1. Field of the Invention
The present invention is related to the field of computers. In particular, the present invention is related to a method and apparatus for authenticating registry information.
2. Description of the Related Art
The registry of an operating system, for example, the system registry in the Microsoft® Windows® operating system is a set of data files that stores settings and options for the Windows operating system. The system registry contains information and settings for the hardware, software, and user preferences for a machine, e.g., a computer. The system registry comprises a set of data files used to help the Windows operating system control the computer's hardware, software, and the user preferences.
System registry information in the Microsoft Windows operating system is contained in two files, system.dat and user.dat, located in the Windows directory. The system registry has a hierarchical structure, and may be accessed and edited using a program called regedit.exe that is located in the Windows directory. When editing the system registry, system registry entries are displayed using handle keys. In the Window's system registry there are six handle keys: HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, HKEY_USERS, HKEY_CURRENT_CONFIG, and HKEY_DYN_DATA. Each handle key stores a specific portion of the information stored in the registry. For example, the HKEY_LOCAL_MACHINESOFTWARE handle key stores settings for all 32-bit software applications installed on a computer. Control functions for software applications may be listed in the sub-keys associated with, for example, the HKEY_LOCAL_MACHINESOFTWARE handle key, or the HKEY_CURRENT_USER handle key.
In addition to the hardware and software configuration and control functions, certain software applications may use the system registry to store the Uniform Resource Locators (URLs) or other web-site information, based on which a user may either be permitted or prohibited from accessing web-sites. Because of the importance of the information stored in the registry, it is necessary to at least detect unauthorized changes to the system registry.