Track Changes to the Windows Registry
Use a diff tool to indentify changes made to the Windows registry

[04/01/05]

Sometimes it can be handy to identify changes made to the Windows Registry, either to a particular branch or to the entire Registry. It may be that you'd like to learn exactly which Registry settings a driver or control panel changes. Or you may want a record of the Registry changes made by an installer script. Though dangerous if used carelessly, this can be an excellent way of discovering new registry tweaks.

You can find this out quite easily by using the Registry Editor together with a diff tool such as WinDiff from Microsoft Visual Studio, or a port of the GNU diff tool.

To track the changes, first load up the Registry Editor and navigate to either the top of the branch that you wish to watch, or the "My Computer" icon for the entire registry. Right-click and choose export. Under "Save as type", select "Win9x/NT4 Registration Files (*.reg)" and pick somewhere to save the initial version. This will export a text file with the current contents of the registry.

With the initial snapshot saved, you can now do whatever it is that will make updates to the registry.

When you are done, bring up the Registry Editor again and export the branch again to a new file.

Now you have before and after versions of your Registry in text format and you can compare them using a diff tool. If you are using a command line diff tool, you can indentify the changes with a command such as:

diff -u5 old.reg new.reg

Your results will show you something like this:

--- old.reg     Fri Apr 01 02:06:21 2005
+++ new.reg     Fri Apr 01 02:06:53 2005
@@ -33118,7 +33118,7 @@
 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentC

 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentC

With this style diff, each group of changes will be shown prefixed with @@ and numbers telling you the starting line number and number of lines from the old file with the corresponding starting line number and number of lines from the new file. Lines prefixed with - mark entries that have been removed or changed. Lines prefixed with + indicate the changed or new entries.

See also:

