I just downloaded
RegMon, newest version, 4.0, from:
is a short essay on USING our tool RegMon.
notes by jeff
This is very basic essay covering How to:
1.Identify the name of the program you are loading
2.Setting up a 'filter' to block out all
other programs from loading into the Regmon window & to load only the
one you wish to view.
Wow! Has anyone downloaded the newest version
of RegMon...I just did...perhaps the other versions had this feature and
I did not notice; but this version has a feature in it in the "OPTIONS"
drop down menu called..."Jump to Regedit"...it works COOL!
....snipped from RegMon help file.......... Jumping to a Key or Value in Regedit
If you come across a key or value name in the output that you want to modify or view in Regedit, you can do so simply by double-clicking on the line containing the name or pressing the Regedit toolbar button. Regmon will launch Regedit (if it hasnít been launched already) and navigate directly to the value or key. Note that if you select a non-existent value or key Regmon will take Regedit to a position as close as possible to where the value or key would be located.
Referenced from: http://www.sysinternals.com/Regmon.htm
Regmon is a Registry spying utility that watches and displays information on system-wide registry accesses as they are occurring. This makes it a uniquely powerful tool for learning how Windows works or tracking down problems due to misconfigured Registry settings.
Version 4.0 unifies previous NT and Win9x-specific versions of Regmon into a common interface. Enhancments to the device drivers, and the addition of UI features (always-on-top, listview tool-tips) also mark this major version update.
Regmon works on NT 3.51, 4.0, 5.0 (Win2K), Windows 95 and Windows 98.
ADDITIONAL info. on this tool can
be read at RegMons URL listed above....
We can pretty much use and set this tool up much as we would set up Regmon...
(Notice how I am writting up some of the
easier tools to explain>>>? HEY! YOU SNOOZE...YOU
LOSE!...Now you get to write up some of the more tougher ones...hehehe:) :)
I usually set up some of my more important 'used' tools in a shortcut down in my symantec navigator toolbar for quick access:
When we first OPEN RegMon it immediately begins to load all running activity that is taking place to our registry...
The nice thing about this tool vs Filemon
is there seems to be much less activity which will enable you to 'view'
any changes easier...
Here you will see four input boxes (in this newest 4.0 version) named:
I do not know how to use the "Path include, exclude" boxes; (Perhaps this would be a good place for someone who does know their use and value to explain and insert it into this essay here...
In the Process box however we can type in the name of the program we noted in the "Process" column, in this case, it is the name value of "Calc" having typed this into the "Process" input box it will now create a filter... a filter will act to screen out all other running programs and load only our target program.
hummmmm; I accidentaly typed it in
as "Calc"....note, the Upper case "C" and it DOES work in this version...
Good ! we don't have to watch for case sensitivty on this one...have not
tried it on earlier versions...so watch it...earlier versions
perhaps need to be all typed in lower case; I don't remember...
Okay; to clarify...
type in the word "calc", or "Calc" (no
click apply button
Make sure in the Options drop down box
that the option "Capture Events" is checked also
Now ; in the Options menu, and in dropdown box, click on "Clear Display"
This will clear your window and now you
can open Calculator again and the only program that will be listed and
running in the RegMon window when you run Ms calculator will be....Calculator...and
its various activities ....
Set-Up is Done
Write it up and we'll change this one or add & credit your comments to it...ect
This essay was more on HOW TO SET UP RegMon
; The next essay on RegMon could be :
Why Do We Use RegMon & Where Do we Look FOR these Answers...
Why do we Use this tool at all?; ect.....
greetz and thanks to Eternal Bliss and Gracefully Savage for help & contributions.....