How Can I Track the Modifications a Program’s Installer Makes?

By Jason Fitzpatrick on November 15th, 2012

What exactly are those installation apps doing as the progress bar whizzes by? If you want to keep a close eye on things, you’ll need the right tools.

Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-drive grouping of Q&A web sites.

The Question

SuperUser reader Gregory Moussat wants to know what’s going on behind the installer’s facade :

I want to know what some installers do: mainly what files, folders, and registry entries they add, remove, or modify.

Lots of “ professional” programs are so poorly documented that it’s difficult to find the proper way to configure them, update them, etc.

InstallRite is a program which is able to take a “snapshot” before and after the installation of a program and then compare the snapshots. This allows you to know what was done and even to create a custom uninstaller. Unfortunately InstallRite seems to no longer be maintained and has not been updated since 2008.

What tool stands to replace InstallRite?

The Answer

Contributor Synetech offers an alternative tool:

There are several and I have tested at least 10-12, but the one I prefer and recommend is ZSoft Uninstaller. It is free and is good at finding difference without overwhelming you with extraneous clutter like most of these programs, even commercial ones tend to do.

I also use PC Magazine’s InCtrl 5 which is very good (enough to get Microsoft’s approval), but several years ago they stopped distributing their programs for free, but because it used to be free, there are still plenty of copies available (unfortunately not so with the newer InCtrl X.)

If you’re interested in getting the overhauled copy of InCtrl (InCtrl X) it’ll run you $8–read more about InCtrl X here.

Another contributor, Prahlad Yeri, offers a few suggestions on how to manually investigate what the application is doing:

What an installer truly does in detail cannot be known, except perhaps by reverse-engineering its binary instructions. Here are a few signs that you can check:

  1. Check for application folders in your Program Files directory. There is usually an entry inC:\Program Files\AppXYZ.
  2. Similarly check the system folders (C:\Windows\System32). Your app could have placed libraries (DLL/OCX/TLBs) here.
  3. Run CCleaner to see if it has created any registry entries. CCleaner also shows some other changes the app could have made such as registration of a MIME type, etc.
  4. Remember to check the .NET GAC (Global Assembly Cache). It contains all the .NET assemblies your app might have registered on your machine. It’s usually in the folder C:\windows\assembly
  5. The obvious (but sometimes the obvious is overlooked!):
    • Start Menu and desktop shortcuts
    • Files in C:\users\USER-NAME\Application Data (CCleaner will show these)
    • Entries in Startup menu and boot.ini (run msconfig to check these)

Between checking snapshots with an app and manually checking the files out, you’ll have all your bases covered. You can check out the full discussion at SuperUser here. Have a tool or technique to add to the list? Sound off in the comments.

 

Jason Fitzpatrick is a warranty-voiding DIYer who spends his days cracking opening cases and wrestling with code so you don't have to. If it can be modded, optimized, repurposed, or torn apart for fun he's interested (and probably already at the workbench taking it apart). You can follow him on if you'd like.

  • Published 11/15/12
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!