I find the windows registry a fascinating mystery, why does something that sounds like such a good idea (hey lets put all the config into one place, a database for configs.) end up being so miserable to be around in practice?
As a good unixaphile My conclusion is that it is because now you have two trees, a main database tree that has excellent ergonomics and tooling(the filesystem). and the registry tree where all the access patterns are special and different and the tooling sort of sucks.
I feel this article could make the same conclusion about the main filesystem if it wanted to. But I do note that because the main filesystem is not the redheaded stepchild tree, any problems with it tend to be fixed.
As a humorous footnote, I really appreciate the plan9 mindset, that single minded devotion to "The One True Tree" that when they wanted a web browser they said "hey the DOM is a tree structure. throw it in the filesystem" those glorious crazy bastards.
The reason the registry sucks is the same reason desktop operating systems generally suck: it isn’t sandboxed. Applications should not have a global view of the system and other applications. They should have their own container where they can do stuff, like write registry keys, write files, do stuff with whatever is exposed to the container. When the app is removed, everything inside that container goes with it. Of course, this is how mobile operating systems work, and they’re rock solid compared to Windows.
When you remove an app on Windows a bunch of garbage just gets orphaned on your system to the end of time.
pathartl · 15h ago
I've been working a lot with older games and a big issue I see is developer discipline.
There's also developers that throw everything they can in HKLM when HKCU is almost always more appropriate.
It was also complicated with the introduction of WoW64, and then the introduction of the VirtualStore. Don't get me wrong, segmenting off all of those prevented a ton of potential collisions, but I feel like there's a more elegant way to handle it. Personally, I've been working on writing a library to hook every registry call and read from a text config file instead.
1970-01-01 · 1d ago
The Windows registry is a massive 30+ year modern labyrinth that is still under construction. Deadly traps, hidden treasures, and secret doors thoroughly litter it. I recently discovered yet another of secret within it: Setting some critical kernel mode drivers to silently fail will allow one to continue booting the system if that kernel driver has been corrupted. Great write-up, thanks for sharing.
simoncion · 23h ago
"OS continues to boot when you tell it to make failure to load a driver a warning, rather than a catastrophic error." seems to me to be the system working as intended.
Triply so if you have to be on the other side of the airtight hatchway (as it were) to instruct the OS to do this. What am I missing? [0]
[0] NOTE: "It shouldn't permit a full computer administrator to let this happen!" is not a valid argument. Full admins have full control (and -often- physical access) to the machines they administer. If you don't trust your full admins, you've already lost.
pixl97 · 22h ago
This is where Windows gets messy on what the idea of an admin is. It came from a history of 'full admin by default' instead of a "you never use root unless ___".
If your grandma had a Windows XP box with a default user, it was a 'full admin', but most likely grandma had no idea of how to administer it. So you ended up with a SYSTEM privilege that is even above admin. The full admin needs to promote themselves (run as) temporarily to that priv to change some things.
mananaysiempre · 1d ago
> [W]ith registry hives, the initial refcount values are loaded from disk, from a file that we assume is controlled by the attacker.
As far as I remember, new hives are only mountable with administrator privileges (perhaps even only with Local System ones?..); and it’s long been Microsoft’s position that the administrator/kernel boundary is not a security one—and thus, for example, a driver signing bypass is not a security vulnerability[1]. That would imply that hive files are trusted as well, wouldn’t it? (At least as far as security is concerned, it would of course still be wise to check them because of possible disk corruption.)
I have mixed feelings regarding Microsoft’s policy and I am not trying to defend it here, to be clear, I’d just like to know if it has changed in recent years.
Yeah, several paragraphs down TFA mentions that unprivileged (and docunented) hive loading was introduced in Vista. Which checks out as far as my knowledge cutoff regarding Windows :)
zelon88 · 22h ago
Considering how terrible Android and ChromeOS and GCP is in every conceivable way, I'm surprised Google even has time to quantify the quality of Microsoft products.
https://googleprojectzero.blogspot.com/2024/04/the-windows-r...
https://googleprojectzero.blogspot.com/2024/04/the-windows-r...
https://googleprojectzero.blogspot.com/2024/06/the-windows-r...
https://googleprojectzero.blogspot.com/2024/10/the-windows-r...
https://googleprojectzero.blogspot.com/2024/12/the-windows-r...
https://googleprojectzero.blogspot.com/2025/04/the-windows-r...
As a good unixaphile My conclusion is that it is because now you have two trees, a main database tree that has excellent ergonomics and tooling(the filesystem). and the registry tree where all the access patterns are special and different and the tooling sort of sucks.
I feel this article could make the same conclusion about the main filesystem if it wanted to. But I do note that because the main filesystem is not the redheaded stepchild tree, any problems with it tend to be fixed.
As a humorous footnote, I really appreciate the plan9 mindset, that single minded devotion to "The One True Tree" that when they wanted a web browser they said "hey the DOM is a tree structure. throw it in the filesystem" those glorious crazy bastards.
https://man.cat-v.org/plan_9/4/webfs
When you remove an app on Windows a bunch of garbage just gets orphaned on your system to the end of time.
Take LOTR: Battle for Middle Earth II Rise of the Witch King: https://www.regfiles.net/registry/the-lord-of-the-rings-the-...
Not only does it have "Electronic Arts/Electronic Arts", the same game doesn't even follow its own standard!
Surely it's just that one game right? Nope! Here's the Sims 3 https://www.regfiles.net/registry/the-sims-3-steam-registry
And Battlefield 1942 on Origin https://www.regfiles.net/registry/battlefield-1942-ea-origin...
There's also developers that throw everything they can in HKLM when HKCU is almost always more appropriate.
It was also complicated with the introduction of WoW64, and then the introduction of the VirtualStore. Don't get me wrong, segmenting off all of those prevented a ton of potential collisions, but I feel like there's a more elegant way to handle it. Personally, I've been working on writing a library to hook every registry call and read from a text config file instead.
Triply so if you have to be on the other side of the airtight hatchway (as it were) to instruct the OS to do this. What am I missing? [0]
[0] NOTE: "It shouldn't permit a full computer administrator to let this happen!" is not a valid argument. Full admins have full control (and -often- physical access) to the machines they administer. If you don't trust your full admins, you've already lost.
If your grandma had a Windows XP box with a default user, it was a 'full admin', but most likely grandma had no idea of how to administer it. So you ended up with a SYSTEM privilege that is even above admin. The full admin needs to promote themselves (run as) temporarily to that priv to change some things.
As far as I remember, new hives are only mountable with administrator privileges (perhaps even only with Local System ones?..); and it’s long been Microsoft’s position that the administrator/kernel boundary is not a security one—and thus, for example, a driver signing bypass is not a security vulnerability[1]. That would imply that hive files are trusted as well, wouldn’t it? (At least as far as security is concerned, it would of course still be wise to check them because of possible disk corruption.)
I have mixed feelings regarding Microsoft’s policy and I am not trying to defend it here, to be clear, I’d just like to know if it has changed in recent years.
[1] https://github.com/ionescu007/r0ak
https://visualstudioextensions.vlasovstudio.com/2017/06/29/c...