Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate
Photo

Anyone here use RegShot?


  • Please log in to reply
23 replies to this topic
pajenn
  • Members
  • 391 posts
  • Last active: Feb 06 2015 07:57 AM
  • Joined: 07 Feb 2009

Regshot2 is superior. It creates an html file of all changes, plus it creates registry redo and undo files with no conversion to .reg from some extra program needed.


thanks for the launcher. since my initial post about regshot2 i've come to the same conclusion. i've also used another similar program called InCtrl5. my script complies with the original regshot because I haven't had the time to convert it to either of the other two yet.

InCtrl let's you save reports in CSV format, which would be easier for AHK-editing purposes; and it can tract the contents of several important text files; boot.ini and such. however, it does not seem to have a save shot option (except by default when a restart is required)... - but not sure... I updated Acronis True Image earlier today, and used InCtrl5 to track the changes. The Acronis installer complained that InCtrl5 had locked up some files Acronis needed to update, but gave me the option to update them on reboot - the other option would have been to quit InCtrl5... That may be the only option some other programs give the user so I need to be able to save a shot and exit option (and then load it later)... If anyone knows how to do that with InCtrl, please let me know - or at least fool it to think the computer is shutting down to simulate saving snapshots...

Also, if anyone knows how to get InCtrl5 or RegShot2 only record changes to C:\ for example, but not all subfolders (unless specified), then let me know. that is, short of excluding every other folder...

Hardware: fast laptop with SSD
Software: Win 7 Home Premium 64-bit, android for phone and tablet


paxophobe
  • Members
  • 93 posts
  • Last active: Jan 22 2011 07:01 PM
  • Joined: 10 Nov 2007
pajenn,

Check out Total Uninstall.....

pajenn
  • Members
  • 391 posts
  • Last active: Feb 06 2015 07:57 AM
  • Joined: 07 Feb 2009

By the way, I also found a modified versions of RegShot. One by Paraglider, that saves the logs in .reg format, and can also be used on BartPE rescue media. The other, an unofficial unicode version of RegShot, aka RegShot2, was available on various Russian or Czech sites. The version I tried did not have the option to include files in snapshots, but the registry side appeared more advanced...


Not true... Regshot2 takes snapshots of file changes.

here is my ini file
[Settings]
Language=English
UseRemote=no
ReportFolder=d:\regshots
ReportName=whatever
ButtonsMenu=no
AutoCompare=yes
StoreOnQuit=no
Fileshot=yes

[Report]
DataLimit=128
DeletedKey=RootKeyOnly
NewKey=AllValues
SelectIgnoreKeys=no
CurrentUser=yes
UseExclude=yes

[Registry.Exclude]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography=1
HKEY_LOCAL_MACHINE\HARDWARE\RESOURCEMAP=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VFILT=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VFILT=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VFILT=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\LastTheme=1
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop=1

[Restore.Reg]
MakeUndo=yes
MakeRedo=yes
TxtExtension=no
Open=no
Regedit5=yes

[Restore.Inf]
MakeUndo=no
MakeRedo=no
TxtExtension=no
Open=no
UseVariables=yes

[Fileshot]
CRC32=no
MD5=no
SizeLimit=no
SizeMax=1024

[Folders]
C:\=1


[Folders.Exclude]

[Templates]
*.*=1
*.=1


Mine is below, although I'm not done adding to the [Registry.Exclude] list (I have the inf-file option enabled at the moment for making Bart XPE apps):

[Settings]
Language=English
UseRemote=no
ReportFolder=Z:\_Backups\Regshots2
ReportName=report
ButtonsMenu=yes
AutoCompare=yes
StoreOnQuit=yes
Fileshot=yes

[Report]
DataLimit=256
DeletedKey=RootKeyOnly
NewKey=AllValues
SelectIgnoreKeys=yes
CurrentUser=yes
UseExclude=yes

