If you want to monitor Windows registry, file-system and processes real-time – Process Monitor is an advanced monitoring utility that runs on Windows XP, Windows Server 2003, Vista and Windows 7 systems.
Using Process Monitor for Windows Registry
Make sure that use Include ‘RegSetValue’ to add the filter option in order to monitor the registry settings easily.
Or just incase you can’t find the RegSetValue in runtime, click the Filter icon and choose Operation at the list of entries and type “RegSetValue” then “include”.
Process Monitor logs all Registry operations and displays Registry paths using conventional abbreviations for Registry root keys e.g. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\TaskbarGlomLevel.
To access and verify them to the registry you just need to use the “Jump to” function
Other important functions from Microsoft:
Process
In its thread monitoring Process Monitor tracks and gets all process and thread operations such as creation and exit as well as device driver load operations and dlls.
Network
Process Monitor uses Event Tracing to find and record TCP and UDP activity. Each network operation includes the source and destination ip addresses including the amount of data sent and received.
Read more...
