A Virtual Reality
Did you know that HKEY_CURRENT_USER isn’t a real subtree but rather a virtual subtree? Learn more about this subtree’s virtual reality and how it acts as the entry point in the registry for different users.
March 25, 2001
The HKEY_CURRENT_USER subtree contains all the information about the currently logged-on user. HKEY_CURRENT_USER is one subtree, whereas the users that can log on typically number more than one. How can one invariable subtree act as the entry point in the registry for different users?
The answer is quite simple: Like HKEY_CLASSES_ROOT, HKEY_CURRENT_USER isn't a real subtree but rather a virtual subtree—that is, a placeholder for another registry subtree that stores its content in a physical file on disk. For example, HKEY_CLASSES_ROOT is an alias for the HKEY_LOCAL_MACHINESOFTWAREClasses subkey. If you're skeptical, open the registry editor and compare the content of this subkey and the HKEY_CLASSES_ROOT subtree. Of all the subtrees that a registry editor shows you, only HKEY_LOCAL_MACHINE and HKEY_USERS store their content on disk in the registry folder.
HKEY_CURRENT_USER is an alias for one of the HKEY_USERS's subkeys—the one corresponding to the currently logged-on user. When a new user logs on, no changes occur in the registry. However, when you make a call to the registry API (i.e., a group of Win32 functions that let you work on the registry) and that call involves the HKEY_CURRENT_USER or HKEY_CLASSES_ROOT, the system internally maps to the right area in the disk files.
HKEY_CURRENT_USER and HKEY_CLASSES_ROOT are programming facilities that expose a common entry point, regardless of the connected user. Through them, the registry API virtualizes a portion of the registry content. When a registry editor (or any other registry utility) builds its UI, you see both the real and virtual subtrees. If you use the registry editor to make a change to the virtual subtree, the system immediately replicates the change in the corresponding real subkey, and vice versa. This replication isn't the result of synchronization, though. Instead, the system renders the same piece of memory with two names.
About the Author
You May Also Like