[Registry.Exclude]
HKEY_CURRENT_USER\Printers\Connections=1
HKEY_CURRENT_USER\SessionInformation=1
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon=1
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\BagMRU=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\Bags=1
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache=1
HKEY_LOCAL_MACHINE\HARDWARE\RESOURCEMAP=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DeviceClasses=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpdskflt\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PartMgr\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\snapman\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdrpman228\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\DeviceClasses=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Disk\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hpdskflt\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PartMgr\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\snapman\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdrpman228\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\USBSTOR\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\DeviceClasses=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Disk\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\hpdskflt\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PartMgr\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\snapman\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdrpman228\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\USBSTOR\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Disk\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpdskflt\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PartMgr\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\snapman\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdrpman228\Enum=1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\Enum=1
HKEY_USERS\S-1-5-19\Printers\Connections=1
HKEY_USERS\S-1-5-20\Printers\Connections=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\Shell\Bags=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\Bags=1
HKEY_USERS\S-1-5-21-1343024091-57989841-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache=1

[Restore.Reg]
MakeUndo=yes
MakeRedo=yes
TxtExtension=no
Open=no
Regedit5=yes

[Restore.Inf]
MakeUndo=yes
MakeRedo=yes
TxtExtension=no
Open=no
UseVariables=yes

[Fileshot]
CRC32=no
MD5=no
SizeLimit=no
SizeMax=1024

[Folders]
C:\=1

[Folders.Exclude]
%SYSTEMROOT%\CanoScan=1
%UserProfile%\Local Settings\Temp=1
%UserProfile%\Local Settings\Temporary Internet Files=1
C:\Documents and Settings\All Users\Application Data\Nuance=1
C:\Documents and Settings\All Users\Application Data\OnlineArmor=1
C:\Documents and Settings\All Users\Application Data\Rising=1
C:\ghostscript-8.62=1
C:\OnlineArmor=1
C:\pebuilder3110a=1
C:\Program Files\a2cmd=1
C:\Program Files\ABBYY FineReader 9.0=1
C:\Program Files\Acronis=1
C:\Program Files\Adobe=1
C:\Program Files\CyberLink=1
C:\Program Files\Java=1
C:\Program Files\MAGIX=1
C:\Program Files\MiKTeX 2.7=1
C:\Program Files\Nuance=1
C:\Program Files\REG tools=1
C:\Program Files\Rising=1
C:\Program Files\Tall Emu=1
C:\Program Files\VMware=1
C:\Program Files\WinEdt Team=1
C:\Program Files\Wolfram Research=1
C:\Python25=1
C:\Python26=1
C:\RavBin=1
C:\RETURNIL=1
C:\Sandbox=1
C:\swp55=1
C:\temp=1
C:\WINDOWS\Prefetch=1

[Templates]
*.*=1
*.=0

regshot2Launcher.ahk

#NoEnv
#SingleInstance 	Ignore
#Persistent
SetWorkingDir 		% A_ScriptDir
SendMode 			Input
SetTitleMatchMode 	Regex
SetBatchLines		-1
SetControlDelay 	-1
SetWinDelay 		-1

shots = d:\regshots
Menu, tray, icon, regshot.exe

IfWinExist Regshot ahk_class #32770
	ExitApp

Else
{
	Run Regshot.exe,,, PID

	PID = ahk_pid %pid%

	Loop
	IfWinExist %pid%
		break
	
}



InputBox, i, Regshot, Input a name for this shot:,,, 120
if ErrorLevel
{
	winkill %pid%
	Exitapp
}

ControlSetText Edit2, %i%, %pid%
ControlClick Button1, %pid%
settimer check, 10

check:
	WinGet state, MinMax, %PID%
	If State = -1
	{
		process, close, regshot.exe
		run %shots%
		Exitapp
	}	

	IfWinNotExist %pid%
		ExitApp
return

Regshot2 is superior. It creates an html file of all changes, plus it creates registry redo and undo files with no conversion to .reg from some extra program needed.


