regshot_如何使用Regshot监视注册表

regshot

Regshot is a great utility that you can use to compare the amount of registry entries that have been changed during an installation or a change in your system settings. While most PC users will never really need to do this, it is a great tool for troubleshooting and monitoring your registry.

Regshot是一个很棒的实用程序，可用于比较安装或系统设置更改期间已更改的注册表项的数量。 虽然大多数PC用户永远都不需要这样做，但它是解决故障和监视注册表的好工具。

Regshot项目 (The Regshot Project)

Regshot is an open-source (LGPL) project hosted on SourceForge. It was designed and registered in January of 2001 by M. Buecher, XhmikosR, and TiANWEi. Since its inception, it has since been modified and updated countless times to improve its functionality.

Regshot是在SourceForge上托管的一个开源(LGPL) 项目 。 它是由M. Buecher，XhmikosR和TiANWEi在2001年1月设计和注册的。 自从它诞生以来，它已经被修改和更新了无数次以改善其功能。

The purpose of this software is to compare your registry at two separate points by creating a snapshot of the registry before any system changes or when programs are added, removed, or modified and then taking a second snapshot after the modifications then comparing them.

该软件的目的是通过在任何系统更改之前，添加，删除或修改程序时创建注册表快照，然后在修改后获取第二张快照然后进行比较，从而在两个单独的点比较注册表。

下载和使用Regshot (Downloading and Using Regshot)

There are several mirrors for downloading regshot but for the purposes of this article, we will download regshot from its original Sourceforge project page.

有许多镜像可用于下载regshot，但出于本文的目的，我们将从其原始Sourceforge项目页面下载regshot。

Once you’ve downloaded the archive and unzipped it, open the folder and find the files inside.  Because it is a standalone program, you don’t need to go through any install process. Depending on whether you are using a 86 or 64 bit version of Windows, you will open the corresponding Unicode application.

下载存档并解压缩后，打开文件夹并在其中找到文件。 因为它是一个独立程序，所以您不需要执行任何安装过程。 根据您使用的是Windows的86还是64位版本 ，您将打开相应的Unicode应用程序。

It is best to open it as an administrator by right-clicking on the appropriate file and then selecting the “Run as administrator” option.

最好以管理员身份打开它，方法是右键单击适当的文件，然后选择“以管理员身份运行”选项。

使用Regshot跟踪系统更改 (Using Regshot to Track System Changes)

Now that you have installed regshot, you are ready to put it to the test. Once you have opened regshot, you will need to take your first snapshot which will serve as the “before” snapshot. Do this by clicking on the “1st shot” button and then clicking on “Shot.” Note that the file is going to be saved as a TXT file in the “C:\Users\YOUR NAME\AppData\Local\Temp\” directory, but you can change this to any folder you want.

既然您已经安装了regshot，就可以对其进行测试了。 打开regshot后，您将需要制作第一个快照，该快照将用作“之前”快照。 通过单击“第一张”按钮，然后单击“拍摄”来执行此操作。 请注意，该文件将被保存为TXT文件，位于“ C：\ Users \您的名字\ AppData \ Local \ Temp \ ”目录中，但是您可以将其更改为所需的任何文件夹。

Now that you have taken your first shot, let’s start making a change by opening Control Panel. In the “Appearance and Personalization” section, click on “Change desktop background” option.

现在您已经拍摄了第一张照片，让我们开始打开“控制面板”进行更改。 在“外观和个性化”部分中，单击“更改桌面背景”选项。

Now we will just choose any background image and apply the changes by clicking “Save changes” on the bottom right of the screen.

现在，我们将选择任何背景图像并通过单击屏幕右下方的“保存更改”来应用更改。

Now that you have made a system change, it is time to take a second snapshot of your registry to see whether any changes have been made. Do this by going back to the regshot application and clicking on “2nd shot” and then clicking on “Shot.”

