注册表对比工具RegistryChangesView

RegistryChangesView v1.07 Copyright (c) 2017 - 2018 Nir Sofer Web site: http://www.nirsoft.net Description =========== RegistryChangesView is a tool for Windows that allows you to take a snapshot of Windows Registry and later compare it with another Registry snapshots, with the current Registry or with Registry files stored in a shadow copy created by Windows. When comparing 2 Registry snapshots, you can see the exact changes made in the Registry between the 2 snapshots, and optionally export the Registry changes into a standard .reg file of RegEdit. System Requirements =================== This utility works on any version of Windows, starting from Windows XP and up to Windows 10. Both 32-bit and 64-bit systems are supported. Versions History ================ * Version 1.07: o Fixed bug: RegistryChangesView exported REG_EXPAND_SZ values incorrectly. * Version 1.06: o Fixed bug: The browse button on the 'Create Registry Snapshot' window didn't work. * Version 1.05: o Added /CreateSnapshot command-line option for creating Registry snapshot from command-line. * Version 1.01: o Fixed bug: Under certain conditions, RegistryChangesView skipped half of subkeys or crashed while reading Registry key that had many subkeys. * Version 1.00 - First release. Examples for useful things you can do with this tool ==================================================== * You can create a Registry snapshot before installing a new software and then after the installation is completed, compare this Registry snapshot with the current Registry and see all Registry changes made by the installer (Be aware that you'll also see some changes made by Windows or other programs in the same time). If there are Registry changes that you don't like, you can generate a .reg file to revert back the changes. * If you make a change in Windows configuration from the GUI of Windows and you want to see how to make this change in the Registry, simply create a Registry snapshot before making the config change and then after the configuration change, compare this Registry snapshot with the current Registry and optionally generate a .reg file that makes this configuration change. * If there is unwanted change in the Registry of your system but you don't have any previous snapshot, you can compare the current Registry with a shadow copy created by Windows and try to locate the unwanted Registry changes. * You can also use this tool as a simple way to backup the Registry. The snapshot created by RegistryChangesView simply contains Registry hive files with the same name as the original one (ntuser.dat, SYSTEM, SOFTWARE, and so on...) Start Using RegistryChangesView =============================== RegistryChangesView doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - RegistryChangesView.exe After running RegistryChangesView, the main options window is displayed, which allows you to choose 2 Registry snapshots to compare. For every snapshot , you can choose one of the following data sources: 'Current Registry', 'Saved Registry Snapshot', and 'Shadow Copy'. You can choose any combination you want, as long as 'Data Source 1' is not identical to 'Data Source 2'. For example: you can choose to compare the Registry of 2 different shadow copies, compare a shadow copy with current Registry, compare a saved Registry snapshot with current Registry, compare a saved Registry snapshot with another saved Registry snapshot, and so on... If you want to generate a new Registry snapshot, simply choose 'Saved Registry Snapshot' in the data source combo-box and then click the 'Create Registry Snapshot' button. In the 'Create Registry Snapshot' window choose the folder to save the Registry Snapshot, click the 'Create Snapshot' button, and wait a few seconds to create the snapshot. You can also create a new Registry snapshot from the main window by pressing F8 (File -> Create Registry Snapshot). After choosing the 2 Registry data sources to compare , you should also set the following options: * Direction: This field determines how the 2 Registry snapshots are compared. For example: if the direction you choose is 'Registry Data Source 1 => Registry Data Source 2', every Registry key or value that exists on the second snapshot but doesn't exist on the first snapshot will be displayed as 'Added Key' or 'Added Value'. But if you choose the opposite direction ('Registry Data Source 2 => Registry Data Source 1'), every Registry key or value that exists on the second snapshot but doesn't exist on the first snapshot will be displayed as 'Removed Key' or 'Removed Value'. The direction field also affects the way that .reg file is generated ('Export Selected Items To .Reg File' and 'Copy As .Reg File Format' options). if the direction you choose is 'Registry Data Source 1 => Registry Data Source 2', the generated .reg file will make the changes from snapshot 1 to snapshot 2. if the direction you choose is 'Registry Data Source 2 => Registry Data Source 1', the generated .reg file will make the changes from snapshot 2 to snapshot 1. * Hives to compare: Allows you to choose which Registry hives to compare. For example, If you only want to see the Registry changes on HKEY_CURRENT_USER, you should select the 'HKEY_CURRENT_USER' and 'HKEY_CURRENT_USER\Software\Classes' hives and deselect all others. After choosing all option, click the 'Ok' button. RegistryChangesView will compare the 2 Registry data sources you chose and the result will be displayed on the main window. Some Important Remarks ====================== * By default, the SAM and SECURITY Registry hives are not selected for comparison and for generating new Registry snapshots. You can choose these 2 Registry hives if you need to compare them, but you should be aware that there is a security risk: These Registry hives contain encryption keys and password hashes of your system and if you leave a Registry snapshot with SAM/SECURITY hives that can be accessed by a non-admin user, hacker that finds these files on your system might be able to use them for penetrating your system. * When you choose 'Current Registry' as one of the data sources, RegistryChangesView generates a temporary Registry snapshot on %temp%\TempRegSnapshotX folder (X = numeric value) and deletes it after the Registry comparison process is finished. * The Registry snapshot created by RegistryChangesView is just a folder that contains the Registry files with their original name. If you have a copy of Registry hives and you want to use them as a snapshot, simply copy them into a separated folder with their original filename ( Software, System, ntuser.dat, UsrClass.dat ) and choose this folder as a Registry snapshot. Columns Decsription =================== * Registry Key: Full path of the Registry key. * Change Type: Type of Registry change: Added Key, Removed Key, Added Value, Removed Value, Modified Value. * Value Name: Name of the Registry value (Relevant only when the 'Change Type' is 'Added Value', 'Removed Value', or 'Modified Value') * Value Data: The content of Registry value (Relevant only when the 'Change Type' is 'Added Value', 'Removed Value', or 'Modified Value'). If the 'Change Type' is 'Modified Value' - this columns shows the original value (before the change) and the 'Value Data Changed To' column shows the value after the change. * Value Type: Type of Registry value (REG_SZ, REG_DWORD, REG_BINARY, and so on...). If the 'Change Type' is 'Modified Value' - this columns shows the original value type (before the change) and the 'Value Type Changed To' column shows the