Regmon

Regmon is a monitoring utility that will show you which applications are accessing your Registry

Regmon is a Registry monitoring tool that will show you which applications are accessing your Registry, which keys they are accessing, and the Registry data that they are reading and writing - all in real-time.

This advanced utility takes you one step beyond what static Registry tools can do, to let you see and understand exactly how programs use the Registry. With static tools you might be able to see what Registry values and keys changed.

With Regmon you`ll see how the values and keys changed.

Installation and Use
Install Regmon by copying the files to your hard drive, and start it by running Regmon.exe. Menu items and tool bar buttons can be used to toggle on and off monitoring, disable event capturing, control the scrolling of the listview, and save the listview contents to an ASCII file.

Use the Filter dialog, which is accessed with a toolbar button or the Option|Filter/Highlight menu selection, to select what data will be shown in the list view. The '*' wildcard matches arbitrary strings, and the filters are case-insensitive. Only matches shown in the include filter, but that are not excluded with the exclude filter, are displayed. Use ';' to separate multiple strings in a filter (e.g. "regmon;software").

For example, if the include filter is HKLM", and the exclude filter is "HKLMSoftware", all references to keys and values under HKLM, except to those under HKLMSoftware will be monitored.

Wildcards allow for complex pattern matching, making it possible to match specific Registry accesses by specific applications, for example. The include filter "Winword*Windows" would have Regmon only show accesses by Microsoft Word to keys and values that include the word "Windows".

Use the highlight filter specify output that you want to have highlighted in the listview output. Select highlighting colors with Options|Highlight Colors.

Regmon can either timestamp events or show the time elapsed from the last time you cleared the output window (or since you started Regmon). The Options menu and the clock toolbar button let you toggle between the two modes. The button on the toolbar shows the current mode with a clock or a stopwatch. When showing duration the Time field in the output shows the number of seconds it took for the underlying file system to service particular requests.

When you see a Registry value or key in Regmon's output that you want to edit, simply double click on the line that includes the reference (or use the Regedit toolbar button) and Regmon will take you directly to the specific value using Regedit.

Download