Your launcher inspired me to write my own launcher for the old regshot. It does the following:
-saves and names the shots and report automatically based an the Input-window prompt
-launches comparison automatically
-runs supplemental scans using AHK: at the moment, I've set it to scan C:\*.* without going into subdirs (moot if you use regshot to scan all of C:\), and to monitor boot.ini and autoexec.bat for content changes (still need to figure out how to compare the supplemental shots and how to add them the the regshot report).
-cleans some initial noise (i wanted to test the use of regex)
-checks creation times for new keys and folders, and appends that information into the original regshot report.

here's the code, though once again while I'm actively using the script, I'm also still polishing it as I notice problems or decide to expand the noise cleaning criteria:

/*
THIS SCRIPT HAS TO RESIDE IN THE SAME FOLDER AS REGSHOT.EXE
IN ORDER FOR THE SETTINGS IN REGSHOT.INI TO TAKE EFFECT

written on AutoHotkey v1.0.48.03 and tested only on Windows XP/SP3

Note: Since the user may wish to load or save snapshots prior to
creating a comparison report, all 'Save As' and 'Open' windows (of the
ahk_class #32770 variety) will have to be closed before the comparison
button click will be automated.
*/

#NoEnv
#SingleInstance force
#Persistent
SetWorkingDir % A_ScriptDir
SendMode Input
SetTitleMatchMode Regex
SetBatchLines -1
SetControlDelay -1
SetWinDelay -1
Process, Priority,,High

IfWinExist, Regshot ahk_class #32770
   ExitApp

;specify location where shots and reports should be stored
shotsDir:= "Z:\_Backups\Regshots"

;to record additional info (default = files on C:\ only and boot.ini content)
;set recordAdditionalInfo:= 1 and specify a folder for AHK recorded shots.
recordAdditionalInfo:= 1
ahkShotsDir:= "Z:\_Backups\AhkShots"
monitoredFiles = boot.ini,AUTOEXEC.BAT

;if specified folder does not exist, use the one from regshot.ini
If !InStr(FileExist(shotsDir),"D")
   IniRead,shotsDir,regshot.ini,Setup,OutDir
;if that folder doesn't exist either, use 'My Documents'
If !InStr(FileExist(shotsDir),"D")
   shotsDir:= A_MyDocuments

;for later use, retrieve rootkey format (long or short) specified in regshot.ini
;the script uses short-form, so it will make the change if necessary
IniRead,rootform,regshot.ini,Setup,UseLongRegHead
If rootform
   IniWrite,0,regshot.ini,Setup,UseLongRegHead

;regshot tray icon
Menu, tray, icon, regshot.exe
   
InputBox, repName, Regshot Launcher, Input a name for this shot:,,,140,,,,120,zzzz
If ErrorLevel
   ExitApp

;specify available names for snapshots
ss:=1
loop, 1000
{
   shot1:= repName . "Shot" . ss . ".hiv", ss++, shot2:= repName . "Shot" . ss . ".hiv"
   If !FileExist(shotsDir . "" . shot1) && !FileExist(shotsDir . "" shot2)
      Break
}

If recordAdditionalInfo
{
   ;delete previous shots of same name
   FileDelete,%ahkShotsDir%\%repName%1.ini
   FileDelete,%ahkShotsDir%\%repName%2.ini
   ;record new shot
   Gosub, RecordAhkShot
}

Run,regshot.exe,,,pid
PID = ahk_pid %pid%
WinWait,%PID%,,60
If ErrorLevel
   ExitApp
;specify txt-format for report
Control,Check,,Button7,%PID%

;modify or enable the lines below to specify a default actions 
;for regshot to perform if desired, e.g. take shot (not recommended)
;ControlClick, Button1, %PID%
;ControlClick, Button2, %PID%
;Send {Down}{Enter}
;WinMinimize, %PID%

