Use Process Monitor to find the registry value for a Windows option

More often than not, we need to make a change to the registry when we want to tweak the functionality of Windows. And many people in the eyes of the so-called Master, the Windows registry is playing superb. Do these masters write down the Windows registry? The answer is of course impossible. So how do we know which registry value corresponds to a feature in Windows?

In the following article, we'll show you how to use the event monitoring feature of Process Monitor to find the registry value for a Windows option.

Using Process Monitor to find the registry value

I believe you often change the system configuration by check boxes or drop-down boxes in Windows, where exactly are these configuration items stored? In fact, in the Windows operating system, most of the system configuration items are stored in the registry. For example, the change of Group Policy configuration, Windows service configuration, and startup status are all stored in the registry, and now let's show you how to find these registry paths in the form of examples.

Demo Example

Everyone knows you can lock the taskbar by ticking the taskbar tab, so we'll show you the registry path that was used to lock the taskbar!

Let's open the process Monitor to start monitoring the system events, then tick the lock taskbar and click Apply , and then the process monitor should have crawled to the registry value that changed the entry. However, there are so many Windows events crawled in the Process Monitor that we need to filter out all the events that set up the registry by using the filter feature, so first apply a operation(action) to RegSetValue filter. After masking unrelated events, it's easy to find the information we need manually.

When the relevant registry path is found in the Process Monitor, we can use the jump to go to the specific path of the registry. If it is not possible to determine whether the path and the corresponding registry key correspond to the Windows options that we have changed, simply check the registry values for changes after changing the Windows option again.

Once you have determined that the Windows options correspond to the registry values, we can determine their correspondence.

The above is a demonstration example that I imagined, let me give you a practical case to illustrate.

Example of a real exercise

After I installed some Adobe software in Windows 10, there was a Creative Cloud file section on the left side of the explorer, and I decided to kill it.

By opening the process monitor and monitoring the system, knowing that the directory is displayed on the resource manager, and that the resource Manager uses the Explorer.exe process, in order to prevent interference, I will only Explorer.exe in the process Monitor Process related events are filtered out.

To be able to capture related events for this folder, I clicked the Creative Cloud file icon on the left side of the explorer to facilitate the crawl of Process Monitor. I then use Ctrl F to search for the Creative Cloud file keyword.

The search results in the registry path corresponding to the Creative Cloud file

After you delete the path in the registry, the Creative Cloud file column on the left side of the explorer disappears.

Note: To avoid surprises, do a backup before you operate the registry.

Summary

I believe that through the examples presented in this article, we have a clearer understanding of the use of Process Monitor. If you have any questions or questions about your use, you can leave a comment in the comments.

Copyright belongs to the author.
Biny
Links: http://www.kzwr.com/article/119095
Source: www.kzwr.com

Use Process Monitor to find the registry value for a Windows option