Windows registry diff

windows-10 windows-registry

I'm trying to troubleshoot a commercial Windows 10 software program that will no longer load, even after uninstalling and reinstalling. The manufacturer guesstimates that something is not getting properly removed from the Windows registry during the uninstallation process, and thus remains "broken" after reinstalling, but they are unsure what to look for.

I have a clean machine, so I'm wondering if this is possible: Get a dump of the Windows registry before the initial install, then get a dump of the Windows registry after installing, and perform some kind of diff on them to see what was actually changed.

Any suggestions?


Solution 1:

How can I get the diff of the registry before and after installing software?

There are a couple of options.

  1. RegistryChangesView from Nisoft

RegistryChangesView is a tool for Windows that allows you to take a snapshot of Windows Registry and later compare it with another Registry snapshots, with the current Registry or with Registry files stored in a shadow copy created by Windows.

When comparing 2 Registry snapshots, you can see the exact changes made in the Registry between the 2 snapshots, and optionally export the Registry changes into a standard .reg file of RegEdit.

Source RegistryChangesView - Compare snapshots of Windows Registry

Use this to make before and after snapshots of the registry to see what the installation program has changed.

  1. RegFromApp from Nisoft

RegFromApp monitors the Registry changes made by the application that you selected, and creates a standard RegEdit registration file (.reg) that contains all the Registry changes made by the application. You can use the generated .reg file to import these changes with RegEdit when it's needed.

Source: RegFromApp - Generate RegEdit .reg file from Registry changes made by application

Use this to monitor the register changes made by the installation program

  1. Process Monitor from Microsoft

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such as session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Source: Process Monitor - Windows Sysinternals | Microsoft Docs

Use this to monitor registry changes in real time.

As pointed out by Yorik in a comment:

Process monitor can also help identify what the program is doing prior to entering the "not loaded state" (i.e. crashing/exiting), since it does more than just track registry activity

Disclaimer: I am not affiliated with Nirsoft in any way, I am just an end user of their software.

Related

How do I stop Microsoft Teams from converting smileys to emojis?
Is it OK to host a Python's http.server accessible from the Internet?
Is YouTube a good way to store personal videos on the long run?
How to shutdown pgAdmin 4 from the command line on Windows?
How do I type the Spanish inverted question mark in Emacs?
How can I convert a DavkaWriter hebrew document to Word?
Why 7z compression speed and CPU usage are low
Windows 7 Default Aero for New Users
Powershell: Using .Split on Filename functioning differently based on filename capitalization
How do I negate a test with regular expressions in a bash script?
How to mark a class as Deprecated? [duplicate]
I want to use CASE statement to update some records in sql server 2005