SetTimer, check, 250

/*
the subroutine below checks if 'Compare' button is enabled. once it is, the 
button is automatically clicked to create a report. the report is saved 
with the name spacified earlier.

the 'trimReport' subroutine is then launched to do the following:
--to trim out some 'noise' (for example, windows log and dat files that 
are always modified, long binary value entries with information about start 
menu entries, generic entries that are modified or created by hardware changes
(e.g. remporary loss of a wireless internet connection, removal of a USB flash 
drive, etc.) PLEASE CUSTOMIZE 'pattern' criteria
--to change long-form rootkey names to abbreviated format 
e.g. HKEY_LOCAL_MACHINE into HKLM
--to retrieve creation times for new folders and keys that were created, and
append them to the report.

the trimmed report is then opened, regshot is closed.
*/

check:
   buttstate=
   IfWinExist, Save\sAs ahk_class #32770
   {
      SetTimer, check, Off
      ControlGet, hive, List,, ComboBox3, Save\sAs ahk_class #32770
      If (SubStr(hive,1,7) == "Regshot")
      {
         ;IfWinNotActive, Save\sAs ahk_class #32770
         ;{
         ;   WinActivate, Save\sAs ahk_class #32770
         ;   WinWaitActive, Save\sAs ahk_class #32770
         ;}
         If FileExist(shotsDir . "" . shot1)
            ControlSetText,Edit1,%shotsDir%\%shot2%,Save\sAs ahk_class #32770
         Else ControlSetText,Edit1,%shotsDir%\%shot1%,Save\sAs ahk_class #32770
         Sleep, 100
         ControlFocus,&Save,Save\sAs ahk_class #32770
         ControlSend,&Save,{Enter},Save\sAs ahk_class #32770
         
         ;wait for progress bar to appear
         Sleep, 4000
         loop,
         {
            Sleep, 1000
            ControlGet,progress,Visible,,msctls_progress321,%PID%
            if !progress
               Break
         }
         Sleep, 100
         SetTimer, check, On
      }
      Else SetTimer, check, On
      buttstate=
   }
   Else
   {
      controlget,buttstate,Enabled,,c&Ompare,%PID%
      If buttstate
      {
         ;before proceeding, double- and triplecheck that regshot is ready
         ;to compare shots -- the c&Ompare button becomes unenabled right
         ;after shot2 so automating shot comparison may conflict with
         ;saving the shot first
         IfWinExist, (Save\sAs|Open) ahk_class #32770
            Return
         ControlGet,progress,Visible,,msctls_progress321,%PID%
         if progress
            Return
         SetTimer, check, Off
         ;compare snapshots automatically
         ;IfWinNotActive, %PID%
         ;{
         ;   WinActivate, %PID%
         ;   WinWaitActive, %PID%
         ;} 
         ControlSend,,o,%PID%
         Sleep, 100
         ;i use Notepad2 as my default txt-file editor, but the following code should (untested) work with Notepad too
         WinWait, .*~res\d+\.txt\s-\sNotepad2?
         IfWinNotActive, .*~res\d+\.txt\s-\sNotepad2?
         {
            WinActivate, .*~res\d+\.txt\s-\sNotepad2?
            WinWaitActive, .*~res\d+\.txt\s-\sNotepad2?
         }
         
         WinMenuSelectItem,,,File,Save As
         WinWait, Save\sAs ahk_class #32770
         ;IfWinNotActive, Save\sAs ahk_class #32770
         ;{
         ;   WinActivate, Save\sAs ahk_class #32770
         ;   WinWaitActive, Save\sAs ahk_class #32770
         ;}
         
         ControlSetText,Edit1,%shotsDir%\%repName%.txt,Save\sAs ahk_class #32770
         Sleep, 100
         ControlFocus,&Save,Save\sAs ahk_class #32770
         ControlSend,&Save,{Enter},Save\sAs ahk_class #32770
         
         Sleep, 100
         WinClose,.*%repName%\.txt\s-\sNotepad2?
         
