Netcat Tutorial:- Netcat, also known as the Swiss army knife for hackers.It’s a networking tool or a utility which is used to read and write data by initiating a connection over TCP and UDP port. In this post, we will learn how to use Netcat windows and netcat linux version. Using netcat, you can perform many tasks like transferring files, chatting, port scanning, setting up a backdoor. If the Windows Registry is a place where system and application settings are stored, then the Mac equivalent of the Windows Registry would be a series of.plist files in several preferences folder on the Mac.
Usually when software gets installed onto your computer, it copies the needed files and registry entries onto the system for the program to function properly. And when you want to uninstall the software it should but doesn’t always remove everything that was added in the first place. Most of the time there is useless data left over which should have been removed because the uninstaller maybe is corrupted or even badly programmed. Depending on the program and how good the uninstaller is, this could range from one or two innocuous registry keys right up to hundreds of keys and several Megabytes of leftover files.
One way to find out yourself what is getting added to your system during a software install is to actually check the state of your system before the installation, and then check again afterwards to see what has changed. Here’s a selection of 7 tools that can track what file and registry changes are made during a software install by creating and then comparing before and after snapshots of your system, all were tested on Windows 7.
1. Regshot unicodeRegshot is a long running utility that can quickly take a before and after snapshot of the system registry. Also in the more recent unicode version it’s gained the ability to monitor for file changes using CRC32 and MD5 file checksums although this function is turned off by default and you have to go to File -> Options -> Common Options -> and tick “Check files in the specified folders” to enable it.
Only the Windows folder is entered into the list of watched folders so you have to enter any others yourself through the Folders tab. This version also added the Connect to remote registry option.
Regshot is very much a “hands on” utility and is more for experienced or advanced users to quickly check for system changes between two different points in time. Simply create the 1st shot, install the software or run the program you want to watch, and then press 2nd shot. After comparing the differences in the 1st and 2nd shots, it will open an HTML log in your browser listing all the detected changes.
Being only a few hundred KB and portable, Regshot is an extremely valuable tool to have around. The original Regshot is still very slowly being developed and there is a recent beta with separate 32 / 64-bit and ANSI / Unicode versions that can be found at SourceForge.
Download Regshot 2 Unicode
2. InstallWatch Pro
InstallWatch Pro is quite an old utility which works in a similar way to RegShot in that it tracks any changes made to your registry and files between 2 given points in time although this program is more specifically designed for tracking installs. The program is quite detailed in what it can track and includes additions, deletions, or modifications to files and directories, INI files and the system registry.
The good thing about InstallWatch is the easy to read way in which the results are displayed because it behaves just like a standard Explorer window with an expanding tree view of the sections on the left. While the program is running it will detect if you run a setup installer and ask to create a before snapshot, or you can simply click the Snapshot button on the toolbar.
After install, it will ask to create the after snapshot or you can use the Analyze button. The result can then be browsed or individual sections can be exported to text or HTML. All installs are instantly accessible from the tree view and there is also a useful search function.
Download InstallWatch Pro
3. SpyMe Tools
This utility has something the others in the list don’t which is a function to monitor a drive or folder in real time for file changes and could prove a useful addition when doing a bit of troubleshooting. SpyMe Tools is a quite an old program but is still perfectly capable at creating before and after snapshots to watch an install or software for changes.
It does have one drawback though because there is only the facility to snapshot either files or registry, not both together, changeable in the Current Mode option on the toolbar.
Like InstallWatch Pro the interface looks a lot like Explorer so you should feel at home navigating around. The way SpyMe Tools works is slightly awkward because you have to click the Scan button and save the snapshot, install or run the software to track, then click the Scan button again and save another snapshot with a different name.
Both are then tested for changes using the Compare button and the results will show in the window. The differences between the 2 snapshots can be saved as a text file. SpyMe Tools is also a portable program.
Download Spyme Tools
4. InCtrl5
InCtrl5 is an incredibly old tool dating way back to the year 2000 but some users may have heard or used it before, and it can still do a job with a little bit of effort. There are one or two issues with it though which require a bit of knowledge to use the program effectively. First, unsurprisingly InCtrl5 will need to be run in compatibility mode for Windows Vista, 7 or 8.
