 |
AutoHotkey Community
Let's help each other out
|
| View previous topic :: View next topic |
| Author |
Message |
pajenn
Joined: 07 Feb 2009
Posts: 384
|
 Posted: Wed Aug 05, 2009 6:08 pm Post subject: |
 |
|
| paxophobe wrote: | | Regshot2 is superior. It creates an html file of all changes, plus it creates registry redo and undo files with no conversion to .reg from some extra program needed. |
thanks for the launcher. since my initial post about regshot2 i've come to the same conclusion. i've also used another similar program called InCtrl5. my script complies with the original regshot because I haven't had the time to convert it to either of the other two yet.
InCtrl let's you save reports in CSV format, which would be easier for AHK-editing purposes; and it can tract the contents of several important text files; boot.ini and such. however, it does not seem to have a save shot option (except by default when a restart is required)... - but not sure... I updated Acronis True Image earlier today, and used InCtrl5 to track the changes. The Acronis installer complained that InCtrl5 had locked up some files Acronis needed to update, but gave me the option to update them on reboot - the other option would have been to quit InCtrl5... That may be the only option some other programs give the user so I need to be able to save a shot and exit option (and then load it later)... If anyone knows how to do that with InCtrl, please let me know - or at least fool it to think the computer is shutting down to simulate saving snapshots...
Also, if anyone knows how to get InCtrl5 or RegShot2 only record changes to C:\ for example, but not all subfolders (unless specified), then let me know. that is, short of excluding every other folder...
_________________
Hardware: 1.8 GHz laptop with 4 GB ram, Windows XP/SP3
Software: Prevx, Privatefirewall, KeyScrambler. |
|
| Back to top |
|
 |
paxophobe
Joined: 10 Nov 2007
Posts: 93
Location: Second star to the right.... watching you.
|
| Posted: Wed Aug 05, 2009 6:38 pm Post subject: |
|
|
pajenn,
Check out Total Uninstall..... |
|
| Back to top |
|
|
pajenn
Joined: 07 Feb 2009
Posts: 384
|
| Posted: Sat Aug 08, 2009 8:51 pm Post subject: |
|
|
| paxophobe wrote: | | pajenn wrote: | | By the way, I also found a modified versions of RegShot. One by Paraglider, that saves the logs in .reg format, and can also be used on BartPE rescue media. The other, an unofficial unicode version of RegShot, aka RegShot2, was available on various Russian or Czech sites. The version I tried did not have the option to include files in snapshots, but the registry side appeared more advanced... |
Not true... Regshot2 takes snapshots of file changes.
here is my ini file
| Code: | [Settings]
Language=English
UseRemote=no
ReportFolder=d:\regshots
ReportName=whatever
ButtonsMenu=no
AutoCompare=yes
StoreOnQuit=no
Fileshot=yes
[Report]
DataLimit=128
DeletedKey=RootKeyOnly
NewKey=AllValues
SelectIgnoreKeys=no
CurrentUser=yes
UseExclude=yes
[Registry.Exclude]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography=1
HKEY_LOCAL_MACHINE\HARDWARE\RESOURCEMAP=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VFILT=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VFILT=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VFILT=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\LastTheme=1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop=1
[Restore.Reg]
MakeUndo=yes
MakeRedo=yes
TxtExtension=no
Open=no
Regedit5=yes
[Restore.Inf]
MakeUndo=no
MakeRedo=no
TxtExtension=no
Open=no
UseVariables=yes
[Fileshot]
CRC32=no
MD5=no
SizeLimit=no
SizeMax=1024
[Folders]
C:\=1
[Folders.Exclude]
[Templates]
*.*=1
*.=1
|
|
Mine is below, although I'm not done adding to the [Registry.Exclude] list (I have the inf-file option enabled at the moment for making Bart XPE apps):
| Code: | [Settings]
Language=English
UseRemote=no
ReportFolder=Z:\_Backups\Regshots2
ReportName=report
ButtonsMenu=yes
AutoCompare=yes
StoreOnQuit=yes
Fileshot=yes
[Report]
DataLimit=256
DeletedKey=RootKeyOnly
NewKey=AllValues
SelectIgnoreKeys=yes
CurrentUser=yes
UseExclude=yes
[Registry.Exclude]
HKEY_CURRENT_USER\Printers\Connections=1
HKEY_CURRENT_USER\SessionInformation=1
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon=1