         If recordAdditionalInfo
            Gosub, RecordAhkShot         
         
         ;check for new folders and keys and append their creation times to the report
         loop,
         {
            If FileExist(shotsDir . "" . repName . ".txt")
               Break
            Sleep, 250
            If (A_Index > 40)
            {
               MsgBox,,Error, cannot find report
               ExitApp
            }
         }
         Gosub, trimReport
         
         RunWait %shotsDir%\%repName%_0.txt
         ;WinWait,.*%repName%\.txt\s-\sNotepad2?,,10
         ;If !ErrorLevel
         Process, Close, regshot.exe
         ;Else MsgBox Problem opening regshot report
         ExitApp
      }
   }
   IfWinNotExist %PID%
      ExitApp
Return

trimReport:
   FileRead,report,%shotsDir%\%repName%.txt
   
   pattern = iU)((\\(Cookies\\index\.dat|desktop\.ini|ntuser\.(dat|ini)|UsrClass\.dat(\.LOG)?)|C:\\Documents\sand\sSettings\\.*\\Local\sSettings\\(History\\History\.IE5|Temp\\|Temporary\sInternet Files\\Content\.IE5)|C:\\WINDOWS\\(0\.log|Prefetch|Security\\edb\.(chk|log)|system32\\(CatRoot2\\(edb\.(chk|log)|\{[a-zA-Z\d-]+\}\\catdb)|config\\(software|system)\.LOG|wbem\\Logs\\wbemcore\.log)))|(HKCU\\(Printers\\Connections|SessionInformation|Software\\Microsoft\\Windows\\(CurrentVersion\\(Explorer\\(BitBucket|ComDlg32\\LastVisitedMRU|Discardable\\PostSetup\\ShellNew|RecentDocs|RunMRU|StartPage|StreamMRU|Streams|TrayNotify|UserAssist)|(Ext\\Stats|Internet Settings\\Connections|Shell Extensions))|(ShellNoRoam\\(BagMRU|Bags|MUICache)|Shell\\Bags)))|HKLM\\(HARDWARE\\RESOURCEMAP|SOFTWARE\\Microsoft\\(Cryptography\\RNG|EventSystem|UPnP Device Host|Windows NT\\CurrentVersion\\Prefetcher|Windows\\CurrentVersion\\Installer|WZCSVC)|SYSTEM\\(ControlSet\d+|CurrentControlSet)\\(Enum|Services\\(Dhcp\\Parameters\\\{[a-zA-Z\d-]+\}|Disk\\Enum|hpdskflt\\Enum|PartMgr\\Enum|SharedAccess\\Epoch|snapman\\Enum|Tcpip\\Parameters\\Interfaces\\\{[a-zA-Z\d-]+\}|tdrpman228\\Enum|USBSTOR\\Enum|\{[a-zA-Z\d-]+\}\\Parameters\\Tcpip)|Control\\(DeviceClasses|Session Manager)))|HKU\\(\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon|S[\d-]+\\(Printers\\Connections|SessionInformation\\ProgramCount|Software\\Microsoft\\(Windows NT\\CurrentVersion\\Winlogon|Windows\\(CurrentVersion\\(Explorer\\(Discardable\\PostSetup\\ShellNew|MenuOrder|RecentDocs|RunMRU|StartPage|StreamMRU|UserAssist)|Ext\\Stats)|ShellNoRoam\\(BagMRU|Bags|MUICache)|Shell\\Bags))))))

   ;following loop changes long reg root key names to short form, if necessary
   Loop,Parse,report,`n,`r
   {
      If StrLen(A_LoopField) > 65534
         Continue  
      If RegExMatch(A_LoopField,pattern)
         Continue
      reportClean.= A_LoopField . "`n"
   }
   report=

   ;check main key and folder creation times
   matcher:= 1, section:= "", cTimes:= ""