Secondly, there is an issue with it’s output results for 64-bit users as it won’t display the SoftwareWow6432Node registry keys as coming from there, but will instead show them as coming from simply Software, something to watch out for.
Using the program is pretty easy and it will track changes to the registry, drives and folders, ini files and also specific text files. Inclusions and exclusions can be configured by using the What to track buttons. After selecting the installer you want to track, it will create the before snapshot for you.
Then you install the software and press the Install Complete button to create the after snapshot and the analysis, which could take a little while. The result will then open up a window where it can be viewed or saved as HTM, TXT or CSV files formats.
Download InCtrl5
12Next › View All You might also like:
7 Tools to Monitor Software Installs and then Uninstall Removing the Leftovers4 Tools to Decode and Convert Windows Registry Hex Values to Text7 Tools to Defrag and Compact the Windows RegistryHow To Recover and Export Data from Offline Registry Files2 Ways to Convert REG to EXE, BAT, VBS and AU3 to Bypass Registry Editing Restriction 34 Comments - Write a Comment
The free System Explorer systemexplorer.net and has also a Snapshots tool to record and compare changes in files and/or registry.
ReplyMy favourites were always Advanced Registry Tracer [ART] & Advanced Registry Monitor [ARM].
They both have a “create redo reg” & “create undo reg” feature.
From memory they [or only one of them] can detect file size increase/decrease/modified & file date changes too.
Its been a while but Advanced Registry Tracer’ System requirements for ART states it can support current windows versions.
Mark.
ReplyProcess Monitor works with x64 and 32 registry.
It also can monitor both files and registry at the same time, plus much much more.
It’s free, and you can get it from Microsoft.
It replaced RegMon and FileMon tools.
You can download it from the following link:
technet.microsoft.com/en-us/sysinternals/processmonitor
The only downside is that because it has so many extra capabilities, it’s not as user friendly as older registry tools. It does come with a great help file, and once you get the hang of it, you’ll never look at older registry tools the same.
ReplyWe’ve mentioned Process Monitor in other articles and its real time abilities.
Sadly there’s far too much useless information and filtering needed for it to be used as a before and after snapshot comparison tool.
ReplyI want to compare two snapshots of virtualbox and I want to know that is there any tool that can show me the difference among registry as well as file structure
ReplyMany thanks, this article helped me find something in the registry.
ReplyGreat information shared !
I will add one more comprehensive tool named Lepide File server auditing tool which also provides the way to track every critical changes/access made on file server into real time.
Hi,
spy me Weblink is not working anymore
Many thanks for the article. I tried SpyMe Tools and it worked fantastically. Was able to easily collapse registry keys for changes that I could easily rule out, and it made it far easier to locate the keys I was looking for.
The biggest issue was figuring out how to use the program. Pressing the scan button seems to scan, but doesn’t show any output so I couldn’t figure out what to do from there. Eventually I saved the scan results (even though none showed) and then ran another scan, again nothing showed, saved those results, and then ran a compare and browsed manually for the files. Aside from that the ui and functionality seems great, my new favourite.
ReplyAny of those software would help me to keep track of changes after the software is installed?
For example… 30 days trial software. If change os dates does not work to avoid end of trial period is because it’s storing something on the registry probably at every usage.
I would like to see what was changed after the execution of a software.
Any of thsese soiftware would help me?
Thank you in advance!
Take care!
The version of Regshot listed in the article is old.
X-Regshot 2.0 can output .reg DIFF files when taking into account 2 registry comparisons.
winpenpack.com/main/download.php?view.750
The only trick is to change the default language from Russian to English, the flag button in the bottom right on first startup.
Regshot 1.x leaves a lot to be desired unfortunately.
ReplyIt appears you have got confused somewhere, X-Regshot IS Regshot with a rather pointless WinPenPack splash screen tagged on.
We link to both versions (1.9x and 2.0.xx) and are talking about the same Unincode version X-Regshot uses…
Replythe last freeware version of Total Uninstall is still available ( not at the authors’ site) and it’s all I’ve used for about the last 10 years
ReplyYeah, we’ve talked about that in another article dedicated to uninstall monitors…
raymond.cc/blog/monitor-software-installs-remove-leftovers-install-monitor/
ReplyThanks.