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache=1
HKEY_LOCAL_MACHINE\HARDWARE\RESOURCEMAP=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpdskflt\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PartMgr\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\snapman\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdrpman228\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Disk\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hpdskflt\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PartMgr\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\snapman\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdrpman228\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\USBSTOR\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Disk\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\hpdskflt\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PartMgr\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\snapman\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdrpman228\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\USBSTOR\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Disk\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpdskflt\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PartMgr\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\snapman\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdrpman228\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Enum=1
HKEY_USERS\S-1-5-19\Printers\Connections=1
HKEY_USERS\S-1-5-20\Printers\Connections=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\Shell\Bags=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache=1
[Restore.Reg]
MakeUndo=yes
MakeRedo=yes
TxtExtension=no
Open=no
Regedit5=yes
[Restore.Inf]
MakeUndo=yes
MakeRedo=yes
TxtExtension=no
Open=no
UseVariables=yes
[Fileshot]
CRC32=no
MD5=no
SizeLimit=no
SizeMax=1024
[Folders]
C:\=1
[Folders.Exclude]
%SYSTEMROOT%\CanoScan=1
%UserProfile%\Local Settings\Temp=1
%UserProfile%\Local Settings\Temporary Internet Files=1
C:\Documents and Settings\All Users\Application Data\Nuance=1
C:\Documents and Settings\All Users\Application Data\OnlineArmor=1
C:\Documents and Settings\All Users\Application Data\Rising=1
C:\ghostscript-8.62=1
C:\OnlineArmor=1
C:\pebuilder3110a=1
C:\Program Files\a2cmd=1
C:\Program Files\ABBYY FineReader 9.0=1
C:\Program Files\Acronis=1
C:\Program Files\Adobe=1
C:\Program Files\CyberLink=1
C:\Program Files\Java=1
C:\Program Files\MAGIX=1
C:\Program Files\MiKTeX 2.7=1
C:\Program Files\Nuance=1
C:\Program Files\REG tools=1
C:\Program Files\Rising=1
C:\Program Files\Tall Emu=1
C:\Program Files\VMware=1
C:\Program Files\WinEdt Team=1
C:\Program Files\Wolfram Research=1
C:\Python25=1
C:\Python26=1
C:\RavBin=1
C:\RETURNIL=1
C:\Sandbox=1
C:\swp55=1
C:\temp=1
C:\WINDOWS\Prefetch=1
[Templates]
*.*=1
*.=0 |
| Quote: | regshot2Launcher.ahk
| Code: |
#NoEnv
#SingleInstance Ignore
#Persistent
SetWorkingDir % A_ScriptDir
SendMode Input
SetTitleMatchMode Regex
SetBatchLines -1
SetControlDelay -1
SetWinDelay -1
shots = d:\regshots
Menu, tray, icon, regshot.exe
IfWinExist Regshot ahk_class #32770
ExitApp
Else
{
Run Regshot.exe,,, PID
PID = ahk_pid %pid%
Loop
IfWinExist %pid%
break
}
InputBox, i, Regshot, Input a name for this shot:,,, 120
if ErrorLevel
{
winkill %pid%
Exitapp
}
ControlSetText Edit2, %i%, %pid%
ControlClick Button1, %pid%
settimer check, 10
check:
WinGet state, MinMax, %PID%
If State = -1
{
process, close, regshot.exe
run %shots%
Exitapp
}
IfWinNotExist %pid%
ExitApp
return
|
Regshot2 is superior. It creates an html file of all changes, plus it creates registry redo and undo files with no conversion to .reg from some extra program needed. |
Your launcher inspired me to write my own launcher for the old regshot. It does the following:
-saves and names the shots and report automatically based an the Input-window prompt
-launches comparison automatically
-runs supplemental scans using AHK: at the moment, I've set it to scan C:\*.* without going into subdirs (moot if you use regshot to scan all of C:\), and to monitor boot.ini and autoexec.bat for content changes (still need to figure out how to compare the supplemental shots and how to add them the the regshot report).
