RegDump gets you Registry Hive dumps in simple text format

Ladislav Nevery, like many of found it difficult to find what has changed in registry hive  like many of the administrators or programmers. The problem he explains is :

Well recently I had nasty worm/rootkit problem and naturally I wanted to know what he changed in my system. So i started seeking for some tool to detect registry changes. some simple tool to dump complete registry content to text file before infection and after and by simple text diff i would be able to see the changes fast. I was not very lucky thou. Since all reg tools i found were using win32 api to get data which that clever rootkit redirected to himself and thus stayed hidden. Also as i later found out malware don’t even need to be that clever to hide things in registry from standard api.

To solve this he created a simple tool RegDump which create a dump of your registry in simple text format which can be used later with any simple text editor to compare and find what has changed when you install any new software. So if you need to clean a big mess you can use this to find and then clean it without using any registry tool which uses win32 api.

Regdump
Regdump

3 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here