6f,6d,65,74,68,69,6e,67,00
represents the string "%path%;something". when this string is read, the
"%path%" section can be replaced with the contents of your path variable.
2.3.2.1.4 reg_dword, reg_dword_little_endian
represents a little-endian dword (the common format of windows dwords). in
little-endian format, the most significant byte of a word is the high-order
byte. see also 2.3.3, dwords.
2.3.2.1.5 reg_dword_big_endian
represents a big-endian dword (used on macintoshes, for example). as you
can
probably guess, in big-endian format, the most significant byte of a word
is
the low-order byte.
2.3.2.1.6 reg_link
represents a unicode symbolic link. no, i don't know what this is, and i
probably don't want to know either.
2.3.2.1.7 reg_multi_sz
a collection of null-terminated strings, null-terminated. for example:
"farboo"=hex(7):41,42,43,44,00,45,46,47,48,00,00
represents two strings: "abcd" and "efgh".
2.3.2.1.8 reg_resource_list
a device driver resource list. another one in the category "don't know and
don't want to know."
2.3.2.1.9 reg_full_resource_descriptor
undocumented. it's probably ment for windows itself only, as device driver
stuff.
2.3.2.1.10 reg_resource_requirements_list
undocumented. it's probably ment for windows itself only, as device driver
stuff.
2.3.3. dwords
dwords are 32-bit integers represented as dword:xxxxxxxx, where x is a
hexadecimal digit. they're pretty boring, as that's all i can tell about
them.
example of dword values:
"foo"=dword:00decade
3. the end
that's about it - the .reg format is pretty simple, but it does the job.
should you find any unclarities, mistakes or things you think are missing,
contact me by emailing to "j.mostert@oke.nl".
4. well, almost, we still need the links
oh yeah, here are the links i promised, listed in no particular order. they
were all valid on november 4th, 1997.
http://help.mindspring.com/technotes/96dec/registry1.htm
this is the registry page at technotes+, the site for a lot of tips and
tricks
about pretty much anything technical. it contains an introduction to the
registry, and how it should be used. i recommend to read this first if
you've
never even heard about this registry thing.
http://www.geocities.com/siliconvalley/pines/2857/
this is a registry page by neil mcquarry, and a nice one it is, too. it
contains a quick introduction to the registry, a brief description of .reg
files, and a detailed description of various keys of interest. recommended
if
you want to get the most of the registry.
this is amazons home page, "earth's biggest bookstore". try their search
function to search for "windows registry" - this will provide you with more
than enough literary references. no online information, however.
this is the tips section of windows95.com. although it doesn't contain just
registry tips, it's really worth checking out. but then again, all of
windows95.com is worth checking out. if you have windows 95/nt, be sure to
visit it.