Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry Logger


  • Please log in to reply
4 replies to this topic

#1 jake21

jake21

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:11 AM

Posted 21 January 2016 - 12:08 PM

Looking for an easy to use program that keeps a log of installed programs. I need a program that does a "before and after" log of the registry. What I would like to do is view the registry and save, then install a program and view all the registry changes the program has made. If a program gives me a problem, I can uninstall, but many programs leave registry entries behind. With a logger , I can uninstall, and then delete referenced registry entries, and then restore computer to registry before installation. Idea??

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:11 PM

Posted 21 January 2016 - 12:13 PM

This is a difficult thing to achieve in practice, because the registry has no atomic snapshot or any other such support. You'd always have a data race because while you're trying to dump out the registry contents some other program could be mutating it.

If you just want the logging step, without any kind of automated removal bits, ProcMon can do this.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Hauberk

Hauberk

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:11 AM

Posted 21 January 2016 - 12:21 PM

regshot is the program that your looking for, you can take shot of your reg now and then shot anther one later and see what change in them on a plain text or html dec.  :guitar:



#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:11 PM

Posted 21 January 2016 - 12:25 PM

Regshot appears to have the same limitations I mentioned above. Be careful and don't assume the snapshots are atomic, or that you'll be able to snapshot keys you don't normally have access to read (like HKLM\SAM\SAM).
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 jake21

jake21
  • Topic Starter

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:11 AM

Posted 21 January 2016 - 02:50 PM

Thanks for all the great suggestions...I used to use an UNINSTALLER program, but it seems to miss some files, etc during installation/removal. I can run 2 different versions of uninstaller programs, one will find files,etc. ,the other one missed. Thanks again..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users