Registry Snapshot Tools: 8 Best to Track & Compare Changes
5. InstallSpy 2
Although not quite as old as InCtrl5 above, InstallSpy dates back to 2003 but could prove useful because of the massive amount of options available for monitoring. This tool is good for not just for tracking file and registry changes during an install, but also for general execution of programs through the monitoring of shell events like file type association or attribute changes, drive or media insertion and removal, server disconnect, folder sharing and a lot more.
InstallSpy runs according to a series of wizard like steps from 1 to 7. The 1st step is used to load the setup installer or application to monitor, or if you just want to track changes between 2 points in time, click the Yes button. Then proceed through the steps following what it tells you to do until the before and after snapshots have been analyzed and the differences report file opened as an HTML document.
There can be quite a lot of entries in the report file because of the amount of configuration options available so it might be a wise idea not to turn everything on thinking you’ll get a better report because of it.
6. SysTracer
The full version of SysTracer isn’t a free tool but there is a restricted free version available. Some things including the comparing and exporting of snapshots is limited and you also can only create 5 snapshots at a time, although you can reset that by using the portable version and deleting the folder after using the program, then extracting it again. Apart from the standard files and registry, SysTracer can track a number of other items during a snapshot including system services, drivers, startup applications, running processes and loaded dlls.
SysTracer can also has a remote scan option to take snapshots of network computers although it does need installing to use this mode. Simply go to the Snapshots tab and click Take snapshot to start the tracing process. You can then select the areas of the system to scan and once complete (it will take a minute or 2), install your application.
Then click the Take Snapshot button again to create the the after snapshot, followed by the Compare button at the bottom. The Registry, Files and Applications tabs can be individually analyzed and exported, or the whole list can be exported to HTML from the Snapshots tab. There are separate 32-bit and 64-bit versions available.
7. WhatChanged
Although it’s a pretty basic tool, we thought WhatChanged was worth a mention because it’s a small self contained portable executable of under 100KB and can record the changes from selected parts of the registry and drives or folders from the single window. The program is quite similar to Regshot in its operation and easy to use, a text file with the differences will be created on completion.
By default both the registry and file scanning options are turned off, so you simply turn on what you need and configure the drives/folders or areas of the registry you want to track, then press the Step #1 baseline snapshot button. Then after the software install, press the Step #2 Compare button to get the after snapshot and comparison text file result.
The downside of WhatChanged is the very slow speed of the 2nd snapshot and compare which can take several minutes. It will create 4 or 5 text snapshot files in the same folder as the executable which can be deleted afterwards or by using the Clean temp files button.
8. TrackWinstall
TrackWinstall offers two kinds of snapshot from its main window. The one click mode where it will create the before snapshot, ask you to install the software, and then create the after snapshot with the comparison between the two at the end. And the second mode offers a 2 phase process which will create the first snapshot and then save it.
Then you can install the software or perform other tasks such as having to reboot, and then return to TrackWinstall when you’re ready to take the second snapshot and complete the process.
You can choose to enable or disable registry tracking and custom locations can be set for file tracking. By default file tracking is horribly slow because 2 of the 3 default locations (\Windows and \Common Files) are set up to record MD5 checksums which adds several minutes to each snapshot creation. You can delete these folders and add them in again using the quicker time stamp mode but these changes never get saved and have to be re-entered next time you run the program.
You can’t save the information in the compare differences window but can instead copy the data to a text editor etc, right clicking any entry will search Google for it. TrackWinstall is completely portable with separate 32 and 64-bit versions available.
The free System Explorer systemexplorer.net and has also a Snapshots tool to record and compare changes in files and/or registry.
My favourites were always Advanced Registry Tracer [ART] & Advanced Registry Monitor [ARM].
They both have a “create redo reg” & “create undo reg” feature.
From memory they [or only one of them] can detect file size increase/decrease/modified & file date changes too.
Its been a while but Advanced Registry Tracer’ System requirements for ART states it can support current windows versions.
Mark.
Process Monitor works with x64 and 32 registry.
It also can monitor both files and registry at the same time, plus much much more.
It’s free, and you can get it from Microsoft.
It replaced RegMon and FileMon tools.
You can download it from the following link:
technet.microsoft.com/en-us/sysinternals/processmonitor
The only downside is that because it has so many extra capabilities, it’s not as user friendly as older registry tools. It does come with a great help file, and once you get the hang of it, you’ll never look at older registry tools the same.
We’ve mentioned Process Monitor in other articles and its real time abilities.
