Hi,
Is there any app which can follow which files changed by an application which executed?
I found some apps to find which files has been changed before and after an app executed. But they can not show me which files has been changed by this app. They show me all the files has been changed by operation system, services and all apps which runnig. So I can not filter the files which changed just by application which I want to follow.
I would be happy if you can suggest me any software to do that...
Thank you
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
The tool of choice for most of the people here is Regshot Portable which shows both files and registry items changed, added, or removed. I hope this helps!
You should always test a portable app on a virtual machine if possible.
Simply install VirtualBox. Install the operating system you want to test on.
Regshot all you want.
Yes, I set the working directory!
I personally find Sandboxie faster and more convenient than any virtual machine I've tried. The only catch is that it only monitors files, not the registry, so you need to run a regshot separately and then delete the entries manually.
Sandboxie monitors/diverts both files and registry, tricky bit is reading the virtual registry. There used to be an add-on for Sandboxie called SandDiff which could display changes in virtual registry. Format was slightly different than RegShot's.
SandDiff (actually, Sandboxie) had a perk which made it unsuitable to thoroughly test PA-portabilized apps, but worked well for examining "regular" apps. The author discontinued it in favor of similar tools, might be good to look them up Pyro.
My posts are old and likely no longer relevant.
Someone linked to a possible solution to monitor the registry in Sandboxie but I never got it to work, though (and SandDiff doesn't seem to ring a bell). I'll try again though next time I go on my computer.
Thank you all. But I had already find Regshot and some other alternatives. But the main point is how I will find the files which changed JUST by the application which I am following it. I mean Regshot will show me all the files which changed comparing first and second snapshot. But (as default) Windows already changes many files from system even you don't execute any service, or application. So on the list which will show me Regshot, I will see also these files. So there is no way to understand which files eddited or accessed by the application which I am following it.
Regshot also finds just the changed on the registry not for the files. I need both of them.
Regshot also monitors files. Check the screenshot, it's saying "scan dir" for a reason
You can either:
- reduce the other apps to a minimum using a clean install (VirtualBox, Sandboxie, ...)
- Think about the logical places; %APPDATA%, %DOCUMENTS%, in registry: (HKCU|HKLM)/Software/publisher/appname, stuff like that...
check existing apps (maybe in Beta Testing Forum) to find some new things, read their launcher.ini, you'll definitely learn something!
edit: fixed some typos, I'm not good at typing today =/
Yes, I set the working directory!
RegFromApp will show you only the changes associated with a single executable, but only for registry changes, it does not do file changes.
As previously stated, RegShot is your best bet, it does both files and registry, and you just need to run it on a clean system such as a VM or with Sandboxie.