Registry Value Types (Brief Overview)

Registry values store data in various formats. Understanding the basic types helps in interpreting the information found:

  • REG_SZ: A standard, fixed-length text string. Often used for file paths, descriptive names, or simple text settings.

  • REG_EXPAND_SZ: An expandable text string. Similar to REG_SZ, but it can contain environment variables (like %SystemRoot% or %USERNAME%) that are expanded by the system when the value is read.

  • REG_BINARY: Raw binary data, displayed in hexadecimal format in regedit. Used for storing complex configuration data, flags, or sometimes even small embedded files or structures.

  • REG_DWORD (32-bit) / REG_QWORD (64-bit): Numerical values. Often used for storing integer settings, boolean flags (where 0 typically means False/Disabled and 1 means True/Enabled), or bitmasks.

  • REG_MULTI_SZ: Stores multiple text strings within a single value entry. The strings are separated by null characters, with a final double null character indicating the end. Used for lists like network protocols or service dependencies.

PreviousRegistry Structure: Hives, Keys, and ValuesNextWindows Event Logs: Introduction

Last updated