Process Explorer is the most widely used Sysinternals tool and it helps visualize details about every processor and active DLL session in your system, kill and suspend processes set process priority, gives graphical statistics about CPU, memory, and I/O usage, a tree view to show processes and their dependencies. Kindly refer to these related guides: How to download and use Windows SysInternals tools locally, What is System Monitor (Sysmon) and how to install and use it, How to detect registry keys: Process Monitor using Sysinternals Tools, how to use the PsInfo utility, and how to enable Automatic Logon on Windows 10.
Here are some steps I utilized in finding registry keys written during program installation via Process Explorer. The following are the steps to detect the registry key associated with a program.
- Select the desired process (program) a
- Right-click and
- Select Properties.
This will open the explorer properties window as shown below.
- Click on explore, this will open the Registry hive where the associated keys, DWORD etc. are located.
Other possible tools: Test on your own peril J
- RegScanner.exe: RegScanner is a small utility that allows you to scan the Registry, find the desired Registry values that match to the specified search criteria, and display them in one list. After finding the Registry values, you can easily jump to the right value in RegEdit, simply by double-clicking the desired Registry item. You can also export the found Registry values into a .reg file that can be used in RegEdit.
See how this can be achieved also via the process monitor from Sysinternals, and more on Process Explorer can be found in this link.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.