1
1
I can think of 3 ways to achieve my goal:
- Create a clean VPC, install a given piece of software, and compare the before and after states.
- Somehow reverse-engineer the installer.
- Somehow redirect the output of the installer in question so that all registry calls and copy/move file commands are recorded, but not executed.
The first option can be done manually, or potentially automated, but I feel it's rather OTT for my needs. The second could cause all sorts of licencing issues, not to mention it may not always return a correct result. Also, without delving into hex editing, I can't think of a way that it would be possible to do manually (some installers - eg Anti-Virus software - may react unfavourably on automated attempts to investigate the installer).
The third option shows the most promise, although if the first could be stripped down into a lightweight throwaway environment, it would work pretty much the same way. However, I'm not sure how to do it. So my question is:
What tools are available (if any) and/or how could I find out this information manually?
I'm not looking to reverse-engineer anything (if I can help it), but I just want to know exactly what changes are being made to my PC by a given piece of software.
The Norton Utilities (I'm not going to recommend it or not; I don't know enough about it) has a Registry Monitor tool that tells you when your registry changes and how many changes there were. It doesn't, however, tell you what changed. Link: http://antivirus.norton.com/norton/ps/us_en_nu.html?om_sem_cid=hho_sem_sy:us:ggl:en:e%7Ckw0000012287%7C6426191236&om_sem_site=
– Nathan G. – 2011-01-04T01:43:51.753