Home News Products Buy Now Download Support Login

· Introduction

· Overview of Features

· Supported OS

· What's new ?

· Download Home Edition

· Buy Professional Edition
Online Documentation

Registry Monitor

The registry monitor displays real time registry activity by applications and the system.


Starting the registry monitor

To start the registry monitor, make sure that Registry is enabled in the panel of activated monitors on the left of the screen. Then click the Start button.


Stopping the registry monitor

To stop the registry monitor, click the Stop button.


Information in the registry monitor view

Date/Time
This column displays the moment of each action that was registered by the monitor. The time stamp is a value with a precision of 100 nanoseconds. If multiple actions took place within a single time interval of 100 nanoseconds, the time stamp value will be incremented to guarantee a unique time stamp.

Action
This columns displays the name of the action that was registered. For the registry monitor possible actions are CloseKey, CreateKey, DeleteKey, DeleteValueKey, EnumerateKey, EnumerateValueKey, FlushKey, LoadKey, OpenKey, QueryKey, QueryValueKey, ReplaceKey, RestoreKey, SaveKey, SetValueKey, UnloadKey, SetInformationKey, SetValueKey. For more information on these actions refer to the Microsoft SDK documentation on these APIs and the registry.

Process
This displays the name of the executable process name which initiated the action.

Status
This column displays whether the operation completed successfully or not.

Key Name
This displays the name of the registry key on which the action took place.

Value Name
This column displays the name of the registry value on which the action took place, if any.

Data
This column displays the contents of the value on which a registry operation took place.

Value Type
This displays the value type of the affected registry value. For information on possible values refer to Microsoft documentation on RegSetValueKeyEx.

Size
Displays the size of the registry value, in the case the action did not only affect a key.

HKEY
This represents the key handle of the registry key that was involved in the action.

PID
Displays the value of the process ID of the executable which initiated the action..

ThreadID
Displays the ID of the thread which initiated the action.

CPU
On a multi-processor system, this will display the ID of the processor that executed the action.

MultiMon Help Topics

Introduction

  · Product Page
  · Supported Operating Systems
  · What's new
  · FAQ and Tips

Using MultiMon

  · File system monitor
  · System monitor
  · Registry monitor
  · Keyboard monitor
  · User action monitor
  · Clipboard monitor
  · Combined view
  · Advanced Options

Copyright © 1997-2025 Resplendence Software Projects. All rights reserved. Privacy Policy.
Page generated on 5/3/2025 6:19:56 PM. Last updated on 9/17/2019 2:09:47 PM.