Track changes to file system and registry

1

There's a device driver for a piece of hardware that my company (re)sells that doesn't always uninstall cleanly. I'm pretty sure that the installer creates files and makes registry that aren't undone by the uninstaller. My idea is to create a new, clean virtual machine, install the driver, and track what changes it made so I can manually remove them.

Is there a way to do this? Or, is there a way to do a before-and-after comparison of the file system and registry, to see what changed?

Thanks for your time.

HiddenWindshield

Posted 2019-06-06T20:36:36.137

Reputation: 136

1

Found this in a Google search: 8 Tools to Track Registry and File Changes by Comparing Before and After Snapshots

– xiota – 2019-06-06T20:42:34.423

Answers

1

How can I install the driver, and track what changes it made so I can manually remove them?

You can use Process Monitor from Microsoft's SysInternals to monitor registry changes.

  1. Start Process Monitor.

  2. Log results to a log file.

  3. Install the driver.

  4. Stop logging.

  5. Look at the log file for registry changes.

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more.

Source Process Monitor

Disclaimer

I am not affiliated with Process Monitor in any way, I am just an end user of the software.

DavidPostill

Posted 2019-06-06T20:36:36.137

Reputation: 118 938

0

A good place to start is with the MS app certification kit: 

https://developer.microsoft.com/en-us/windows/develop/app-certification-kit

And, for drivers, the driver certification kit:

https://go.microsoft.com/fwlink/p/?LinkId=733613

Clean installation and de-installation is one of the requirements of Windows certification. I haven't used recent versions of the kit, but they used to give a good indication if you had clean installation and de-installation, plus other useful information helping you decide if your app/driver was ready to be released on an unsuspecting public.

user165568

Posted 2019-06-06T20:36:36.137

Reputation: 421

Asked: 2019-06-06T20:36:36.137

Viewed: 90 times

Active: 2019-06-07T07:13:53.347