How To Find Registry Changes Made By A Specific Program

0 Comments
Editor Ratings:
User Ratings:
[Total: 0   Average: 0/5]




This tutorial explains how to find Registry changes made by a specific program.

There are plenty tools available to monitor and compare Windows Registry to show the changes made by applications or programs in the entire Registry or in a particular Registry Key. However, it would be time-consuming and very difficult also to check what changes are done by a particular program. Therefore, I have covered this tutorial which includes some free and very easy to use software to find Registry changes done by a particular application or program.

Whenever a program writes some values or read/access some Key or value in the Registry, those changes are monitored by these software.

how to find Registry changes done by a specific program

Read this tutorial to find Registry changes made on a particular date.

Find Registry Changes Made By A Specific Program Using Free RegFromApp Software:

RegFromApp is suitable to easily find the changes done by a particular program in real-time. As soon as a program writes values in the registry, those changes are visible on its interface. You can also save those changes as REG file to your PC. Apart from this, you can also switch between the Display Mode: Show Original Values available in Registry and Show Last Modified Values using Options.

So, the software is really handy to keep an eye on what changes a software actually does in the Registry. The screenshot below shows changes done by a process in real-time.

RegFromApp

This free software monitors only a selected running process of a program. So, when you launch this software, it prompts you to first select a process from the list.

select a process to inspect

You can choose any process from that list for monitoring or select a new process using File menu. If you select a new process, then first the program associated with that process is launched, and then monitoring process starts.

Read the full review.

Find Registry Changes Done By A Particular Program Using Free Process Monitor Software:

Process Monitor is an all in one system monitoring tool. It comes with options to show activities related to Registry, Process and Thread, Network, Profiling Events, File System, and more. You can uncheck rest of the options (visible at the top part on its interface) to trace only Registry activity. After this, you will be able to see the list of processes of a particular program and check Type of Access (read or write) and Registry Path where the changes are done. See the screenshot below:

Process Monitor

Apart from this, you can also add a Filter that will match the conditions added by you and help to view changes made by a particular program more easily. However, adding a filter is not so easy. You need to select if the type of entry (Architecture, Command Line, Event Class, Image Path, etc.) is greater than/less than/begins with/more than or less than 32-bit or 64-bit. Also, if that condition is matched, then it should be included or excluded in the tracing process.

add a filter

Do not add a filter if you are not sure what should be the exact criteria.

Read the detailed review.

Monitor Registry Changes Done By A Program Using Free InstallSpy Software:

InstallSpy is another useful software to monitor Registry changes done by an individual program. Mainly, this software is used for monitoring processes, Registry entries, filesystem, and shell for any type of changes. However, you can configure it to monitor a particular program. Basically, what this software do is takes the snapshots before and after Registry changes and then compares both snapshots. After this, it automatically opens output file (HTML format file) in default web browser where you can see the changes.

Registry Changes report

Launch the software. Now, the very first thing you need to do is adjust the settings. It is helpful to include/exclude type of Shell Events, Registry keys, File Watch Settings (files created, deleted, size changed, etc.), and other options for monitoring.

customize settings

Once you have done this, press OK button, and a wizard will be in front of you. In that wizard, you will find multiple steps:

Step 1: This step prompts you to close unnecessary programs or processes. You need to manually close the programs. When you have done that, press Yes button to move to the next step.

close other programs and press yes button

Step 2: Now you need to make sure that your program is ready to run/install. Wait! Do not run the program now.

Step 3: Press Yes button visible in the second step and the software will start scanning the items that you included under Settings. Scanning may take some time.

scanning started

Step 4: Click the ‘Yes’ button visible in step 4 and now you can run the program that you want to monitor for Registry changes.

Step 5: After some time, press ‘Yes’ button if you think the program has made some changes. Then, you will automatically move to the step no. 6.

Step 6: Now the software will again start scanning the file and Registry for changes. If changes are detected, it will show a warning message.

changes detected

Step 7: This is the last step in which the software compiles the report and open it in default web browser to view the changes.

Conclusion:

So, which tool you will use if you have to find out what changes are done by a specific application or program in Windows Registry. I will personally use the first software if I would have the same situation. RegFromApp is much easier to use and detects changes in real-time. However, Process Monitor is, no doubt, handy when you need to go in details to track changes made by a specific application. InstallSpy also brings an easy solution to detect Registry changes made by a program, but it might be difficult to close all the programs before taking the snapshot. Choose the software that fits to your requirement.

Editor Ratings:
User Ratings:
[Total: 0   Average: 0/5]
Works With: Windows
Free/Paid: Free