What are the valid characters for Registry keys and valuenames?

For all things Windows, MSDN has to be the authoritative source -- the article on Registry Element Size Limits implies Unicode is good and Structure of the Registry says that backslash and non-printable characters are disallowed in key names. Values merely have to be entirely printable characters.

Just did an experiment with the Windows 7 registry: programmatically creating a key name with the 01 Hex (ASCII SOH) character in front of the word 'TEST' (in Delphi that is the string: #1'Test'). This is something that REGEDIT will not allow you to do by typing - even with ALT-Keypad operations.

Not only did it create the key, it showed the key in REGEDIT as having a 'wide' space where the #1 character resided.

Copying and pasting this new subkey name into TEXTPAD allowed me to verify that it was indeed still a #1 character.

I've never read anywhere that #1 is deemed 'printable', but in Windows anything other than 00 Hex can be put into a print string and literally anything can be sent to a printer, so I guess the MSDN statement about this limitation is an oxymoron: because in Windows being a character implies being printable, ergo unprintable character becomes ...well, meaningless.

Whilst you cannot type that #1 character directly into REGEDIT as a keyname (using the ALT-keypad-number entry method), you can nontheless paste it back from TEXTPAD to REGEDIT as part of a rename-operation. REGEDIT will even complain if you paste it to rename another peer subkey to your original one because the 'specified key already exists'.

Interestingly, I also experimented with the character #256 (which is no-longer ASCII, but is theoretically a Unicode Widechar, but not necessarily one deemed as "printable" if any parts of the input, storage or output mechanisms reject it).

Whilst I could create such a key programmatically, and see a strange looking 'A' in REGEDIT, it became somewhat less reliable in cut-and-paste. I'm guessing that the clipboard operations and interactions with different applications make this sort of thing a very dubious practice since TEXTPAD, for instance, might be making assumptions about whether you were pasting byte characters or wide characters that don't quite match what REGEDIT put into the clipboard - and vice-versa. If the code behind these operations are just expecting ANSI strings or UTF-16 Wide-Strings, and are being given something different, including byte-order differences and UTF-8 or similar differences that they were not expecting, then things are very likely to go wrong.

Finally, I experimented with an attempt to inject a widechar with order 0FFFF hex. That did not actually give any visual presence of the character in REGEDIT - how "unprintable" is that, then?. But the name did include the invisible character. I confirmed this by actually trying to create a separate peer subkey in REGEDIT without the offending character and as a result obtained what visually looked like two identical keys!

So in summary: It seems that you can put literally any character into a subkey name as long as it isn't a '\'. But it probably is not a very good idea to do so. And I think the term 'unprintable' in Windows generally only applies to 00 hex - and that is because it is usually used as a string terminator and therefore is a little bit difficult to 'send' through the registry API as a character!

What is quite worrying is the ability that this gives hackers to confuse and mislead. You could quite literally create a whole raft of registry subkeys that appear to have no names at all and can only be meaningfully used by applications, not humans. Yes, you could do that with space-characters, but some unicode characters (like FFFFh) have no width, and you can use any number of them together to create a unique and invisible name, or parts in a name! This makes them almost impossible to detect without using a laborious cut-and-paste, or a dedicated automated tool. In REGEDIT they all just look like identically named, or indeed unnamed, keys.

For allowable key and value names, see the MSDN page on Structure of the Registry. In particular:

Each key has a name consisting of one or more printable characters. Key names are not case sensitive. Key names cannot include the backslash character (\), but any other printable character can be used. Value names and data can include the backslash character.

Registry value types are explained in detail on MSDN here, in case you need to know the allowable values.