I recently came across an interesting bit inside the Registry of Windows 10.
The key:
- HKLM\system\currentcontrolset\control\hiveredirectionlist
is looked at during the system boot by the smss.exe process and the latter attempts to read the following entries underneath:
- \REGISTRY\MACHINE\HARDWARE
- \REGISTRY\MACHINE\SECURITY
- \REGISTRY\MACHINE\SOFTWARE
- \REGISTRY\MACHINE\SYSTEM
- \REGISTRY\USER\.DEFAULT
- \REGISTRY\MACHINE\SAM
Googling around brought only one meaningful result talking about Container technology inside Windows 10 and Windows Server 2016. These entries will be used to deliver the redirection functionality intended to support a full isolation of the container.
So… now we will have Container Registry redirection, on top of a WOW Registry Redirection and WOW Registry Reflection, on top of a temporary Registry overriding, on top of INI to Registry mapping.