39
20
I would like to find the changes made in the registry after installing something on my computer. However I would like to also know what can be done with ease as a general procedure.
39
20
I would like to find the changes made in the registry after installing something on my computer. However I would like to also know what can be done with ease as a general procedure.
31
Run the installer and watch it with Sysinternals Process Monitor. You can filter the data so that only operations done by the installer are shown. You can even filter down to whatever operations you want to see (RegWrite, RegQueryValue, etc) and save the capture for later viewing.
Process monitor is freeware.
You could also use WinDiff. You can save exported registry files and then compare them afterwards:
WinDiff is free and open source.
Another FOSS solution for comparing actual registry exported files is RegShot.
RegShot is a small registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product. The changes report can be produced in text or HTML format and contains a list of all modifications that have taken place between snapshot1 and snapshot2.In addition, you can also specify folders (with sub filders) to be scanned for changes as well.
7
if you happen to have Total Commander, this is pretty easy:
export the registry before the installation and after the installation (save with the same name in different folders)
open both folders in Total Commander, highlight the file on one side, go to Files > Compare By Content... voilá:
Total Commander is shareware, try before you buy.
5
If you want to compare two registry files (that you have manually exported to text), then there are plenty of comparison apps, such as WinMerge, WinDiff, etc.
A word of caution: if the registry hive is large, then exporting can take a while, and worse, Windiff can more or less hang when trying to read large .reg
files. Use WinMerge instead because it can handle large files, diff them faster, and the results are better (sometimes Windiff just gets it wrong).
If you want to compare the registry before and after an installation, then you may as well use an installation monitor. Again, there are plenty of them, but one of the main ones is PC Magazine’s InCtrl5 (you may have to pay to download it from their site, though the program itself is free, so there are plenty of sites that have it). They have released an update called InCtrlX which presumably, is better. Total Uninstall is a good commercial one. I generally like my old copy of InCtrl5, but Z-Soft Uninstaller has the same function and is exceptional (it’s the best of the dozen or so that I have tried); plus, it’s free.
Another solution is to analyse the installer itself. That is, look inside the EXE/MSI/BAT/INF/etc. file to see for yourself exactly what it does when it installs, including changes to files, registry entries, services, drivers, and such. That way you can avoid the whole detection process altogether. I find that 7Zip is the best way to look inside most executable installers (such as NSIS), because you can see the files and scripts and such. For MSI installers, I suggest either Microsoft’s own ORCA or InstEd. A good commercial tool for MSIs is AdvancedInstaller
WinMerge takes about 30 seconds for a whole Windows7 registry comparizon, not bad. – Nicolas Raoul – 2013-05-21T09:53:20.830
@NicolasRaoul, aside from the CPU power of the system, comparisons also depend heavily on the amount of difference. I have compared 100MB+ text files that were only slightly different in just a few seconds with WinDiff and 100KB files that were very different in hours with WinMerge (I usually end up killing the process long before that). – Synetech – 2013-05-21T14:36:33.513
2
I use WinMerge but I have built an application to convert WinMerge patch files to .reg format. It works great for non-M$ apps, but since WinMerge doesn't maintain HK in generated patch files, mostly just for install/uninstall uses. I had one application in particular that I couldn't install on x64 Win7, but I knew it worked. I exported entire reg to file1, installed, exported entire changed reg to file2. Make a comparison patch with WinMerge then used my application to clean up all the unecessary content.
0
I wanted to compare actual hives and not exported files and to be able to easily copy things between them.
I tried:
So, here is the steps I used in detail. Assume that I want to copy items from the registry on partition D (hive SOFTWARE) to the registry partition E (hive SOFTWARE) while running from partition C.
Regmon/Procmon is not ideal because there is far too much clutter that needs to be manually filtered. Also, Windiff cannot handle giant
.reg
files, WinMerge works better for that, and can even diff them better than Windiff. That said, I usually use this method for quick and dirty analyses (even though it usually ends up being more work). – Synetech – 2012-06-03T21:55:30.3773RegShot seems to be not of any use if you already have registry snapshots and need to compare them – None – 2012-12-06T13:54:10.120
Is RegShot fast (those registries can be quite big) – Notitze – 2009-12-06T21:09:22.433
About the same speed as exporting the registry, a couple seconds. The comparison feature only takes a few seconds too. It's very fast. – John T – 2009-12-07T02:27:16.590