Master Windows Registry with Python: Complete winreg Guide

Introduction

Hello, I am the IT sharer known as Pipi.

The Windows Registry is a core component of Windows, essentially a large database that stores startup information, logs, and configuration data. This article shows how to manipulate the registry using Python.

1. Getting Started with the Registry

You can open the registry by running regedit from the Run dialog.

The main registry hives correspond to machine‑wide and user‑specific settings.

2. The winreg Module

Python provides the built‑in winreg module for registry operations.

3. Importing the Module

import winreg

Constants

Key hive constants:

winreg.HKEY_CLASSES_ROOT     # Application and shell information
winreg.HKEY_CURRENT_USER     # Current user settings
winreg.HKEY_LOCAL_MACHINE    # System‑wide settings
winreg.HKEY_USERS            # All users
winreg.HKEY_PERFORMANCE_DATA # Performance data
winreg.HKEY_CURRENT_CONFIG   # Hardware configuration
winreg.HKEY_DYN_DATA         # Not available on Windows 98 and later

Access Rights

winreg.KEY_ALL_ACCESS
winreg.KEY_WRITE
winreg.KEY_READ
winreg.KEY_EXECUTE
winreg.KEY_QUERY_VALUE
winreg.KEY_SET_VALUE
winreg.KEY_CREATE_SUB_KEY
winreg.KEY_ENUMERATE_SUB_KEYS
winreg.KEY_NOTIFY
winreg.KEY_CREATE_LINK

64‑bit View Flags

winreg.KEY_WOW64_64KEY  # 64‑bit view
winreg.KEY_WOW64_32KEY  # 32‑bit view

Value Types

winreg.REG_BINARY
winreg.REG_DWORD
winreg.REG_DWORD_LITTLE_ENDIAN
winreg.REG_DWORD_BIG_ENDIAN
winreg.REG_EXPAND_SZ
winreg.REG_LINK
winreg.REG_MULTI_SZ
winreg.REG_NONE
winreg.REG_QWORD
winreg.REG_QWORD_LITTLE_ENDIAN
winreg.REG_RESOURCE_LIST
winreg.REG_FULL_RESOURCE_DESCRIPTOR
winreg.REG_RESOURCE_REQUIREMENTS_LIST
winreg.REG_SZ

4. Common Registry Operations

1. Connect to a Remote Registry

reg = winreg.ConnectRegistry(r'\\ComputerName', winreg.HKEY_LOCAL_MACHINE)

Administrator rights are required; you can check with the ctypes module.

import ctypes, sys

def admin():
    return ctypes.windll.shell32.IsUserAnAdmin()

if admin():
    winreg.ConnectRegistry(r'\\ComputerName', winreg.HKEY_LOCAL_MACHINE)
else:
    # Relaunch with elevation
    if sys.version_info[0] == 3:
        ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)
    else:
        ctypes.windll.shell32.ShellExecuteW(None, u"runas", unicode(sys.executable), unicode(__file__), None, 1)

2. Close a Registry Handle

winreg.CloseKey(reg)
# or
reg.Close()

3. Open a Registry Key

winreg.OpenKey(key, sub_key, reserved=0, access=winreg.KEY_READ)
winreg.OpenKeyEx(key, sub_key, reserved=0, access=winreg.KEY_READ)

4. Create a New Key

winreg.CreateKey(key, sub_key)
winreg.CreateKeyEx(key, sub_key, reserved=0, access=winreg.KEY_WRITE)

5. Delete a Key or Value

winreg.DeleteKey(key, sub_key)          # cannot delete if subkeys exist
winreg.DeleteKeyEx(key, sub_key, reserved=0, access=winreg.KEY_WOW64_64KEY)
winreg.DeleteValue(key, value_name)

6. Enumerate Keys and Values

winreg.EnumKey(key, index)
winreg.EnumValue(key, index)

7. Flush Changes

winreg.FlushKey(key)

8. Load a Hive

winreg.LoadKey(key, sub_key, file_name)

9. Query Information

winreg.QueryInfoKey(key)
winreg.QueryValue(key, sub_key)
winreg.QueryValueEx(key, value_name)

10. Save a Hive

winreg.SaveKey(key, file_name)

11‑12. Reflection Control

winreg.DisableReflectionKey(key)
winreg.EnableReflectionKey(key)
winreg.QueryReflectionKey(key)  # True means disabled

13. Set a Value

winreg.SetValue(key, sub_key, type, value)
winreg.SetValueEx(key, value_name, reserved, type, value)

5. Practical Example: Locate and Launch 360 Security Guard

Find the uninstall key for 360 Security Guard and read the DisplayIcon value to obtain the executable path.

reg = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360安全卫士")
path = winreg.QueryValueEx(reg, 'DisplayIcon')
print(path[0])

Launch the program using os.popen and then close the handle.

import os
os.popen(path[0])
winreg.CloseKey(reg)

Conclusion

The winreg module enables a wide range of registry manipulations, from reading and writing values to creating and deleting keys, which can be useful for automation, configuration, or security research.