The Portable Freeware Collection Forums

A new one from Nir Sofer, and perhaps a good sibling to the trusty RegShot
(https://portablefreeware.com/?id=297)


RegFromApp v1.00
Web page: https://www.nirsoft.net/utils/reg_file_ ... ation.html
Download: https://www.nirsoft.net/utils/regfromapp.zip

Exe size: 32,768 bytes

Installation: extract from zip file and run the .exe No Dlls

Vista: Run as Administrator (right-click and choose 'Run as Administrator')

Why a sibling to RegShot? Because you run RegFromApp, and choose the running process you want to monitor. RegFromApp monitors just those registry changes that this process creates. When you stop the monitoring, the results are in the windows .reg file format. RegShot gives you the whole system over a period of time.
Upside--you limit yourself to this process. Downside--you must have the process running.

I plan on trying it out during some deployment tests this morning. Looks promising.

i just tried running this inside a sandbox to monitor the registry activity of a sandboxed app, and it works great! this has obvious benefits for testing app portability - much quicker and easier than RegView, and safer/cleaner than using RegShot to watch an app running outside of a sandbox. the biggest disadvantage is that it will only latch on to an app that is already running, so it won't work with all installers. if you have to hit OK to continue it works fine, but those that just run as soon as you launch them won't work with this too well. but i think it will be quite handy for no-install apps, or for installers that we can extract using UniExtract.

but it has another use that i am even more excited about. there are various registry tweaking tools out there that are not portable. my favorite is X-Setup Pro ($20). i have a copy, but i hate installing things like this so i tend not to use it.

well with RegFromApp, you can install a program like this in a sandbox, monitor it with RegFromApp, then after you 'apply' the changes, just save the RegFromApp log as a .reg file then export it from the sandbox. then you can delete the sandbox, run the .reg file, and all your tweaks are applied instantly, without the program ever setting foot outside the sandbox!

plus, you can look very carefully over the .reg file to see exactly what the app is changing to apply your tweaks. very handy. this is especially good for those times when you need to re-install windows (like i had to yesterday), and you fret having to run through and tweak everything again. now it's easy, just back up the .reg file containing all your changes and you never need to install your tweak program again!

Looks promising, only a bit of a shame that it only tracks processes/applications that are already running.
The creation/changing of registry keys usually starts at the launch of the program.

Handy nevertheless since it became very easy to capture those config reg-keys while surfing through the options menu of a program

you know, the more i think about it the more i realize it's not too good for testing app portability. but it sure will have other uses. it can help you create .reg files to toggle things on and off that are otherwise hard to get to.

for example i run an alt shell in XP so i have no taskbar. i tried forever to figure out how to get to the language bar to show up on the desktop without it. with RegFromApp it took me 20 seconds to find what keys to change to show and hide the language bar. i can make some .reg files, some .bat files, and use a program launcher to show/hide the language bar now.

this is good stuff!

Garbanzo,

Sidebar!!!!!!

Please Send me your reg and bats for Lang bar. I have the exact opposite problem I'm trying to rid all my users (25 Computers around 30 Users and sometimes they float from computer to computer) of the dreaded bar that adds itself with Office 2003/2007 with every user and then I remove it and it adds with everyuser with ie7. I tried to run a script deleting regentries and it just made a wierd unclosable Langbar that only featured the help button.



Sidebar over.

well the bad news is that was just an idea, an example. i don't intend to actually do it because i have found an excellent program that helps me switch input languages. besides, the keys i was looking at would toggle the position of the language bar, between sitting on the taskbar and floating on the desktop. it's still there though.

the good news is a quick google search suggests the language bar is closely tied to msutb.dll and if you unregister it (start - run - Regsvr32.exe /u msutb.dll) then the language bar will go away. even if you register the dll again it won't come back. have to repair/reinstall office to see it again.

here's the discussion if you want to learn more:
http://www.geekstogo.com/forum/Remove-L ... t2783.html

good luck!

igarashi wrote:Looks promising, only a bit of a shame that it only tracks processes/applications that are already running.
The creation/changing of registry keys usually starts at the launch of the program.

The new release makes it possible to start with a new process

Versions History
================
* Version 1.05:
o Added support for delete Registry values.
o New option: 'Add Only Modified Values' - If this option is
selected, a saved Registry value will be added only if it's different
from the previous value.
o Added support for starting a new process.

thanks for the update. that was quick! the developer must be listening. i'm glad he implemented these changes, they have a huge impact on the utility of this app. an instant favorite for sure!

@Ennovy

Must thank you for your post. I tried using RegFromApp recently but didn't spot the ability to start a new process.

Should have read this thread earlier.

Do you have any views on it compared with RegShot?

JohnW wrote:@Ennovy
Do you have any views on it compared with RegShot?

To be honest, I never used regshot to test portability.
I tested software in SandBoxie and still do.

But now I start RegFromApp in a SandBox and in RegFromApp I start a new process. All Registry changes are visible in this way.
And you don't have to make 2 snapshots of the registry.

Ennovy wrote:

JohnW wrote:@Ennovy
Do you have any views on it compared with RegShot?

To be honest, I never used regshot to test portability.
I tested software in SandBoxie and still do.

But now I start RegFromApp in a SandBox and in RegFromApp I start a new process. All Registry changes are visible in this way.
And you don't have to make 2 snapshots of the registry.

You're not the only one who does it that way.

JohnW wrote:Do you have any views on it compared with RegShot?

I know the question was aimed at Ennovy, but I wanted to add a little. RegShot doesn't always give you an exact picture of what's going on; while it shows you what has changed, been added or deleted, if a program writes a value to the registry that matches an already existing value, or adds then deletes a value, etc. RegShot won't know. So while RegShot can give you a good idea of whether or not a program will leave a mess in your registry, it doesn't actually tell you definitively whether or not the program writes to the registry at all.

RegFromApp is hooking the registry calls and so a definitive answer of whether or not the program uses the registry is available, even if you've run the program before without testing.

I personally use RegMon/ProcMon by Sysinternals to monitor a program's registry calls to determine stealthiness. It too is watching registry use at the API level. RegFromApp is arguably just a more targeted version of these, focusing in on a single program. I think after getting used to it, I'll be using RegFromApp instead of ProcMon on WinXP (while I'll still be stuck with RegMon for 98SE).

Queue

Just to tell i'm a very happy user of this package to figure out what a program messes in the registry without getting "foreign" registry handlings as noise.

Had a few times a program checked if it had rights to the registry by a create/delete action but haven't had any (major) problems that.

last week i sent an email to nirsoft suggesting the addition of drag-and-drop support and command line support for starting new processes in RegFromApp.

i never heard back, but i just checked the website today, and both have been added! now i can add RegFromApp to the context menu of .exe files. yay!

http://www.nirsoft.net/utils/reg_file_f ... ation.html

Cool. Thanks for the update.