RE: [Full-Disclosure] Windows Registry Analzyer
Regsnap does the pre and post scan http://lastbit.com/regsnap/default.asp regards -Original Message- From: Cassidy Macfarlane [mailto:[EMAIL PROTECTED] Sent: 03 March 2005 16:14 To: Danny Cc: [email protected] Subject: RE: [Full-Disclosure] Windows Registry Analzyer You can, of course, use regmon (sysinternals.com) to monitor the registry 'live' while changes are being made, however it sounds like you want a product that would analyse the reg, then re-analyse after installation, and report on changes. This would indeed be a handy tool. Anyone know of anything better than regmon for this purpose? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Danny Sent: 03 March 2005 15:36 To: Full-Disclosure (E-mail) Subject: [Full-Disclosure] Windows Registry Analzyer Anyone know of any free tools to analyze what changes have been made to a Windows 2000/XP registry? Thanks, ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Any statements made, or intentions expressed in this communication may not necessarily reflect the views of iRevolution and no content herein may be binding unless confirmed by the issuance of a formal contractual document or purchase order. Please note that iRevolution is able to, and reserves the right to, monitor e-mail communications. Please remember when communicating with us that email communication is not 100% secure. iRevolution scans incoming and outgoing emails for harmful viruses but we recommend that the recipient ensures that they are actually virus-free. ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Windows Registry Analzyer
InstallWatch/InstallRite is a nice tool. Basically, you do a system snapshot, and then analyze. Registry modifications/additions/deletions between the snapshot and analysis will be detected by the program. It can be found here http://www.epsilonsquared.com/ It can also monitor added/modified/deleted files as well as changes done to INI files. and its freeware. regards, On Fri, 4 Mar 2005 09:20:13 +0530, Aditya Deshmukh <[EMAIL PROTECTED]> wrote: > >You can, of course, use regmon (sysinternals.com) to monitor the > >registry 'live' while changes are being made, however it > >sounds like you > >want a product that would analyse the reg, then re-analyse after > >installation, and report on changes. > > > > I don't know if a free tool like this exist but norton cleanup and other > tools like this do this job very nicely - aditya > > > > Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Windows Registry Analzyer
>You can, of course, use regmon (sysinternals.com) to monitor the >registry 'live' while changes are being made, however it >sounds like you >want a product that would analyse the reg, then re-analyse after >installation, and report on changes. > I don't know if a free tool like this exist but norton cleanup and other tools like this do this job very nicely - aditya Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Windows Registry Analzyer
> >Anyone know of any free tools to analyze what changes have been made >to a Windows 2000/XP registry? Regmon - www.sysinternals.com best and free Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Windows Registry Analzyer
Use RegMon for real-time Reg watching and try this product for Snapshot compares. I haven't used it but it looks to be fun and there is a write-up in PCWorld about it. --- Readme file of Regshot 1.61 2002/03/30 --- Please view whatsnew.txt for update info! - Package includes: - regshot.exe,language.ini,readme.txt,whatsnew.txt - Introduction: - RegShot is a small registry compare utility that allows you to quickly take a snapshot of your registry and then compare it with a second one - done after doing system changes or installing a new software product. The changes report can be produced in text or HTML format and contains a list of all modifications that have taken place between snapshot1 and snapshot2.In addition, you can also specify folders (with sub filders) to be scanned for changes as well.In version 1.60+ you can save your whole registry in a *.hiv file for future use. Note: Regshot is a FREEWARE! http://regshot.yeah.net/ PCWorld Page - http://www.pcworld.com/downloads/file_description/0,fid,19540,00.asp -Todd > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Frank Knobbe > Sent: Thursday, March 03, 2005 11:54 AM > To: Danny > Cc: Full-Disclosure (E-mail) > Subject: Re: [Full-Disclosure] Windows Registry Analzyer > > On Thu, 2005-03-03 at 10:35 -0500, Danny wrote: > > Anyone know of any free tools to analyze what changes have > been made > > to a Windows 2000/XP registry? > > There used to be a company/product called Intact, which > provided change monitoring of Registry settings as part of > its HIDS offerings. I'm not sure if they are still around or > got bought. Unfortunately it's not a free tool though. > > Regards, > Frank > > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Windows Registry Analzyer
regsnap http://lastbit.com/regsnap Ken Danny wrote: Anyone know of any free tools to analyze what changes have been made to a Windows 2000/XP registry? Thanks, ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Windows Registry Analzyer
On Thu, 2005-03-03 at 10:35 -0500, Danny wrote: > Anyone know of any free tools to analyze what changes have been made > to a Windows 2000/XP registry? There used to be a company/product called Intact, which provided change monitoring of Registry settings as part of its HIDS offerings. I'm not sure if they are still around or got bought. Unfortunately it's not a free tool though. Regards, Frank signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Windows Registry Analzyer
