The registry also provides a window into the operation of the kernel, exposing runtime information such as performance counters and currently active hardware.

Windows API functions that query and manipulate registry values

Hives

HKEY_LOCAL_MACHINE ---> HKEY_CURRENT_USER

HKEY_CLASSES_ROOT (HKCR) ---> HKCU\Software\Classes
      file associations

HKEY_CURRENT_USER (HKCU)
NTUSER.DAT and USRCLASS.DAT

HKEY_CLASSES_ROOT

".擴展名"

Click 兩下開
shell   ->   open   ->   command

右鍵的選頂
shell   ->   <program_name>   ->   command

HKEY_CLASSES_ROOT\Directory
* 只影響一般文件夾

HKEY_CLASSES_ROOT\drive
* 影響磁碟機

HKEY_CLASSES_ROOT\folder
* 影響所有的文件夾，包括 我的文件, 回收站

HKEY_CLASSES_ROOT\AllFilesystemObjects
* 只影響一般文件夾及檔案

shellnew   ->    NullFile

shellex

ContextMenuHandlers
由應用程序擴展庫（.DLL）擴展而來
ContextMenuHandlers   ->   <program_name>   =   {唯一的數值}

{唯一的數值}的鍵內的預設值是 ???.dll 來

PropertySheetHandlers

===============================================
IE 右鍵選單

HKEY_USERS\S-1-5-21-527237240-682003330-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt

===============================================

ntbackup