What is Regshot….?

The Registry Shot simply Regshot is one of the Windows process utility tools available in the Sysinternals website which is used to take a snapshot (not a picture), a copy of the system registry information and compare it with another snapshot of the system registry after some changes have been made to the computer.

What is System Registry….?

System Registry is just like a database in which the Operating System (OS) uses to store the information about the installed programs, configuration of the installed drivers in OS, user profiles etc., in a computer. For any changes like installing new software/creating a user profile/adding new hardware etc., the OS will update that information in the System Registry. Registry Editor is the windows default tool which is used to view and change the settings of the system registry. One incorrect change may result in the OS malfunctioning…!

What the Regshot will do….?

The Regshot tool will produce the comparison report in either “text” or “html” format that contains the list of all modifications that took place in the system registry in between the two snapshots.

The other folders can also be specified (with subfolders) that are to be scanned for changes as well. To scan the file system, check the “Scan Dir [dir..]” checkbox and enter the folder names below it.

How to Use Regshot…?

Step 1: When the “1st shot” button was clicked, a small popup menu containing 3 options will be displayed (same for the 2nd shot button also).

  • “Shot” – Takes the snapshot of system registry but not be saved once the Regshot tool was closed.
  • “Shot and save…” – Takes a snapshot of system registry and save the whole registry information to a “hive” file that can be saved to the hard disk if the shots are not taken consecutively.
  • “Load…” –It will loads a previously saved “hive” file(s) for comparing. Select the desired option and if necessary save the file.

Regshot will retrieve the information regarding the keys, values from the system registry and stores that information in a hive file.

Step 2: Run a program which will make some changes to the windows registry or the file system.

Step 3: Now click the “2nd shot” button and save that file (if necessary) for comparing it with the “1st shot”.

The difference in the Keys and Values numerals and the time taken by Regshot for taking the “2nd shot” and “1st shot” can be clearly noticed.

Step 4: Select the output LOG file type, “text” or “HTML”, default is “text”. If necessary enter a comment in the “comment field” which will be taken as a name to the comparison log file.

If the “comment field” is empty or invalid, the comparison log file will be named as “~resxxxx.txt” or “~resxxxx.htm” where “xxxx” is 0000-9999.

Step 5: Click on the “Compare” button.

Now the Regshot will start comparing the 2 hive files and gives the information about the Keys deleted, Keys added and Total changes made to the system registry by automatically loading a comparison log text file and saves that log file as per the output path.

The main advantage of the Regshot tool is that it allows the users to identify where an application is storing its data and to determine the changes that application will make to the computer while it is running.

Leave a Reply

Your email address will not be published. Required fields are marked *