-cleans some initial noise (i wanted to test the use of regex)
-checks creation times for new keys and folders, and appends that information into the original regshot report.
here's the code, though once again while I'm actively using the script, I'm also still polishing it as I notice problems or decide to expand the noise cleaning criteria:
| Code: | /*
THIS SCRIPT HAS TO RESIDE IN THE SAME FOLDER AS REGSHOT.EXE
IN ORDER FOR THE SETTINGS IN REGSHOT.INI TO TAKE EFFECT
written on AutoHotkey v1.0.48.03 and tested only on Windows XP/SP3
Note: Since the user may wish to load or save snapshots prior to
creating a comparison report, all 'Save As' and 'Open' windows (of the
ahk_class #32770 variety) will have to be closed before the comparison
button click will be automated.
*/
#NoEnv
#SingleInstance force
#Persistent
SetWorkingDir % A_ScriptDir
SendMode Input
SetTitleMatchMode Regex
SetBatchLines -1
SetControlDelay -1
SetWinDelay -1
Process, Priority,,High
IfWinExist, Regshot ahk_class #32770
ExitApp
;specify location where shots and reports should be stored
shotsDir:= "Z:\_Backups\Regshots"
;to record additional info (default = files on C:\ only and boot.ini content)
;set recordAdditionalInfo:= 1 and specify a folder for AHK recorded shots.
recordAdditionalInfo:= 1
ahkShotsDir:= "Z:\_Backups\AhkShots"
monitoredFiles = boot.ini,AUTOEXEC.BAT
;if specified folder does not exist, use the one from regshot.ini
If !InStr(FileExist(shotsDir),"D")
IniRead,shotsDir,regshot.ini,Setup,OutDir
;if that folder doesn't exist either, use 'My Documents'
If !InStr(FileExist(shotsDir),"D")
shotsDir:= A_MyDocuments
;for later use, retrieve rootkey format (long or short) specified in regshot.ini
;the script uses short-form, so it will make the change if necessary
IniRead,rootform,regshot.ini,Setup,UseLongRegHead
If rootform
IniWrite,0,regshot.ini,Setup,UseLongRegHead
;regshot tray icon
Menu, tray, icon, regshot.exe
InputBox, repName, Regshot Launcher, Input a name for this shot:,,,140,,,,120,zzzz
If ErrorLevel
ExitApp
;specify available names for snapshots
ss:=1
loop, 1000
{
shot1:= repName . "Shot" . ss . ".hiv", ss++, shot2:= repName . "Shot" . ss . ".hiv"
If !FileExist(shotsDir . "\" . shot1) && !FileExist(shotsDir . "\" shot2)
Break
}
If recordAdditionalInfo
{
;delete previous shots of same name
FileDelete,%ahkShotsDir%\%repName%1.ini
FileDelete,%ahkShotsDir%\%repName%2.ini
;record new shot
Gosub, RecordAhkShot
}
Run,regshot.exe,,,pid
PID = ahk_pid %pid%
WinWait,%PID%,,60
If ErrorLevel
ExitApp
;specify txt-format for report
Control,Check,,Button7,%PID%
;modify or enable the lines below to specify a default actions
;for regshot to perform if desired, e.g. take shot (not recommended)
;ControlClick, Button1, %PID%
;ControlClick, Button2, %PID%
;Send {Down}{Enter}
;WinMinimize, %PID%
SetTimer, check, 250
/*
the subroutine below checks if 'Compare' button is enabled. once it is, the
button is automatically clicked to create a report. the report is saved
with the name spacified earlier.
the 'trimReport' subroutine is then launched to do the following:
--to trim out some 'noise' (for example, windows log and dat files that
are always modified, long binary value entries with information about start
menu entries, generic entries that are modified or created by hardware changes
(e.g. remporary loss of a wireless internet connection, removal of a USB flash
drive, etc.) PLEASE CUSTOMIZE 'pattern' criteria
--to change long-form rootkey names to abbreviated format
e.g. HKEY_LOCAL_MACHINE into HKLM
--to retrieve creation times for new folders and keys that were created, and
append them to the report.
the trimmed report is then opened, regshot is closed.