Sadly there’s far too much useless information and filtering needed for it to be used as a before and after snapshot comparison tool.
I want to compare two snapshots of virtualbox and I want to know that is there any tool that can show me the difference among registry as well as file structure
Many thanks, this article helped me find something in the registry.
Great information shared !
I will add one more comprehensive tool named Lepide File server auditing tool which also provides the way to track every critical changes/access made on file server into real time.
Hi,
spy me Weblink is not working anymore
Many thanks for the article. I tried SpyMe Tools and it worked fantastically. Was able to easily collapse registry keys for changes that I could easily rule out, and it made it far easier to locate the keys I was looking for.
The biggest issue was figuring out how to use the program. Pressing the scan button seems to scan, but doesn’t show any output so I couldn’t figure out what to do from there. Eventually I saved the scan results (even though none showed) and then ran another scan, again nothing showed, saved those results, and then ran a compare and browsed manually for the files. Aside from that the ui and functionality seems great, my new favourite.
Any of those software would help me to keep track of changes after the software is installed?
For example… 30 days trial software. If change os dates does not work to avoid end of trial period is because it’s storing something on the registry probably at every usage.
I would like to see what was changed after the execution of a software.
Any of thsese soiftware would help me?
Thank you in advance!
Take care!
The version of Regshot listed in the article is old.
X-Regshot 2.0 can output .reg DIFF files when taking into account 2 registry comparisons.
winpenpack.com/main/download.php?view.750
The only trick is to change the default language from Russian to English, the flag button in the bottom right on first startup.
Regshot 1.x leaves a lot to be desired unfortunately.
It appears you have got confused somewhere, X-Regshot IS Regshot with a rather pointless WinPenPack splash screen tagged on.
We link to both versions (1.9x and 2.0.xx) and are talking about the same Unincode version X-Regshot uses…
the last freeware version of Total Uninstall is still available ( not at the authors’ site) and it’s all I’ve used for about the last 10 years
Yeah, we’ve talked about that in another article dedicated to uninstall monitors…
raymond.cc/blog/monitor-software-installs-remove-leftovers-install-monitor/
Thanks.
I want to know if any of these programs would help me to get a .reg of the installed software, so when i install simples programs, and i have to reinstall windows any time, i wouldn´t have to reinstall my software too, but just merge my .reg file and i get my little sofware working again
I think a few of them do what you ask, but RegShot is probably the easiest to use.
After running the 2nd snapshot and comparing, look in the Report folder (usually C:\Hive) and find the RedoReg.txt file. That’s the difference file and you simply rename the extension to .reg and import into the registry later.
Hey I just downloaded that Regshot Unicode and it’s some strange version from 2010 2.01.70 when the build at source forge is 1.9.0.281 from the Regshot team dated 2/2/2013
What gives and who compiled that “Regshot 2” version in Russia?
The Regshot Unicode version was a fork of the original Regshot after it was pretty much abandoned for something like 3 or 4 years. It’s been around since 2010 and many people prefer it for the extra functions and unicode support. Unfortunately the website for it is now gone.
Both InstallWatch Pro and Systracer output the changes between before and after snapshots as reg files. Unfortunately the free version of InstallWatch Pro is limited in that a record of deleted registry keys and values is not available. The full version had this feature, but after much searching using Google I have not been able to locate it.
I scanned InstallSpy 2 with VirusTotal.com and it’s showing a possible infection. Can anyone confirm?
That’s definitely a false positive, the creator and host of the file, 2brightsparks.com, is a well respected software developer. 1 out of 46 at VirusTotal is classic false positive territory.
Thank you so much. I recently performed a complete system restore, only re-installing 8 programs. Now, I have to temporarily install more programs. Hopefully, I will never have to restore my computer again with this.
This is awesome info. Thanks alot I only knew about a few of these tools.
Thank you very much for your useful post!
It is just what I want.
this is a great article, but i’d be interested in hearing which is the #1 choice for the author after testing all them. :-/
Raymond Rules….
Thank You…
Thanks Ray!
thanks ray..
Since I began to use Total Uninstall (1 year ago) I never had to reinstall Windows! This program really removes everything! Windows will be in top shape no mater how many apps you install/uninstall! This kind of application is excellent to keep bloatware and crapware under control.
Thanks man, its great tutorial. I always wanted to keep my system clean and I am gonna use Total Uninstall.
Thanks!
This is great. Thanks a lot. I used to know about FileMon and RegMon only.
Total Uninstall is what I use, but thanks for rest of the softwares, great tips no doubt, cheers mate!