   Loop,Parse,reportClean,`n,`r
   {
      If (A_LoopField == "")
         Continue
      Else If (A_LoopField == "----------------------------------")
         matcher*= -1
      Else If (matcher == -1)
         StringLeft, section, A_LoopField, % InStr(A_LoopField,":")-1
      Else If (section == "Folders added")
      {
         Loop, %A_LoopField%, 1
            created:= A_LoopFileTimeCreated
         ;set date and time formats as desired
         FormatTime, created, %created%, M/d/yyyy hh:mm:ss tt
         cTimes.= created . "`n"
      }
      Else If (section == "Keys added")
      {
         bs:= InStr(A_LoopField,""), root:= SubStr(A_LoopField,1,bs-1), sub:= SubStr(A_LoopField, bs+1)
         bs:= InStr(sub,"",False,0), key:= SubStr(sub, bs+1), sub:= SubStr(sub,1,bs-1)
           
         Loop,%root%,%sub%,2
         {
            If (A_LoopRegName == key)
            {
               created:= A_LoopRegTimeModified
               Break
            }
         }
         ;set date and time formats as desired
         FormatTime, created, %created%, M/d/yyyy hh:mm:ss tt
         cTimes.= created . "`n"
      }
   }
   ;The next two If statements are used to sort the the file and registry entries
   If (cTimes != "")
   {
      ;remove duplicates
      Sort, cTimes, U
      reportClean.= "----------------------------------`nFolder/key creation times:`n----------------------------------`n" . cTimes
   }
   ;to replace the original report, enable the next 2 lines, and remove the _ from the penultimate line
   ;FileDelete, %shotsDir%\%repName%.txt
   ;Sleep, 500
   FileAppend, %reportClean%,%shotsDir%\%repName%_0.txt
Return

RecordAhkShot:
   If FileExist(ahkShotsDir . "" . repName . "1.ini")
      sNum:= 2
   Else sNum:= 1
   
   ahkShot:= "[MAIN]"
   ;ahkShot.= "`nLoopFileName=FileTimeCreated,FileTimeModified,FileAttrib"
   contents=

   Loop, C:\*.*, 1, 0
   {
      ahkShot.= "`n" A_LoopFileName "=" A_LoopFileTimeCreated "," A_LoopFileTimeModified "," A_LoopFileAttrib
      
      If A_LoopFileName In %monitoredFiles%
      {
         FileRead, fileContent, %A_LoopFileFullPath%
         StringReplace,fPath,A_LoopFileFullPath,:
         StringReplace,fPath,fPath,\,_,All
         StringReplace,fileContent,fileContent,[,{{,All
         StringReplace,fileContent,fileContent,],}},All         
         contents.= "[" . fPath . "]`n" . fileContent . "`n"
      }
   }
   FileAppend,%ahkShot%`n`n%contents%,%ahkShotsDir%\%repName%%sNum%.ini
Return

Hardware: fast laptop with SSD
Software: Win 7 Home Premium 64-bit, android for phone and tablet


pajenn
  • Members
  • 391 posts
  • Last active: Feb 06 2015 07:57 AM
  • Joined: 07 Feb 2009

also check out RegFromApp.

RegFromApp monitors the Registry changes made by the application that you selected, and creates a standard RegEdit registration file (.reg) that contains all the Registry changes made by the application. You can use the generated .reg file to import these changes with RegEdit when it's needed.


i'm sure most will find many other usefull apps at nirSoft.


have pretty much everything from NirSoft in one folder. Mostly I use regscanner, regfromapp and sysexporter. searchmyfiles is good too. imo, RegFromApp is best suited to capture the reg values created when you first run a newly installed program, and/or fill in the initial serial and registration info. (I used that trick to import the product licenses to applications I put on Bart XPE emergency USB flash drive so I wouldn't have to register them every time I ran Windows XPE).