ReplyI want to know if any of these programs would help me to get a .reg of the installed software, so when i install simples programs, and i have to reinstall windows any time, i wouldn´t have to reinstall my software too, but just merge my .reg file and i get my little sofware working again
ReplyI think a few of them do what you ask, but RegShot is probably the easiest to use.
After running the 2nd snapshot and comparing, look in the Report folder (usually C:Hive) and find the RedoReg.txt file. That’s the difference file and you simply rename the extension to .reg and import into the registry later.
ReplyHey I just downloaded that Regshot Unicode and it’s some strange version from 2010 2.01.70 when the build at source forge is 1.9.0.281 from the Regshot team dated 2/2/2013
What gives and who compiled that “Regshot 2” version in Russia?
ReplyThe Regshot Unicode version was a fork of the original Regshot after it was pretty much abandoned for something like 3 or 4 years. It’s been around since 2010 and many people prefer it for the extra functions and unicode support. Unfortunately the website for it is now gone.
ReplyBoth InstallWatch Pro and Systracer output the changes between before and after snapshots as reg files. Unfortunately the free version of InstallWatch Pro is limited in that a record of deleted registry keys and values is not available. The full version had this feature, but after much searching using Google I have not been able to locate it.
ReplyI scanned InstallSpy 2 with VirusTotal.com and it’s showing a possible infection. Can anyone confirm?
ReplyThat’s definitely a false positive, the creator and host of the file, 2brightsparks.com, is a well respected software developer. 1 out of 46 at VirusTotal is classic false positive territory.
ReplyThank you so much. I recently performed a complete system restore, only re-installing 8 programs. Now, I have to temporarily install more programs. Hopefully, I will never have to restore my computer again with this.
ReplyThis is awesome info. Thanks alot I only knew about a few of these tools.
ReplyThank you very much for your useful post!
It is just what I want.
this is a great article, but i’d be interested in hearing which is the #1 choice for the author after testing all them. :-/
ReplyRaymond Rules….
ReplyThank You…
ReplyThanks Ray!
Replythanks ray..
ReplySince I began to use Total Uninstall (1 year ago) I never had to reinstall Windows! This program really removes everything! Windows will be in top shape no mater how many apps you install/uninstall! This kind of application is excellent to keep bloatware and crapware under control.
ReplyThanks man, its great tutorial. I always wanted to keep my system clean and I am gonna use Total Uninstall.
Thanks!
ReplyRegshot Equivalent For Mac Os
This is great. Thanks a lot. I used to know about FileMon and RegMon only.
ReplyTotal Uninstall is what I use, but thanks for rest of the softwares, great tips no doubt, cheers mate!
ReplyLeave a Reply
Sysinternals Suite
The entire set of Sysinternals Utilities rolled up into a single download.
Sysinternals Suite for Nano Server
Sysinternals Utilities for Nano Server in a single download.
Sysinternals Suite for ARM64
Sysinternals Utilities for ARM64 in a single download.
AccessChk
v6.13 (October 15, 2020)
AccessChk is a command-line tool for viewing the effective permissionson files, registry keys, services, processes, kernel objects, and more.
AccessEnum
v1.32 (November 1, 2006)
This simple yet powerful security tool shows you who has what access todirectories, files and Registry keys on your systems. Use it to findholes in your permissions.
AdExplorer
v1.50 (November 04, 2020)
Active Directory Explorer is an advanced Active Directory (AD) viewerand editor.
AdInsight
v1.2 (October 26, 2015)
An LDAP (Light-weight Directory Access Protocol) real-time monitoringtool aimed at troubleshooting Active Directory client applications.
AdRestore
v1.2 (November 25, 2020)
Undelete Server 2003 Active Directory objects.
Autologon
v3.10 (August 29, 2016)
Bypass password screen during logon.
Autoruns
v13.98 (June 24, 2020)
See what programs are configured to startup automatically when yoursystem boots and you login. Autoruns also shows you the full list ofRegistry and file locations where applications can configure auto-startsettings.
BgInfo
v4.26 (October 19, 2018)
This fully-configurable program automatically generates desktopbackgrounds that include important information about the systemincluding IP addresses, computer name, network adapters, and more.
