Best Registry Snapshot tool?
 

I was wondering what is the preferred
application for monitoring registry changes?

Often times I just like to monitor a quick
install or setup. Sometimes just an application
I'm running for the first time.

Any preferences or recommendations?

-bgrimm

RegMon for live monitoring of registry, but a lot of apps are now hunting for traps in the api. I haven't seen anyone check for reg notify routines, but that doesn't mean they won't in the future.

Personally, I've had REALLY good luck with RegShot. It takes a very fast snapshot of the entire registry (and file directories). Then, install your software, and take another snapshot. Hit the Compare button, and it points out what changed. WAY COOL.

A lot of apps will read and write TONs of stuff just to hide what they are really doing. RegShot makes short work of finding out what really happened.

Hope this helps.

Advanced Registry Tracer v1.67 SR2
 

i prefer the ART v1.67 SR2 cauz it can also handle regedit4 & regedit5.

Info:

Advanced Registry Tracer (ART for short) is an utility designed for analyzing the changes made to Windows Registry - by making 'snapshots' of it and keeping them in the database, which you can then browse through at your convenience. You can compare any two snapshots and get the list of keys/data which are new, deleted or just changed. ART can do comparing not only in the entire Regisrty, but also in any key of the Registry. It is also possible to exclude any keys of the Registry from compare results. Moreover, you can create undo/redo files (for example, to rollback the changes). To view the current state of a key, or to modify it, you can use Jump to Regedit function. Contents of any key can be exported to *.reg file.



Very useful for detecting trojan viruses and elimination some problems caused by software and hardware install/uninstall.



Unlike Registry monitoring software (such as RegMon and Win-Expose Registry), and most uninstallers (CleenSweep, Uninstall, etc.), ART compares full copies of the Registry made at different times, while the software mentioned above just monitors all accesses to the Registry in real time. So, our method allows to track all the changes, and doesn't affect the system performance.



Here is a brief list of ART features:
Works under Windows 95, Windows 98, Windows Me, Windows NT 4.0, Windows 2000, XP
Scan different copies Registry into a special file and browse/search them "off-line"
Scan the Registry on a remote computer
Compare different copies of the Registry
Compare individual branches of different copies of the Registry
Undo and Redo Registry changes based on comparison results: directly from the program or by generating the REG-files
Export / import any key of the Registry into / from the old REG file format (regedit 4) and from the new one (regedit 5)
Fast search in Keys, Values and Data (with the advanced options that make possible to search according to the key's dates (NT) and types of value's data. Now you can easily find such exotic types as REG_FULL_RESOURCE_DESCRIPTOR , REG_RESOURCE_REQUIREMENTS_LIST (W2000,XP)
Bookmarks
Opening selected key in the RegEdit
Optional command-line interface for automated Registry scanning
Convenient navigation between corresponding keys of different Registry copies and comparison results
Adding comments to each copy of the Registry scanned
Full install / uninstall support
XP style support

website: hxxp://www.elcomsoft.com/art.html

Regshot gets my vote, if you get that get Undoreg too, they work well together, it allows you to delete anything left over after you remove software, using the text files Regshot creates.

RegSnap

Regsnap is my favorite.
Easy to use and verrrry quick scanning!
Try it!

Hunter