IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Windows vX.X Forum / Advanced Registry Trace
Post #197,351
by hnick
3/6/05 7:51:55 AM
Reply
New Advanced Registry Trace
There is a product that I use, time to time Advanced Registry Trace. It allows you to take a snapshot of registry and has a diff utility. The down side for you would be that it does not lend itself to batch jobs. URL is [link|http://www.elcomsoft.com/|http://www.elcomsoft.com/]
Windiff from the MS Viscous Studio will tell do a directory by directory diff and tell you if binaries are different.
Post #197,381
by ben_tilly
3/6/05 2:42:03 PM
Reply
New That sounds easy to write
There are Perl modules giving access to the registry. Just walk it recursively and do a dump to a file. Do that before and after, then do a diff.

Once you've written it in Perl, it can be made into a batch job.

Cheers,
Ben
I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
Post #197,390
by pwhysall
Picture of pwhysall
3/6/05 2:58:32 PM
Reply
New Here's the problem.
The Registry changes. Continuously. All kinds of state is stashed in all kinds of places in it.

Your diff would be huge, and then finding the relevant bits would be a bit of a needle and haystack affair.

Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
Post #197,392
by ben_tilly
3/6/05 3:00:54 PM
Reply
New Good enough for this case though?
Barry just needs to snapshot a system, install one package, snapshot again and diff.

Since the only difference is a few minutes and one install, this sounds doable.

If the diff is huge, he can always use lots of grep -v's to filter it out. Just like he's used to doing for logs.

Cheers,
Ben
I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)
Post #197,397
by broomberg
3/6/05 3:33:01 PM
Reply
New Don't trust it
Have way too little experience with the issues involved.
So I'll run the program I found during several installs and see if it make sense.
I'll also see if there are any commercial programs that claim to to the same.
I'm not above paying for a utility that does it, written by someone with years of experience in the area.

Here is the issue:

We have a commercial package running as a spooling server.
We develop programs that use it over the course of a month.
It might take WEEKS to test the various programs that use it when it is upgraded.
But we might be forced to upgrade it for a particular problem, which we don't care about for the other programs using it.
This means I need multiple versions of the software running on that server, or I need multiple servers, one for each version.
I might need a DOZENS of versions active at the same time within a couple of years. If 3 people spend 2 months working on a system that requires a particular version of the software, there is NO WAY that particular application will be modified to fit a new version of the spooler. Multiply that by 1/2 dozen teams of people, adding a couple more teams every few months.
Oh, and each server costs about $12,000, plus about $5K for the software license.
Post #197,400
by Arkadiy
Picture of Arkadiy
3/6/05 4:04:44 PM
Reply
New VmWare?
--


And what are we doing when the two most powerful nations on earth -- America and Israel -- stomp on the elementary rights of human beings?

-- letter to the editor from W. Ostermeier, Liechtenstein
Post #197,402
by broomberg
3/6/05 4:35:22 PM
Reply
New Too slow
VMWare overhead was about 30% when I tested it.
The spooling process is almost 100% CPU.
Typical spool job goes for 1 to 5 minutes.
I run up to 3 at the same time, and I might have hundreds in the queue.

Right now I am running on a dual opteron, but can put another 2 CPUs if I need to.
I am unwilling to sacrifice the CPU unless I REALLY have to.
Post #197,398
by pwhysall
Picture of pwhysall
3/6/05 3:34:08 PM
Reply
New Experiment time!
I dumped the registry, waited five minutes, dumped it again.

I had to use Beyond Compare to diff the files because RegEdit produces UTF-16 files, which GNU diff deems to be "binary".

Take a look at the [link|http://homepage.ntlworld.com/peter.whysall1/regdiff.html|report].

Simply put, while I think that what Barry wants is possible, it isn't practical.

Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
Post #197,414
by drewk
Picture of drewk
3/6/05 8:22:03 PM
Reply
New What was running while you did that?
I knew it was bad, but holee crap.
===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
Post #197,432
by pwhysall
Picture of pwhysall
3/7/05 1:34:03 AM
Reply
New Not much
the usual cack in the systray (BOINC client, AV software, etc) and iTunes (which wasn't playing). Nothing else.

Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
Post #197,391
by Arkadiy
Picture of Arkadiy
3/6/05 2:59:07 PM
Reply
New Regedit itself can dump into a text file
--


And what are we doing when the two most powerful nations on earth -- America and Israel -- stomp on the elementary rights of human beings?

-- letter to the editor from W. Ostermeier, Liechtenstein
Post #197,393
by pwhysall
Picture of pwhysall
3/6/05 3:02:34 PM
Reply
New I just did that, for curiosity's sake.
On my XP box, the resultant .reg file for the whole schmeer is 62.5MB.

Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
Post #197,396
by hnick
3/6/05 3:32:54 PM
Reply
New Probably is
I haven't seriously written in Perl for at least 5 years so I don't know about what packages are available.
Still, he would have to write the script. Debug the script (probably nobody except you writes code that works perfectly the first time.) Test the script a lot if it is going to be used in a production run.
Or if this is infrequent use, he could spend less than a hundred bucks for a program that works rather well, and skip some days work and spend 20 minutes here and there.
I like to build custom tools. It isn't always practical, though usually fun. Whatever.
     Windows installation monitor - (broomberg) - (30) - March 5, 2005, 05:59:16 PM EST
         Sledgehammer approach - (drewk) - (3) - March 5, 2005, 07:00:40 PM EST
             You are insane - (broomberg) - (2) - March 5, 2005, 08:05:13 PM EST
                 No, just paranoid - (drewk) - (1) - March 5, 2005, 08:24:06 PM EST
                     Agreed. - (pwhysall) - March 6, 2005, 04:07:49 AM EST
         Hey, MS claims to have one for free! - (broomberg) - March 5, 2005, 08:07:50 PM EST
         Try this. - (inthane-chan) - (2) - March 6, 2005, 12:05:52 AM EST
             Err, this is a packager? - (broomberg) - (1) - March 6, 2005, 11:45:46 AM EST
                 Yep. - (inthane-chan) - March 7, 2005, 03:07:49 PM EST
         Advanced Registry Trace - (hnick) - (12) - March 6, 2005, 07:51:55 AM EST
             That sounds easy to write - (ben_tilly) - (11) - March 6, 2005, 02:42:03 PM EST
                 Here's the problem. - (pwhysall) - (7) - March 6, 2005, 02:58:32 PM EST
                     Good enough for this case though? - (ben_tilly) - (6) - March 6, 2005, 03:00:54 PM EST
                         Don't trust it - (broomberg) - (2) - March 6, 2005, 03:33:01 PM EST
                             VmWare? -NT - (Arkadiy) - (1) - March 6, 2005, 04:04:44 PM EST
                                 Too slow - (broomberg) - March 6, 2005, 04:35:22 PM EST
                         Experiment time! - (pwhysall) - (2) - March 6, 2005, 03:34:08 PM EST
                             What was running while you did that? - (drewk) - (1) - March 6, 2005, 08:22:03 PM EST
                                 Not much - (pwhysall) - March 7, 2005, 01:34:03 AM EST
                 Regedit itself can dump into a text file -NT - (Arkadiy) - (1) - March 6, 2005, 02:59:07 PM EST
                     I just did that, for curiosity's sake. - (pwhysall) - March 6, 2005, 03:02:34 PM EST
                 Probably is - (hnick) - March 6, 2005, 03:32:54 PM EST
         can you peel apart the install? - (boxley) - (1) - March 6, 2005, 05:22:20 PM EST
             Too hackish - (broomberg) - March 6, 2005, 06:05:58 PM EST
         Maybe contact the company's tech support? - (Another Scott) - (4) - March 6, 2005, 06:15:43 PM EST
             bwahahahahahaha - (broomberg) - (3) - March 6, 2005, 06:55:25 PM EST
                 I thought so. - (Another Scott) - (2) - March 6, 2005, 07:02:38 PM EST
                     Refer back to here - (broomberg) - (1) - March 6, 2005, 07:53:46 PM EST
                         Oh. Sorry. They've got you, don't they. :-( -NT - (Another Scott) - March 6, 2005, 08:25:27 PM EST
         Filemon might help some - (FuManChu) - (1) - March 6, 2005, 07:10:39 PM EST
             Yup, have it running - (broomberg) - March 6, 2005, 07:40:09 PM EST

What a feat!
127 ms