IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Windows installation monitor
I have some software that lives on a server and keeps everything in an isolated directory, or so I think.
I need to be able to run multiple versions of the software on a Win2K server.
The "install" to the system is a 2 second blink of creating the icons and pointing them to the server.
Or so I think.

Is there any software that will tell me with 100% certainty that it did not touch my registry or overwrite any DLLs?
New Sledgehammer approach
Boot to a bootable non-Windows OS. Take a snapshot of the entire disk. Boot to windows, do the install. Boot back to non-Windows ... etc. Compare the images. Probably overkill, and definitely not elegant. But pretty foolproof.
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
New You are insane
But we knew that.
New No, just paranoid
If I absolutely had to know what happened during an installation, it's the only method that would satisfy me. Worms and net-based malware are getting very sophisticated about hiding themselves from the OS. Even an application you install intentionally will frequently leave traces of itself around when you try an uninstall, and the Windows community only sees this as "not well behaved."

Considering the people who are supposed to know the platform consider non-removable installations to be no worse than mis-behaving, I don't put a lot of trust in the tools they've come up with. Besides, you should only have to do the verification once. And it is a necessary step in a full-scale security audit.


So how paranoid do you want to be?
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
New Agreed.
Files are easy - just m5sum them and account for interlopers and changes - but the Registry is a Hard Problem, because it changes all the time.


Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
New Hey, MS claims to have one for free!
[link|http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/instaler-o.asp|http://www.microsoft...ng/instaler-o.asp]
New Try this.
[link|http://www.ondemandsoftware.com/freele.asp|http://www.ondemands...re.com/freele.asp]
The most exciting phrase to hear in science, the one that heralds the most discoveries, is not "Eureka!" but "That's funny..."
-Isaac Asimov
New Err, this is a packager?
I want to trace the installation of a 3rd party setup.exe.
Did I miss something here?
New Yep.
But, as a side effect of the packaging, it does a before 'n after snapshot. You can browse through the resulting MSI to see what did get changed.
The most exciting phrase to hear in science, the one that heralds the most discoveries, is not "Eureka!" but "That's funny..."
-Isaac Asimov
New Advanced Registry Trace
There is a product that I use, time to time Advanced Registry Trace. It allows you to take a snapshot of registry and has a diff utility. The down side for you would be that it does not lend itself to batch jobs. URL is [link|http://www.elcomsoft.com/|http://www.elcomsoft.com/]
Windiff from the MS Viscous Studio will tell do a directory by directory diff and tell you if binaries are different.

New That sounds easy to write
There are Perl modules giving access to the registry. Just walk it recursively and do a dump to a file. Do that before and after, then do a diff.

Once you've written it in Perl, it can be made into a batch job.

Cheers,
Ben
I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
New Here's the problem.
The Registry changes. Continuously. All kinds of state is stashed in all kinds of places in it.

Your diff would be huge, and then finding the relevant bits would be a bit of a needle and haystack affair.


Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
New Good enough for this case though?
Barry just needs to snapshot a system, install one package, snapshot again and diff.

Since the only difference is a few minutes and one install, this sounds doable.

If the diff is huge, he can always use lots of grep -v's to filter it out. Just like he's used to doing for logs.

Cheers,
Ben
I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
New Don't trust it
Have way too little experience with the issues involved.
So I'll run the program I found during several installs and see if it make sense.
I'll also see if there are any commercial programs that claim to to the same.
I'm not above paying for a utility that does it, written by someone with years of experience in the area.

Here is the issue:

We have a commercial package running as a spooling server.
We develop programs that use it over the course of a month.
It might take WEEKS to test the various programs that use it when it is upgraded.
But we might be forced to upgrade it for a particular problem, which we don't care about for the other programs using it.
This means I need multiple versions of the software running on that server, or I need multiple servers, one for each version.
I might need a DOZENS of versions active at the same time within a couple of years. If 3 people spend 2 months working on a system that requires a particular version of the software, there is NO WAY that particular application will be modified to fit a new version of the spooler. Multiply that by 1/2 dozen teams of people, adding a couple more teams every few months.
Oh, and each server costs about $12,000, plus about $5K for the software license.
New VmWare?
--


And what are we doing when the two most powerful nations on earth -- America and Israel -- stomp on the elementary rights of human beings?

-- letter to the editor from W. Ostermeier, Liechtenstein

New Too slow
VMWare overhead was about 30% when I tested it.
The spooling process is almost 100% CPU.
Typical spool job goes for 1 to 5 minutes.
I run up to 3 at the same time, and I might have hundreds in the queue.

Right now I am running on a dual opteron, but can put another 2 CPUs if I need to.
I am unwilling to sacrifice the CPU unless I REALLY have to.
New Experiment time!
I dumped the registry, waited five minutes, dumped it again.

I had to use Beyond Compare to diff the files because RegEdit produces UTF-16 files, which GNU diff deems to be "binary".

Take a look at the [link|http://homepage.ntlworld.com/peter.whysall1/regdiff.html|report].