BlueScreen
v3.2 (November 1, 2006)
This screen saver not only accurately simulates Blue Screens, butsimulated reboots as well (complete with CHKDSK), and works on WindowsNT 4, Windows 2000, Windows XP, Server 2003 and Windows 95 and 98.
CacheSet
v1.0 (November 1, 2006)
CacheSet is a program that allows you to control the Cache Manager'sworking set size using functions provided by NT. It's compatible withall versions of NT.
ClockRes
v2.1 (July 4, 2016)
View the resolution of the system clock, which is also the maximum timerresolution.
Contig
v1.8 (July 4, 2016)
Wish you could quickly defragment your frequently used files? Use Contigto optimize individual files, or to create new files that arecontiguous.
Coreinfo
v3.31 (August 18, 2014)
Coreinfo is a new command-line utility that shows you the mappingbetween logical processors and the physical processor, NUMA node, andsocket on which they reside, as well as the cache’s assigned to eachlogical processor.
Ctrl2cap
v2.0 (November 1, 2006)
This is a kernel-mode driver that demonstrates keyboard input filteringjust above the keyboard class driver in order to turn caps-locks intocontrol keys. Filtering at this level allows conversion and hiding ofkeys before NT even 'sees' them. Ctrl2cap also shows how to useNtDisplayString() to print messages to the initialization blue-screen.
DebugView
v4.90 (April 23, 2019)
Another first from Sysinternals: This program intercepts calls made toDbgPrint by device drivers and OutputDebugString made by Win32 programs.It allows for viewing and recording of debug session output on yourlocal machine or across the Internet without an active debugger.
Desktops
v2.0 (October 17, 2012)
This new utility enables you to create up to four virtual desktops andto use a tray interface or hotkeys to preview what’s on each desktop andeasily switch between them.
Disk2vhd
v2.01 (January 21, 2014)
Disk2vhd simplifies the migration of physical systems into virtualmachines (p2v.md).
DiskExt
v1.2 (July 4, 2016)
Display volume disk-mappings.
Diskmon
v2.01 (November 1, 2006)
This utility captures all hard disk activity or acts like a softwaredisk activity light in your system tray.
DiskView
v2.41 (October 15, 2020)
Graphical disk sector utility.
Disk Usage (DU)
v1.62 (November 04, 2020)
View disk usage by directory.
EFSDump
v1.02 (November 1, 2006)
View information for encrypted files.
FindLinks
v1.1 (July 4, 2016)
FindLinks reports the file index and any hard links (alternate filepaths on the same volume.md) that exist for the specified file. A file'sdata remains allocated so long as at it has at least one file namereferencing it.
Handle
v4.22 (June 14, 2019)
This handy command-line utility will show you what files are open bywhich processes, and much more.
Hex2dec
v1.1 (July 4, 2016)
Convert hex numbers to decimal and vice versa.
Junction
v1.07 (July 4, 2016)
Create Win2K NTFS symbolic links.
LDMDump
v1.02 (November 1, 2006)
Dump the contents of the Logical Disk Manager's on-disk database, whichdescribes the partitioning of Windows 2000 Dynamic disks.
ListDLLs
v3.2 (July 4, 2016)
List all the DLLs that are currently loaded, including where they areloaded and their version numbers.
LiveKd
v5.62 (May 16, 2017)
Use Microsoft kernel debuggers to examine a live system.
LoadOrder
v1.01 (July 4, 2016)
See the order in which devices are loaded on your WinNT/2K system.
LogonSessions
v1.41 (November 25, 2020)
List the active logon sessions on a system.
MoveFile
v1.01 (January 24, 2013)
Allows you to schedule move and delete commands for the next reboot.
NotMyFault
v4.01 (November 18, 2016)
Notmyfault is a tool that you can use to crash, hang, and cause kernelmemory leaks on your Windows system.
NTFSInfo
v1.2 (July 4, 2016)
Use NTFSInfo to see detailed information about NTFS volumes, includingthe size and location of the Master File Table (MFT) and MFT-zone, aswell as the sizes of the NTFS meta-data files.
PendMoves
v1.2 (February 5, 2013)
Enumerate the list of file rename and delete commands that will beexecuted the next boot.
PipeList
v1.02 (July 4, 2016)
Displays the named pipes on your system, including the number of maximuminstances and active instances for each pipe.
