Windows registry diff
I'm trying to troubleshoot a commercial Windows 10 software program that will no longer load, even after uninstalling and reinstalling. The manufacturer guesstimates that something is not getting properly removed from the Windows registry during the uninstallation process, and thus remains "broken" after reinstalling, but they are unsure what to look for.
I have a clean machine, so I'm wondering if this is possible: Get a dump of the Windows registry before the initial install, then get a dump of the Windows registry after installing, and perform some kind of diff on them to see what was actually changed.
Any suggestions?
Solution 1:
How can I get the diff of the registry before and after installing software?
There are a couple of options.
- RegistryChangesView from Nisoft
RegistryChangesView is a tool for Windows that allows you to take a snapshot of Windows Registry and later compare it with another Registry snapshots, with the current Registry or with Registry files stored in a shadow copy created by Windows.
When comparing 2 Registry snapshots, you can see the exact changes made in the Registry between the 2 snapshots, and optionally export the Registry changes into a standard .reg file of RegEdit.
Source RegistryChangesView - Compare snapshots of Windows Registry
Use this to make before and after snapshots of the registry to see what the installation program has changed.
- RegFromApp from Nisoft
RegFromApp
monitors the Registry changes made by the application that you selected, and creates a standardRegEdit
registration file (.reg) that contains all the Registry changes made by the application. You can use the generated .reg file to import these changes withRegEdit
when it's needed.
Source: RegFromApp - Generate RegEdit .reg file from Registry changes made by application
Use this to monitor the register changes made by the installation program
- Process Monitor from Microsoft
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities,
Filemon
andRegmon
, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such as session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
Source: Process Monitor - Windows Sysinternals | Microsoft Docs
Use this to monitor registry changes in real time.
As pointed out by Yorik in a comment:
Process monitor can also help identify what the program is doing prior to entering the "not loaded state" (i.e. crashing/exiting), since it does more than just track registry activity
Disclaimer: I am not affiliated with Nirsoft in any way, I am just an end user of their software.