Solved Determining What Directory(s) and Registry Entries Program Creates

[dw85745]

When Installing a new program -- Firefox for example - is there anyway to:
1) get or generate a listing on what directories and registry entries the program creates?
2) get or generate a listing on what directories and registry entries for already installed programs?

For security reasons it seems logical that one would need this to set security access for those objects.

 

[Callender]

You can do that with software that traces installations.

​

​

​

I cannot say which software I use because it comes bundled with unwanted extras that are hard to avoid installing and hard to remove. Maybe you could search for similar software.

One alternative: DiffView Free Download - Official Website

However these types of applications monitor all file system and registry changes during install so you need to know which items to exclude. I'm not sure how you do that in DiffView as I have not used it for a while.

 

[Pyprohly]

The best collection of system utilities and diagnostic tools can be found at Windows Sysinternals. One particularly popular program (and one of my most prized tools when it comes to helping people out here on the forums), Process Monitor, records pretty much every action a process can do in verbose detail.

Process Monitor v3.31 description. See link for screenshots.

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Not only does it tell you in real time what registry or file system locations have been operated on, it will also tell you the data associated with that operation, or will indicate that the operation failed if so. I frequently use it to map GUI configuration settings to registry values, or file data, which then allows me to script the changes.

 

[dw85745]

Thanks for responses Callender and Pyprohly.

Believe it or not have "played" with both in the past, but had forgot about them.
Process Monitor seems like a better choice and will give me an opportunity to hopefully "really" learn it.
FWIW I attempted to try and get an old program that ran under XP to run under Win 7 (compatability mode did not work) using Process Monitor but never was able to figure out exactly why it errored when executed. Most likely my lack of knowledge in this area.
Why Microsoft never built in an install tracer that is saved and available via Control Panel is beyond me.