I have heard about RegFromApp tool for quite some time but never really tested it because I am a very happy SysTracer user. SysTracer is able to take snapshots and then perform comparison to show the differences on the files, registries and applications. As for RegFromApp, the name itself sounds like it only monitors the registry which I think is not complete since I also need to monitor for file changes. Nevertheless, I am always a big fan of tools created by Nir Sofer so here is my review on RegFromApp.
After testing RegFromApp, the methodology is actually quite different from SysTracer because RegFromApp attempts to inject to a process and then monitors the registry changes in real time. Unlike SysTracer where I had to take the first snapshot, make the changes and then taking another snapshot to compare the differences.
There are two ways to monitor with RegFromApp. The first is to inject it into a process that is already running and the second method is to select the file that you want to monitor and then run it from RegFromApp. One important note is if you have UAC enabled, you should run RegFromApp as administrator so you will be able to trace processes that are ran under administrator. The registry changes will be outputted instantly on the RegFromApp interface. You can then save the entire Registry changes into a .reg file by using the ‘Save As’ option.
One possible problem that I’ve discovered when testing RegFromApp is that you may not be able to directly monitor for registry changes on installation setup files. Reason is when you run a setup file, it actually extracts a couple of real installation files to the temporary folder and then use them for installation. Here is an example scenario where I ran gbooks.exe from desktop to install Google Books Downloader. After clicking the Next button once, gbooks.exe process is no longer active and is bring replaced by 11659nua.exe and 11659nua.tmp at temp folder. So in order to monitor the installation registry changes on gbooks.exe, I will have to inject RegFromApp to both 11659nua.exe and 11659nua.tmp process from two different instances.
The same goes to a malware that has melting capability. When you run the malware, it creates a copy of itself into a deeper location where it is not easily seen and then the newly created malware starts to make changes on your registry by automatically adding itself to startup. RegFromApp is useful but only for certain situation. It is free and works from Windows 2000 to Windows 7.
is it interfere with the internet configuration ?
In fact, RegFromApp seem almost monitor only the license keys of programs during their install. Sure there are the most complete software for this work, which are able to monitor, as well as registry keys, even the files changed or created (eg. InstallRite), but in many occasions RegFromApp is more than enough…
Comodo Program Manager does the same thing and more; automatically with every new install, allowing you to completely undo changes. It’s better than the alternatives (like Revo Pro) because it is very fast and automatic. It also allows you to REDO these changes (that is, it backs up what is uninstalled). It’s free, like all Comodo products.
programs-manager.comodo.com/
Be careful with Comodo Program Manager; it can’t work well with app. that needs reboot. PC´problems comes out.
Better is Total Uninstaller (payware) and ZSoft Uninstaller (freeware, not yet 64bits installers compatible).
Very nice, but it doesn’t work on my Winx64 PC. I have notified the developer, but without any ack from him.
It works on x64. You just need to download the x64 version. Just click on the “Download RegFromApp for x64″ link at the download page.
I was speaking about the 64 version. More precisely, it fails monotoring an app that it launches, it does refuse to launch the app, even in admin mode.
The reason it extracts to a temp folder as you may already know,may be part of a copyright protection system implementation hence the abiguity.
Have you tried Thinapp as it is very good at following installations?
Is it the ThinApp from VMWAre ? Because its price tag is for corporation only !
So far I’ve only tested the free ones such as Cameyo and Evalazer.