Simply put, while I think that what Barry wants is possible, it isn't practical.


Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
New What was running while you did that?
I knew it was bad, but holee crap.
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
New Not much
the usual cack in the systray (BOINC client, AV software, etc) and iTunes (which wasn't playing). Nothing else.


Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
New Regedit itself can dump into a text file
--


And what are we doing when the two most powerful nations on earth -- America and Israel -- stomp on the elementary rights of human beings?

-- letter to the editor from W. Ostermeier, Liechtenstein

New I just did that, for curiosity's sake.
On my XP box, the resultant .reg file for the whole schmeer is 62.5MB.


Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
New Probably is
I haven't seriously written in Perl for at least 5 years so I don't know about what packages are available.
Still, he would have to write the script. Debug the script (probably nobody except you writes code that works perfectly the first time.) Test the script a lot if it is going to be used in a production run.
Or if this is infrequent use, he could spend less than a hundred bucks for a program that works rather well, and skip some days work and spend 20 minutes here and there.
I like to build custom tools. It isn't always practical, though usually fun. Whatever.
New can you peel apart the install?
s it using a standard windows wrapped install?
if so which one.
Is the install an executable? Try running strings on it.
thanx,
bill
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 48 years. meep
questions, help? [link|mailto:pappas@catholic.org|email pappas at catholic.org]
New Too hackish
I've got to set something up that has a chance of surviving me.
New Maybe contact the company's tech support?
They should be able to tell you exactly what it does, shouldn't they?

I think you're making this more difficult than it needs to be. You're paying [link|http://z.iwethey.org/forums/render/content/show?contentid=197397|$5k] for the license - they should be able to answer simple questions like this. Windows is too indeterminate to try to figure this out on your own in a reasonable amount of time.

In short: Use the source broom!

If they can't or won't tell you, then maybe it's not worth $5k.

My $0.02.

Cheers,
Scott.
New bwahahahahahaha
This bit of text used to say some REALLY harsh before I realized that the words might come back to bite me.

$5K is the tip of the iceberg. We probably gave them about $150K in the last year between desktop licenses, spooler licenses, and training.

Bottom line: Yes, they are being queried, it is on the todo list of the contact person, but I trust NO ONE, especially since today's workable answer might not match the next release. So EVERY release, we will have to test on a test box, tracking what it does, before putting on the production machine.

Note: It may be in their financial best interest to NOT allow multiples to run on the same box. Forces us to pay for licenses on another box.

New I thought so.
:-)

If you trust no one, shouldn't you be trying to get the functionality in question off of Windows?

I know you've got lots of constraints. Just some idle musings on my part.


Luck!

Cheers,
Scott.
New Refer back to here
[link|http://z.iwethey.org/forums/render/content/show?contentid=162377|http://z.iwethey.org...?contentid=162377]
New Oh. Sorry. They've got you, don't they. :-(
New Filemon might help some
[link|http://www.sysinternals.com/ntw2k/source/filemon.shtml|http://www.sysintern...rce/filemon.shtml]
New Yup, have it running
Discovered this series of utilities when I started working with this package.

But I have not delved into using it to track this setup.

I probably could.

Hmm.

I might use it as a stop-gap, but I would HATE to have to come up with a documented procedure forcing someone else to get the info that way.
     Windows installation monitor - (broomberg) - (30)
         Sledgehammer approach - (drewk) - (3)
             You are insane - (broomberg) - (2)
                 No, just paranoid - (drewk) - (1)
                     Agreed. - (pwhysall)
         Hey, MS claims to have one for free! - (broomberg)
         Try this. - (inthane-chan) - (2)
             Err, this is a packager? - (broomberg) - (1)
                 Yep. - (inthane-chan)
         Advanced Registry Trace - (hnick) - (12)
             That sounds easy to write - (ben_tilly) - (11)
                 Here's the problem. - (pwhysall) - (7)
                     Good enough for this case though? - (ben_tilly) - (6)
                         Don't trust it - (broomberg) - (2)
                             VmWare? -NT - (Arkadiy) - (1)
                                 Too slow - (broomberg)
                         Experiment time! - (pwhysall) - (2)
                             What was running while you did that? - (drewk) - (1)
                                 Not much - (pwhysall)
                 Regedit itself can dump into a text file -NT - (Arkadiy) - (1)
                     I just did that, for curiosity's sake. - (pwhysall)
                 Probably is - (hnick)
         can you peel apart the install? - (boxley) - (1)
             Too hackish - (broomberg)
         Maybe contact the company's tech support? - (Another Scott) - (4)
             bwahahahahahaha - (broomberg) - (3)
                 I thought so. - (Another Scott) - (2)
                     Refer back to here - (broomberg) - (1)
                         Oh. Sorry. They've got you, don't they. :-( -NT - (Another Scott)
         Filemon might help some - (FuManChu) - (1)
             Yup, have it running - (broomberg)

Fear my pink line.
141 ms