*/
check:
buttstate=
IfWinExist, Save\sAs ahk_class #32770
{
SetTimer, check, Off
ControlGet, hive, List,, ComboBox3, Save\sAs ahk_class #32770
If (SubStr(hive,1,7) == "Regshot")
{
;IfWinNotActive, Save\sAs ahk_class #32770
;{
; WinActivate, Save\sAs ahk_class #32770
; WinWaitActive, Save\sAs ahk_class #32770
;}
If FileExist(shotsDir . "\" . shot1)
ControlSetText,Edit1,%shotsDir%\%shot2%,Save\sAs ahk_class #32770
Else ControlSetText,Edit1,%shotsDir%\%shot1%,Save\sAs ahk_class #32770
Sleep, 100
ControlFocus,&Save,Save\sAs ahk_class #32770
ControlSend,&Save,{Enter},Save\sAs ahk_class #32770
;wait for progress bar to appear
Sleep, 4000
loop,
{
Sleep, 1000
ControlGet,progress,Visible,,msctls_progress321,%PID%
if !progress
Break
}
Sleep, 100
SetTimer, check, On
}
Else SetTimer, check, On
buttstate=
}
Else
{
controlget,buttstate,Enabled,,c&Ompare,%PID%
If buttstate
{
;before proceeding, double- and triplecheck that regshot is ready
;to compare shots -- the c&Ompare button becomes unenabled right
;after shot2 so automating shot comparison may conflict with
;saving the shot first
IfWinExist, (Save\sAs|Open) ahk_class #32770
Return
ControlGet,progress,Visible,,msctls_progress321,%PID%
if progress
Return
SetTimer, check, Off
;compare snapshots automatically
;IfWinNotActive, %PID%
;{
; WinActivate, %PID%
; WinWaitActive, %PID%
;}
ControlSend,,o,%PID%
Sleep, 100
;i use Notepad2 as my default txt-file editor, but the following code should (untested) work with Notepad too
WinWait, .*~res\d+\.txt\s-\sNotepad2?
IfWinNotActive, .*~res\d+\.txt\s-\sNotepad2?
{
WinActivate, .*~res\d+\.txt\s-\sNotepad2?
WinWaitActive, .*~res\d+\.txt\s-\sNotepad2?
}
WinMenuSelectItem,,,File,Save As
WinWait, Save\sAs ahk_class #32770
;IfWinNotActive, Save\sAs ahk_class #32770
;{
; WinActivate, Save\sAs ahk_class #32770
; WinWaitActive, Save\sAs ahk_class #32770
;}
ControlSetText,Edit1,%shotsDir%\%repName%.txt,Save\sAs ahk_class #32770
Sleep, 100
ControlFocus,&Save,Save\sAs ahk_class #32770
ControlSend,&Save,{Enter},Save\sAs ahk_class #32770
Sleep, 100
WinClose,.*%repName%\.txt\s-\sNotepad2?
If recordAdditionalInfo
Gosub, RecordAhkShot
;check for new folders and keys and append their creation times to the report
loop,
{
If FileExist(shotsDir . "\" . repName . ".txt")
Break
Sleep, 250
If (A_Index > 40)
{
MsgBox,,Error, cannot find report
ExitApp
}
}
Gosub, trimReport
RunWait %shotsDir%\%repName%_0.txt
;WinWait,.*%repName%\.txt\s-\sNotepad2?,,10
;If !ErrorLevel
Process, Close, regshot.exe
;Else MsgBox Problem opening regshot report
ExitApp
}
}
IfWinNotExist %PID%
ExitApp
Return
trimReport:
FileRead,report,%shotsDir%\%repName%.txt
pattern = iU)((\\(Cookies\\index\.dat|desktop\.ini|ntuser\.(dat|ini)|UsrClass\.dat(\.LOG)?)|C:\\Documents\sand\sSettings\\.*\\Local\sSettings\\(History\\History\.IE5|Temp\\|Temporary\sInternet Files\\Content\.IE5)|C:\\WINDOWS\\(0\.log|Prefetch|Security\\edb\.(chk|log)|system32\\(CatRoot2\\(edb\.(chk|log)|\{[a-zA-Z\d-]+\}\\catdb)|config\\(software|system)\.LOG|wbem\\Logs\\wbemcore\.log)))|(HKCU\\(Printers\\Connections|SessionInformation|Software\\Microsoft\\Windows\\(CurrentVersion\\(Explorer\\(BitBucket|ComDlg32\\LastVisitedMRU|Discardable\\PostSetup\\ShellNew|RecentDocs|RunMRU|StartPage|StreamMRU|Streams|TrayNotify|UserAssist)|(Ext\\Stats|Internet Settings\\Connections|Shell Extensions))|(ShellNoRoam\\(BagMRU|Bags|MUICache)|Shell\\Bags)))|HKLM\\(HARDWARE\\RESOURCEMAP|SOFTWARE\\Microsoft\\(Cryptography\\RNG|EventSystem|UPnP