Process Explorer is most widely used Sysinternals tool and it helps visualize about details about every processor and active DLL sessions in your system, kill and suspend processes set process priority, gives graphical statistics about CPU, memory and I/O usage, a tree view to show processes and their dependencies.
Here are some steps I utilized in finding registry keys written during program installation via Process Explorer. The following are the steps to detect the registry key associated with a program,
- Select the desired process (program) a
- Right-click and
- Select Properties.
This will open the explorer properties window as shown below.
- Click on explore, this will open the Registry hive where the associated keys, DWORD etc. are located.
Other possible tools: Test on your own peril J
- RegScanner.exe: RegScanner is a small utility that allows you to scan the Registry, find the desired Registry values that match to the specified search criteria, and display them in one list. After finding the Registry values, you can easily jump to the right value in RegEdit, simply by double-clicking the desired Registry item. You can also export the found Registry values into a .reg file that can be used in RegEdit. https://www.nirsoft.net/articles/find_modified_time_registry_key.html
- Regshot2 https://regshot.informer.com/2.0/
- Revo Uninstaller https://www.bing.com/search?q=Revo+Uninstaller&qs=n&form=QBRE&sp=-1&pq=revo+uninstaller&sc=8-16&sk=&cvid=C7374E02B524420FA49D73AB1B9EEEB4#
See how this can be achieved also via the process monitor from SysInternal https://techdirectarchive.com/2020/03/07/how-to-detect-registry-keys-written-during-program-installation-process-monitor-sysinternal-tools/
More on Process Explorer can be found here https://techdirectarchive.com/2020/03/08/process-explorer-replace-built-in-task-manager/
For other SysInternal tool tours, see https://techdirectarchive.com/2020/01/25/windows-sysinternals-tools-psexec-and-auto-logon/