Perhaps this is just the Unix user in me, but I ask: How about just making a copy of the registry on boot (or at intervals) and compare it to the last copy? Note that the following example is untested, but should be mostly accurate. Under Windows 2003 and XP you could do: deltree C:\REG_BACKUP\last rename C:\REG_BACKUP\latest C:\REG_BACKUP\last reg export HKLM\SOFTWARE C:\REG_BACKUP\latest\HKLM_SOFTWARE /y reg export HKLM\SAM C:\REG_BACKUP\latest\HKLM_SAM /y reg export HKLM\HARDWARE C:\REG_BACKUP\latest\HKLM_HARDWARE /y rem ... etc, for each key and HKEY type. rem Example with Windiff which comes with the Windows SDK. rem Windiff will wish to display to the screen. rem Try other diff utilities like the GNU diff rem which you can install from the Cygwin distributon rem if you wish to have it sent via email. windiff C:\REG_BACKUP\latest C:\REG_BACKUP\last rem Gnu diff/sendmail example: rem c:\cygwin\usr\bin\diff.exe -u -r C:\REG_BACKUP\latest C:\REG_BACKUP \last | c:\cygwin\usr\bin\sendmail.exe -t "Registry changes" [EMAIL PROTECTED] -- Windows98 has the scanreg utility, but I'm not sure how it works. As far as I know, by default it saves to c:\\sysbckup, but it only seems to throw .dll files there, the registry isn't saved in plain-text. -- I'm not sure how, if at all, to do this under Windows NT4 and Windows 2000. -- Once you have these .reg files, you can do all kinds of things with them. Compare the registries of various machines which should have an identical configuration to help detect worms. Create a web-based registry editor. Have them automatically printed, faxed, emailed, telephoned (text->speech), etc. Good luck. -- Eric Windisch <[EMAIL PROTECTED]> ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Windows Registry Analzyer
Another possibility for static analysis would be to use Regedit to export the registry to a text file before and after and then use WinDiff or ExamDiff or some other file comparison utility to find the changes for you. Laters, Dave King http://www.thesecure.net Cassidy Macfarlane wrote: You can, of course, use regmon (sysinternals.com) to monitor the registry 'live' while changes are being made, however it sounds like you want a product that would analyse the reg, then re-analyse after installation, and report on changes. This would indeed be a handy tool. Anyone know of anything better than regmon for this purpose? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Danny Sent: 03 March 2005 15:36 To: Full-Disclosure (E-mail) Subject: [Full-Disclosure] Windows Registry Analzyer Anyone know of any free tools to analyze what changes have been made to a Windows 2000/XP registry? Thanks, ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Windows Registry Analzyer
On Thu, 3 Mar 2005 16:14:03 -, Cassidy Macfarlane <[EMAIL PROTECTED]> wrote: > You can, of course, use regmon (sysinternals.com) to monitor the > registry 'live' while changes are being made, however it sounds like you > want a product that would analyse the reg, then re-analyse after > installation, and report on changes. > > This would indeed be a handy tool. Anyone know of anything better than > regmon for this purpose? You read my registry, I mean, mind. Thanks everyone for your suggestions. So far, the following has been tossed my way: 1) "WinINSTALL LE - it's on every Windows 2000 Pro CD I've ever seen" *I will look into this one. 2) Regmon of course, from Sysinternals *Which from my understanding only states what changes are being made in real time. 3) Regshot *Never head of it, but will give it a go. That's it so far. I will post my results. Cheers, ...D ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Windows Registry Analzyer
http://www.sysinternals.com/ntw2k/source/regmon.shtml Check out all their stuff - filemon is the cousin app for watching file systems. On Thu, 3 Mar 2005 10:35:49 -0500, Danny <[EMAIL PROTECTED]> wrote: > Anyone know of any free tools to analyze what changes have been made > to a Windows 2000/XP registry? > > Thanks, > > ...D > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Windows Registry Analzyer
Sysinternals Regmon. http://www.sysinternals.com/ntw2k/source/regmon.shtml Laters, Dave King CISSP http://www.thesecure.net Danny wrote: Anyone know of any free tools to analyze what changes have been made to a Windows 2000/XP registry? Thanks, ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Windows Registry Analzyer
Danny wrote: Anyone know of any free tools to analyze what changes have been made to a Windows 2000/XP registry? Thanks, ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html try Regshot. Didin't find the original site but is downloadable from many site. http://www.pcworld.com/downloads/file_description/0,fid,19540,00.asp Have nice day. Spencer ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] Windows Registry Analzyer
You can, of course, use regmon (sysinternals.com) to monitor the registry 'live' while changes are being made, however it sounds like you want a product that would analyse the reg, then re-analyse after installation, and report on changes. This would indeed be a handy tool. Anyone know of anything better than regmon for this purpose? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Danny Sent: 03 March 2005 15:36 To: Full-Disclosure (E-mail) Subject: [Full-Disclosure] Windows Registry Analzyer Anyone know of any free tools to analyze what changes have been made to a Windows 2000/XP registry? Thanks, ...D ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