Device Host|Windows NT\\CurrentVersion\\Prefetcher|Windows\\CurrentVersion\\Installer|WZCSVC)|SYSTEM\\(ControlSet\d+|CurrentControlSet)\\(Enum|Services\\(Dhcp\\Parameters\\\{[a-zA-Z\d-]+\}|Disk\\Enum|hpdskflt\\Enum|PartMgr\\Enum|SharedAccess\\Epoch|snapman\\Enum|Tcpip\\Parameters\\Interfaces\\\{[a-zA-Z\d-]+\}|tdrpman228\\Enum|USBSTOR\\Enum|\{[a-zA-Z\d-]+\}\\Parameters\\Tcpip)|Control\\(DeviceClasses|Session Manager)))|HKU\\(\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon|S[\d-]+\\(Printers\\Connections|SessionInformation\\ProgramCount|Software\\Microsoft\\(Windows NT\\CurrentVersion\\Winlogon|Windows\\(CurrentVersion\\(Explorer\\(Discardable\\PostSetup\\ShellNew|MenuOrder|RecentDocs|RunMRU|StartPage|StreamMRU|UserAssist)|Ext\\Stats)|ShellNoRoam\\(BagMRU|Bags|MUICache)|Shell\\Bags))))))
;following loop changes long reg root key names to short form, if necessary
Loop,Parse,report,`n,`r
{
If StrLen(A_LoopField) > 65534
Continue
If RegExMatch(A_LoopField,pattern)
Continue
reportClean.= A_LoopField . "`n"
}
report=
;check main key and folder creation times
matcher:= 1, section:= "", cTimes:= ""
Loop,Parse,reportClean,`n,`r
{
If (A_LoopField == "")
Continue
Else If (A_LoopField == "----------------------------------")
matcher*= -1
Else If (matcher == -1)
StringLeft, section, A_LoopField, % InStr(A_LoopField,":")-1
Else If (section == "Folders added")
{
Loop, %A_LoopField%, 1
created:= A_LoopFileTimeCreated
;set date and time formats as desired
FormatTime, created, %created%, M/d/yyyy hh:mm:ss tt
cTimes.= created . "`n"
}
Else If (section == "Keys added")
{
bs:= InStr(A_LoopField,"\"), root:= SubStr(A_LoopField,1,bs-1), sub:= SubStr(A_LoopField, bs+1)
bs:= InStr(sub,"\",False,0), key:= SubStr(sub, bs+1), sub:= SubStr(sub,1,bs-1)
Loop,%root%,%sub%,2
{
If (A_LoopRegName == key)
{
created:= A_LoopRegTimeModified
Break
}
}
;set date and time formats as desired
FormatTime, created, %created%, M/d/yyyy hh:mm:ss tt
cTimes.= created . "`n"
}
}
;The next two If statements are used to sort the the file and registry entries
If (cTimes != "")
{
;remove duplicates
Sort, cTimes, U
reportClean.= "----------------------------------`nFolder/key creation times:`n----------------------------------`n" . cTimes
}
;to replace the original report, enable the next 2 lines, and remove the _ from the penultimate line
;FileDelete, %shotsDir%\%repName%.txt
;Sleep, 500
FileAppend, %reportClean%,%shotsDir%\%repName%_0.txt
Return
RecordAhkShot:
If FileExist(ahkShotsDir . "\" . repName . "1.ini")
sNum:= 2
Else sNum:= 1
ahkShot:= "[MAIN]"
;ahkShot.= "`nLoopFileName=FileTimeCreated,FileTimeModified,FileAttrib"
contents=
Loop, C:\*.*, 1, 0
{
ahkShot.= "`n" A_LoopFileName "=" A_LoopFileTimeCreated "," A_LoopFileTimeModified "," A_LoopFileAttrib
If A_LoopFileName In %monitoredFiles%
{
FileRead, fileContent, %A_LoopFileFullPath%
StringReplace,fPath,A_LoopFileFullPath,:
StringReplace,fPath,fPath,\,_,All
StringReplace,fileContent,fileContent,[,{{,All
StringReplace,fileContent,fileContent,],}},All
contents.= "[" . fPath . "]`n" . fileContent . "`n"
}
}
FileAppend,%ahkShot%`n`n%contents%,%ahkShotsDir%\%repName%%sNum%.ini
Return
|
_________________
Hardware: 1.8 GHz laptop with 4 GB ram, Windows XP/SP3
Software: Prevx, Privatefirewall, KeyScrambler. |
|
| Back to top |
|
|
pajenn
Joined: 07 Feb 2009
Posts: 384
|
| Posted: Sat Aug 08, 2009 9:00 pm Post subject: |
|
|
| oldHacker wrote: | also check out RegFromApp.