现在，您已经进行了系统更改，是时候对注册表进行第二次快照以查看是否进行了任何更改。 为此，请返回到regshot应用程序，然后单击“第二次射击”，然后单击“射击”。

After you have done this, you may notice that the numbers shown on the bottom of the application screen have changed. In this case, both the “Keys” and “Values” have changed. Now we will click on the “Compare” button to compare the before and after shots.

完成此操作后，您可能会注意到应用程序屏幕底部显示的数字已更改。 在这种情况下， “键”和“值”均已更改。 现在，我们将单击“比较”按钮以比较之前和之后的镜头。

This will bring up a “Notepad” file with a summary of the changes.

这将调出带有更改摘要的“记事本”文件。

If you continue to scroll down the document, you will see that it outlines several different aspects including the following. Remember that the numbers will vary based on your computer.

如果继续向下滚动文档，您将看到它概述了几个不同的方面，包括以下内容。 请记住，数字将根据您的计算机而有所不同。

1. Keys added: 8
   添加的键：8
2. Values added: 36
   附加值：36
3. Values modified: 25
   修改值：25
4. Total changes: 69 (this appears at the bottom of the document)
   更改总数：69(显示在文档底部)

In addition to listing the changes, it provides in-depth details about which keys were altered by changing your desktop background. This can be useful in case you want to manipulate those keys manually.

除了列出更改之外，它还提供有关通过更改桌面背景更改了哪些键的详细信息。 如果您想手动操作这些键，这将很有用。

监视安装更改 (Monitoring Installation Changes)

As a second example, we can install a program, so we will download Google Drive. Take your first snapshot before installing the program. If you haven’t closed regshot, you will need to Clear All snapshots to start over again.

作为第二个示例，我们可以安装程序，因此我们将下载Google云端硬盘 。 在安装程序之前，请先制作快照。 如果尚未关闭regshot，则需要清除All快照才能重新开始。

Now that you have done that, take your first snapshot then install Google Drive.

既然已经完成，请制作第一个快照，然后安装Google云端硬盘。

After you have successfully installed the program, go ahead and take your second snapshot.

成功安装程序后，继续进行第二张快照。

Now you can compare the before and after snapshots. Our results show that the following changes were made during the installation of Google Drive:

现在，您可以比较快照之前和之后。 我们的结果表明，在安装Google云端硬盘期间进行了以下更改：

1. Keys deleted: 8
   删除的键：8
2. Keys added: 255
   添加的键：255
3. Values deleted: 1060
   删除的值：1060
4. Values added: 399
   附加值：399
5. Values modified: 93
   修改值：93
6. Total changes: 1815
   总变更：1815

Of course the resulting text file would also contain a list of every single change so you can examine them more closely.

当然，生成的文本文件还将包含每个更改的列表，因此您可以更仔细地检查它们。

监视卸载更改 (Monitoring Uninstall Changes)

In order to see how the registry is affected when a program is uninstalled, we can clear our snapshot from regshot.  Take a first snapshot and then go to the Control Panel and uninstall Google Drive. After you have uninstalled Google Drive, take your second snapshot to see what changes were made.

为了查看卸载程序时注册表如何受到影响，我们可以从regshot中清除快照。 拍摄第一张快照，然后转到“控制面板”并卸载Google云端硬盘。 卸载Google云端硬盘后，请制作第二张快照以查看进行了哪些更改。

1. Keys deleted: 141
   删除键：141
2. Keys added: 9
   添加的键：9
3. Values deleted: 477
   删除的值：477
4. Values added: 25
   附加值：25
5. Values modified: 422
   修改值：422
6. Total changes: 1074
   总变更：1074

You will notice that the installation modified 1815 keys and values while the uninstallation only changed 1074. This is because not all registry keys are always edited or deleted.

您会注意到安装修改了1815项和值，而卸载仅更改了1074。这是因为并非所有注册表项都总是被编辑或删除。

翻译自: https://www.howtogeek.com/198679/how-to-use-regshot-to-monitor-your-registry/

regshot