PortMon
v3.03 (January 12, 2012)
Monitor serial and parallel port activity with this advanced monitoringtool. It knows about all standard serial and parallel IOCTLs and evenshows you a portion of the data being sent and received. Version 3.x haspowerful new UI enhancements and advanced filtering capabilities.
ProcDump
v10.0 (September 17, 2020)
This command-line utility is aimed at capturing process dumps ofotherwise difficult to isolate and reproduce CPU spikes. It also servesas a general process dump creation utility and can also monitor andgenerate process dumps when a process has a hung window or unhandledexception.
Process Explorer
v16.32 (April 28, 2020)
Find out what files, registry keys and other objects processes haveopen, which DLLs they have loaded, and more. This uniquely powerfulutility will even show you who owns each process.
Process Monitor
v3.60 (September 17, 2020)
Monitor file system, Registry, process, thread and DLL activity inreal-time.
PsExec
v2.2 (June 29, 2016)
Execute processes on remote systems.
PsFile
v1.03 (June 29, 2016)
See what files are opened remotely.
PsGetSid
v1.45 (June 29, 2016)
Displays the SID of a computer or a user.
PsInfo
v1.78 (June 29, 2016)
Obtain information about a system.
PsKill
v1.16 (June 29, 2016)
Terminate local or remote processes.
PsPing
v2.01 (January 29, 2014)
Measure network performance.
PsList
v1.4 (June 29, 2016)
Show information about processes and threads.
PsLoggedOn
v1.35 (June 29, 2016)
Show users logged on to a system.
PsLogList
v2.8 (June 29, 2016)
Dump event log records.
PsPasswd
v1.24 (June 29, 2016)
Changes account passwords.
PsService
v2.25 (June 29, 2016)
View and control services.
PsShutdown
v2.52 (December 4, 2006)
Shuts down and optionally reboots a computer.
PsSuspend
v1.07 (June 29, 2016)
Suspend and resume processes.
PsTools
v2.45 (July 4, 2016)
The PsTools suite includes command-line utilities for listing theprocesses running on local or remote computers, running processesremotely, rebooting computers, dumping event logs, and more.
RAMMap
v1.60 (October 15, 2020)
An advanced physical memory usage analysis utility that presents usageinformation in different ways on its several different tabs.
RegDelNull
v1.11 (July 4, 2016)
Scan for and delete Registry keys that contain embedded null-charactersthat are otherwise undeleteable by standard Registry-editing tools.
Registry Usage (RU)
v1.2 (July 4, 2016)
View the registry space usage for the specified registry key.
RegJump
v1.1 (April 20, 2015)
Jump to the registry path you specify in Regedit.
SDelete
v2.04 (November 25, 2020)
Securely overwrite your sensitive files and cleanse your free space ofpreviously deleted files using this DoD-compliant secure delete program.
ShareEnum
v1.6 (November 1, 2006)
Scan file shares on your network and view their security settings toclose security holes.
Regshot Equivalent For Mac High Sierra
ShellRunas
v1.01 (February 28, 2008)
Launch programs as a different user via a convenient shell context-menuentry.
Sigcheck
v2.80 (June 24, 2020)
Dump file version information and verify that images on your system aredigitally signed.
Streams
v1.6 (July 4, 2016)
Reveal NTFS alternate streams.
Strings
v2.53 (July 4, 2016)
Search for ANSI and UNICODE strings in binary images.
Sync
v2.2 (July 4, 2016)
Flush cached data to disk.
Sysmon
v12.03 (November 25, 2020)
Monitors and reports key system activity via the Windows event log.
Regshot Equivalent For Mac Keyboard
TCPView
v3.05 (July 25, 2011)
Active socket command-line viewer.
VMMap
v3.31 (November 04, 2020)
VMMap is a process virtual and physical memory analysis utility.
VolumeId
v2.1 (July 4, 2016)
Set Volume ID of FAT or NTFS drives.
Whois
v1.20 (December 11, 2019)
See who owns an Internet address.
WinObj
v2.23 (November 25, 2020)
The ultimate Object Manager namespace viewer is here.
Regshot Equivalent For Mac Pro
ZoomIt
v4.52 (December 11, 2019)
Presentation utility for zooming and drawing on the screen.