Sometimes it may be necessary to track changes made by programs or settings in the Windows registry. For example, for the subsequent cancellation of these changes or to find out how certain parameters (for example, appearance settings, OS updates) are written to the registry. We will deal with that question using some software and File Comparison tool.

Let’s start!

RegShot

This is one of the most popular programs which helps to keep track of registry changes. The process of exploitation the program is as following:

1. Run the RegShot using depending on whether your system is 32-bit (x86) or 64-bit (x64)
2. Click the “1st shot” button and then the “shot” button which will appear below (in the process of creating the registry shot it may seem that the program is frozen, this is not true – the process may take several minutes to proceed)

3. Make changes to the registry (change settings, install the program, etc.). This wil be included to report after the second shot.

      4. Click the “2nd shot” button and create a second registry shot.

      5. Click the Compare button (the report will be saved in Output Path folder).

      6. After comparing the report will be automatically opened and it will be possible to see which registry settings have been changed.

7. If you need to clean the registry shots, click the “Clear” button.

Please note that in the report, you can see much more information on changed registry settings that were actually made by your actions or programs. It is all OK since Windows itself often changes registry settings during operation (e.g. maintenance, checking for viruses, checking for updates, etc.)

Registry Live Watch

The freeware Registry Live Watch works using slightly different principle: not by comparing two Windows registry shots, but by monitoring changes in real time. However, the program does not display the changes themselves but merely reports that such a change has occurred.

1. After starting the program in the top field, specify which registry key you want to track (i.e. it cannot monitor the entire registry at once).

      2. Click “Start Monitor” and messages about observed changes will be immediately displayed in the list at the bottom of the program window.

2. If necessary, you can save the changes using the Save Log button.

WhatChaged

Another program to find out what has changed in the Windows 10, 8 or Windows 7 registry is WhatChanged. Its use is very similar to RegShot.

1. In the Scan Items section, check “Scan Registry” (the program can also track file changes) and check those registry keys that need to be tracked.
2. Click the “Step 1 – Get Baseline State” button.

       3. After changes in the registry, click on the Step 2 button to compare the initial state with the changed one.

       4. A report (WhatChanged_Snapshot2_Registry_HKCU.txt file) containing information about the changed registry settings will be saved in the program folder.

Comparing two variants of the Windows registry without third-party software

Windows has a built-in file comparison tool, fc.exe (File Comparison), which can be used to compare two search branch of a registry.

To do this, use the Windows Registry Editor to export the necessary registry branch (right-click on the section – export) before the changes and after the changes with different file names, for example, 1.reg and 2.reg.

Then use a command like a command line:

fc c: \ 1.reg c: \ 2.reg> c: \ log.txt

Here we can see the paths to the two registry files first, and then the path to the text file of the comparison results.

Unfortunately, the method is not suitable for tracking major changes, but only for some small registry key with a couple of parameters where the change is supposed to happen and the fact of the change is most likely to be tracked.