We have discontinued this forum and moved support tickets to the GitHub issue tracker. More info
Search found 4 matches
- 06 Dec 2011, 21:41
- Forum: Uninstall Tool
- Topic: Tracing modified registry values
- Replies: 9
- Views: 19508
Re: Tracing modified registry values
- while monitoring UT traces what installer is opening and what is creating(by the way are those actions distinguishable?) Here are the relevant Windows API functions: Registry Functions Uninstall Tool installs a kernel driver (CisUtMonitor.sys) to trace Windows API calls, I believe. So it can obvi...
- 06 Dec 2011, 07:39
- Forum: Uninstall Tool
- Topic: Tracing modified registry values
- Replies: 9
- Views: 19508
Re: Tracing modified registry values
Perhaps you didn't understand what I meant. Here's another way to put it. How does a typical uninstaller work? 1. It takes a snapshot of the whole registry before installation (i.e. it backups the registry temporarily) 2. It takes a snapshot of the whole registry after installation (i.e. it backups ...
- 05 Dec 2011, 06:06
- Forum: Uninstall Tool
- Topic: Tracing modified registry values
- Replies: 9
- Views: 19508
Re: Tracing modified registry values
I'm not sure exactly how Uninstall Tool traces modifications, it uses some sort of kernel driver obviously. I guess that you mean you don't know the previous value of a registry key, when you monitor a process modifying it. But can't you just enum all of the key's values when the process opens it? I...
- 03 Dec 2011, 23:46
- Forum: Uninstall Tool
- Topic: Tracing modified registry values
- Replies: 9
- Views: 19508
Tracing modified registry values
I'm wondering if Uninstall Tool can trace modifications to registry values, in addition to detecting newly created keys. I'm asking this because keys are all I see in the traced data (in XML view). For example, if an uninstall program leaves behind modified file associations, will Uninstall Tool be ...