Windows Registry Tracking

Here’s a question for the hivemind: is there any way to track the changes that a program is making to the registry?

More specifically, what I want to do is find out what information is being stored and where when a user changes the parameters in some of the software that we deploy with our CPE.

Try Procmon:


The Procmon method worked, thanks! Didn’t do me much good though!

I was able to figure out which registry keys were being updated but I’d been having a bit of a brain-fart. The information I’m trying to capture in the registry is the username and password for a WiMax USB dongle connection manager. Dumping the data from the registry and importing it back into a ‘clean’ machine doesn’t work*. Obviously. Because if did the product wouldn’t be very secure.

*I’ve been asked to see if I can emulate the user’s experience with our desktop CPE on our USB dongles. The desktop CPE uses a generic username/password that causes anyone connecting to the network to be redirected to a customer sign-up page when they try to browse the web for the first time. I’ve been trying to write a wrap-around installer that installs the connection manager software and then adds the generic username/password into the registry. I have the wrap-around installer working and it’s adding info to the registry but clearly I can’t just dump the keys from another Windows install and expect to import them back in since the data I’m after includes the password. I’m beginning to think there’s no easy way of doing this.