Hardware: fast laptop with SSD
Software: Win 7 Home Premium 64-bit, android for phone and tablet


pajenn
  • Members
  • 391 posts
  • Last active: Feb 06 2015 07:57 AM
  • Joined: 07 Feb 2009

pajenn,

Check out Total Uninstall.....


I will... I've also tried several others-- InstallRite and InstallWatchPro took too long and then crashed on my computers. Ashampoo uninstaller was too slow, generally hard to customize (for example, it saved the reports in a format that only it could read)... And last but not least there Revo Uninstaller- excellent program, but uninstalls more than default Windows uninstaller, but it also misses a lot of stuff that I then clean up using my regshot reports.

Hardware: fast laptop with SSD
Software: Win 7 Home Premium 64-bit, android for phone and tablet


pajenn
  • Members
  • 391 posts
  • Last active: Feb 06 2015 07:57 AM
  • Joined: 07 Feb 2009

I updated Acronis True Image earlier today, and used InCtrl5 to track the changes. The Acronis installer complained that InCtrl5 had locked up some files Acronis needed to update, but gave me the option to update them on reboot - the other option would have been to quit InCtrl5... That may be the only option some other programs give the user so I need to be able to save a shot and exit option (and then load it later)... If anyone knows how to do that with InCtrl, please let me know - or at least fool it to think the computer is shutting down to simulate saving snapshots...


To answer my own question: If you run InCtrl5 without specifying a program to install, it just records a snapshot for later.

Hardware: fast laptop with SSD
Software: Win 7 Home Premium 64-bit, android for phone and tablet


pajenn
  • Members
  • 391 posts
  • Last active: Feb 06 2015 07:57 AM
  • Joined: 07 Feb 2009
I added several updates, but they are posted in the first post. Basic changes:

1. Added regedit support.
2. Added InCtrl5 support (InCtrl5 launcher, and a converter to regshot format).
3. Basic improvements to the treeview GUI; deleted/ignored items are removed from the tree, 'probably harmless' items are displayed in regular type (as opposed to bold), etc.

To do: Automated time stamp comparisons. That is, I want to display files and registry entries that were created at the exact same time (+/- few seconds), as one of the main program folders or keys in a different color so that the user can more easily infer whether the entry is part of the program or not.

P.S. When I started this thread, I wasn't planning to post scripts in it, but that's how it worked out. If I ever finish this project, I'll post it in the Scripts section.

Hardware: fast laptop with SSD
Software: Win 7 Home Premium 64-bit, android for phone and tablet


Yook
  • Members
  • 76 posts
  • Last active: Sep 23 2011 01:49 PM
  • Joined: 20 Nov 2008
Hi, this topic is a little old, but I would like to signal that I developed treeview coloring functions, I have seen in your first post that it could be useful for your script :)

noart45
  • Members
  • 1 posts
  • Last active: Dec 25 2013 01:43 AM
  • Joined: 24 Dec 2013

A snapshot of a the registry is ~40MB for my laptop (.hiv-file). The idea is to use RegShot to record a shot before and after an installation, then compare the two, and produce a small log file of the differences. I realize AHK can do that too, but you'd probably have to be serious programmer to do it efficiently. I'm only an enthusiast, so I'd rather stick with RegShot, and use AHK to analyze its output.

 

hello all,

 

I have produced the 'small log file of the differences' using Regshot. I now have the prior version of the software installed and would like to apply the added keys and modified values but it's all hex and stored in text file. how does one apply these changes to registry?

 

my problem is i don't even know how to apply the registry additions/modifications even if i go one by one (there were 28 total).

 

one key that was added was in HKEY_USERS\S-blah-blah-numbers-blah\software. i've been beating my head against the wall trying to merge just this first key and it wont because it says "Cannot import *.reg file: error accessing the registry. there is no similar directory in the registry so i'm guessing that's why it won't create it?!

 

any help is very appreciated.

 

thanks.