Microsoft Windows Registry Guide, Second Edition
Comparing with Reg.exe
The Windows Support Tools, which include WinDiff, as you've already learned, also installs the Console Registry Tool for Windows (Reg.exe). This program can compare two branches of the registry and has a useful feature that helps you track down settings in the registry. Copy the branch that you think contains the value to the temporary key (this is your first snapshot), change the setting you're tracking, and then compare the current key to the temporary key. Using Reg.exe this way has the advantage of being quite straightforward. It has the disadvantage of relying on a command line rather than a graphical user interface, and if you don't remove the temporary keys from the registry, you can end up with an oversized registry that contains a bunch of data that you don't need.
Chapter 11, “Scripting Registry Changes,” describes all the command-line options available in Reg.exe. For now, here are the steps necessary to locate a setting in the registry:
In a command prompt window, type reg copy source destination /s /f, where source is the key that you want to copy to the temporary key destination.
Make sure the destination doesn't exist first; otherwise, you'll end up with a lot of differences when you compare the two keys. Also, if the name of either key contains spaces, enclose the entire key in quotation marks. Don't use the full names of root keys; use HKCU and HKLM instead.
Make changes to the setting.
In a command prompt window, type reg compare key temp /s, where key is the current key and temp is the temporary key.
The following listing is a sample of the output that Reg.exe generates. Reg.exe indicates lines that are missing from the current key with a right arrow (>) and indicates lines that were added or changed in the current key with a left arrow (<). In other words, you see > next to deleted values and < next to new or changed values.
< Value: HKEY_CURRENT_USER\control panel\desktop ActiveWndTrkTimeout REG_DWORD 0x0 > Value: HKEY_CURRENT_USER\backup ActiveWndTrkTimeout REG_DWORD 0x400 < Value: HKEY_CURRENT_USER\control panel\desktop DragFullWindows REG_SZ 1 > Value: HKEY_CURRENT_USER\backup DragFullWindows REG_SZ 0 < Value: HKEY_CURRENT_USER\control panel\desktop DragHeight REG_SZ 4 < Value: HKEY_CURRENT_USER\control panel\desktop DragWidth REG_SZ 4 Result Compared: Different The operation completed successfully
After you're done with the temporary key, make sure that you delete it; otherwise, you're going to fill up the registry with junk, and you won't be able to use the same temporary key for future comparisons. To quickly remove the temporary key, in a command prompt window, type reg delete key /f, where key is the name of the temporary key. The command-line option /f prevents Reg.exe from prompting you to confirm that you want to remove the key.
TIP
An alternative method is to save a branch as a hive file, and then load the hive file into HKU. Then change a setting in the user interface, and compare the original branch to the hive file that you loaded in HKU. Don't forget to unload the hive file when you are finished. This method has the advantage of not cluttering the registry with temporary keys. Chapter 11, “Scripting Registry Changes,” shows you the Reg.exe commands that enable you to save, load, and unload hive files.