Application Security Testing: An Integral Part of DevOps
What Is a Registry?
A Registry is a database repository for information about a computer's configuration. The Registry contains information that Windows continually references during operation, such as:
- Profiles for each user.
- The programs installed on the computer and the types of documents each can create.
- Property settings for folders and program icons.
- What hardware exists on the system.
- Which ports are being used.
The Registry is organized hierarchically as a tree and is made up of keys and their sub keys, hives, and value entries.
A sub key is a key within a key. In the Registry structure, sub keys are subordinate to sub-trees and keys. Keys and sub keys are similar to the section header in .ini files; however, sub keys can carry out functions.
A key that represents one of the main divisions of the Registry. Each predefined key is displayed in a separate Registry Editor window, with the key's name appearing in the window's title bar. For example, HKEY_CLASSES_ROOT is a predefined key.
The string of data that appears in the right pane of a Registry window and that defines the value of the currently selected key. A value entry has three parts: name, data type, and the value itself.
A section of the Registry that appears as a file on your hard disk. The Registry sub-tree is divided into hives (named for their resemblance to the cellular structure of a beehive). A hive is a discrete body of keys, sub keys, and values that is rooted at the top of the Registry hierarchy. A hive is backed by a single file and a .log file, which are in the systemroot\System32\Config or the systemroot\Profiles\username folders.
By default, most hive files (Default, SAM, Security, and System) are stored in the systemroot\System32\Config folder. The systemroot\Profiles folder contains the user profile for each user of the computer. Because a hive is a file, it can be moved from one system to another. However, you must use the Registry Editor to edit the file.
The path and folder name where the Windows system files are located. Typically, this is C:\Windows, although you can designate a different drive or folder when you install Windows. You can use the value %systemroot% to replace the actual location of the folder that contains the Window system files. To identify your systemroot folder, click Start, click Run, type %systemroot%, and then click OK.
Overview of Some Predefined Keys and Data Types in the Registry
|HKEY_CURRENT_USER||Contains the root of the configuration information for the user who is currently logged on. The user's folders, screen colors, and Control Panel settings are stored here. This information is referred to as a user's profile.|
|HKEY_USERS||Contains the root of all user profiles on the computer. HKEY_CURRENT_USER is a sub key of HKEY_USERS.|
|HKEY_LOCAL_MACHINE||Contains configuration information particular to the computer (for any user).|
|HKEY_CLASSES_ROOT||Is a sub key of HKEY_LOCAL_MACHINE\Software. The information stored here ensures that the correct program opens when you open a file by using Windows Explorer.|
|HKEY_CURRENT_CONFIG||Contains information about the hardware profile used by the local computer at system startup.|
The following table lists the data types currently defined and used by the system.
|REG_BINARY||Raw binary data. Most hardware component information is stored as binary data and is displayed in the Registry Editor in hexadecimal format.|
|REG_DWORD||Data represented by a number that is 4 bytes long. Many parameters for device drivers and services are this type and are displayed in the Registry Editor in binary, hexadecimal, or decimal format.|
|REG_EXPAND_SZ||A variable-length data string. This data type includes variables that are resolved when a program or service uses the data.|
|REG_MULTI_SZ||A multiple string. Values that contain lists or multiple values in a form that people can read are usually this type. Entries are separated by spaces, commas, or other marks.|
|REG_SZ||A fixed-length text string.|
|REG_FULL_RESOURCE_DESCRIPTOR||A series of nested arrays designed to store a resource list for a hardware component or driver.|
A brief history of the Registry
The concept of the Registry has been in existence only since Windows 95, the first GUI OS from Microsoft. Prior to that, the system information was stored in the form of INI files. Whenever software or hardware is installed, an INI file is automatically created; it stores the information about the installed hardware/software. The drawback of this system is that there is no centralized information available and the number of files in the system folder increases considerably.
Why Registry access?
A question may arise in the minds of programmers: Why do we need to access the Registry from our applications? The answer is:
- If you need to retrieve some system information
- If you want to maintain state information of your application, and so forth.
If you want to retrieve the Windows directory of the current system, you will have to use the API function GetWindowsDirectory. This function takes information from the Registry and gives it to you. In every system, Windows may not be necessarily installed on the C: drive and the path need not be necessarily C:\Windows or C:\Winnt. Therefore, hard-coding of this path will lead to invalid results.
Consider your application has provisions to change its environment settings like back color, fore color, and so on. You want the settings made in the previous session to be reflected automatically when you restart the application the next time. This will be impossible unless the information is stored physically somewhere outside the application and retrieved from there every time the application starts. The best and safer place to store this is in the Windows Registry.
You also can store the state information in an INI file created from the application, storing it in a predefined path and manipulating it whenever required. If different sets of information are needed to be stored separately, file maintenance becomes tedious. Login information also can be stored in the Registry and retrieved every time.
Registry Access Facilities in .NET
There are built-in classes in .NET that provide facility to access the Windows Registry from within your application.
Registry is a built-in class that helps in manipulating a Registry. RegistryKey is another class that helps manipulate a key in the Registry. By using these classes, one can access the Windows Registry in an easy and efficient manner. They have an exhaustive collection of built-in attributes and methods that facilitate the Registry manipulations.
On the other hand, Win32 APIs also could be used to manipulate the Windows Registry. This method is applicable for Visual Basic 6 also. There are separate functions for creating, opening, closing, and deleting keys and storing, retrieving, and modifying values of a key.