We have discontinued this forum and moved support tickets to the GitHub issue tracker. More info

Search found 4 matches

by skabour
06 Dec 2011, 21:41
Forum: Uninstall Tool
Topic: Tracing modified registry values
Replies: 9
Views: 15994

Re: Tracing modified registry values

- while monitoring UT traces what installer is opening and what is creating(by the way are those actions distinguishable?) Here are the relevant Windows API functions: Registry Functions Uninstall Tool installs a kernel driver (CisUtMonitor.sys) to trace Windows API calls, I believe. So it can obvi...
by skabour
06 Dec 2011, 07:39
Forum: Uninstall Tool
Topic: Tracing modified registry values
Replies: 9
Views: 15994

Re: Tracing modified registry values

Perhaps you didn't understand what I meant. Here's another way to put it. How does a typical uninstaller work? 1. It takes a snapshot of the whole registry before installation (i.e. it backups the registry temporarily) 2. It takes a snapshot of the whole registry after installation (i.e. it backups ...
by skabour
05 Dec 2011, 06:06
Forum: Uninstall Tool
Topic: Tracing modified registry values
Replies: 9
Views: 15994

Re: Tracing modified registry values

I'm not sure exactly how Uninstall Tool traces modifications, it uses some sort of kernel driver obviously. I guess that you mean you don't know the previous value of a registry key, when you monitor a process modifying it. But can't you just enum all of the key's values when the process opens it? I...
by skabour
03 Dec 2011, 23:46
Forum: Uninstall Tool
Topic: Tracing modified registry values
Replies: 9
Views: 15994

Tracing modified registry values

I'm wondering if Uninstall Tool can trace modifications to registry values, in addition to detecting newly created keys. I'm asking this because keys are all I see in the traced data (in XML view). For example, if an uninstall program leaves behind modified file associations, will Uninstall Tool be ...