| Quote: | | RegFromApp monitors the Registry changes made by the application that you selected, and creates a standard RegEdit registration file (.reg) that contains all the Registry changes made by the application. You can use the generated .reg file to import these changes with RegEdit when it's needed. |
i'm sure most will find many other usefull apps at nirSoft. |
have pretty much everything from NirSoft in one folder. Mostly I use regscanner, regfromapp and sysexporter. searchmyfiles is good too. imo, RegFromApp is best suited to capture the reg values created when you first run a newly installed program, and/or fill in the initial serial and registration info. (I used that trick to import the product licenses to applications I put on Bart XPE emergency USB flash drive so I wouldn't have to register them every time I ran Windows XPE).
_________________
Hardware: 1.8 GHz laptop with 4 GB ram, Windows XP/SP3
Software: Prevx, Privatefirewall, KeyScrambler. |
|
| Back to top |
|
|
pajenn
Joined: 07 Feb 2009
Posts: 384
|
| Posted: Sat Aug 08, 2009 9:07 pm Post subject: |
|
|
| paxophobe wrote: | pajenn,
Check out Total Uninstall..... |
I will... I've also tried several others-- InstallRite and InstallWatchPro took too long and then crashed on my computers. Ashampoo uninstaller was too slow, generally hard to customize (for example, it saved the reports in a format that only it could read)... And last but not least there Revo Uninstaller- excellent program, but uninstalls more than default Windows uninstaller, but it also misses a lot of stuff that I then clean up using my regshot reports.
_________________
Hardware: 1.8 GHz laptop with 4 GB ram, Windows XP/SP3
Software: Prevx, Privatefirewall, KeyScrambler. |
|
| Back to top |
|
|
pajenn
Joined: 07 Feb 2009
Posts: 384
|
| Posted: Sat Aug 08, 2009 9:11 pm Post subject: |
|
|
| pajenn wrote: | | I updated Acronis True Image earlier today, and used InCtrl5 to track the changes. The Acronis installer complained that InCtrl5 had locked up some files Acronis needed to update, but gave me the option to update them on reboot - the other option would have been to quit InCtrl5... That may be the only option some other programs give the user so I need to be able to save a shot and exit option (and then load it later)... If anyone knows how to do that with InCtrl, please let me know - or at least fool it to think the computer is shutting down to simulate saving snapshots... |
To answer my own question: If you run InCtrl5 without specifying a program to install, it just records a snapshot for later.
_________________
Hardware: 1.8 GHz laptop with 4 GB ram, Windows XP/SP3
Software: Prevx, Privatefirewall, KeyScrambler. |
|
| Back to top |
|
|
pajenn
Joined: 07 Feb 2009
Posts: 384
|
| Posted: Wed Aug 12, 2009 6:35 pm Post subject: |
|
|
I added several updates, but they are posted in the first post. Basic changes:
1. Added regedit support.
2. Added InCtrl5 support (InCtrl5 launcher, and a converter to regshot format).
3. Basic improvements to the treeview GUI; deleted/ignored items are removed from the tree, 'probably harmless' items are displayed in regular type (as opposed to bold), etc.
To do: Automated time stamp comparisons. That is, I want to display files and registry entries that were created at the exact same time (+/- few seconds), as one of the main program folders or keys in a different color so that the user can more easily infer whether the entry is part of the program or not.
P.S. When I started this thread, I wasn't planning to post scripts in it, but that's how it worked out. If I ever finish this project, I'll post it in the Scripts section.
_________________
Hardware: 1.8 GHz laptop with 4 GB ram, Windows XP/SP3
Software: Prevx, Privatefirewall, KeyScrambler. |
|
| Back to top |
|
|
Yook
Joined: 20 Nov 2008
Posts: 70
Location: Thionville, France
|
| Posted: Mon Mar 15, 2010 10:26 pm Post subject: |
|
|
Hi, this topic is a little old, but I would like to signal that I developed treeview coloring functions, I have seen in your first post that it could be useful for your script  |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
