duckling78 Posted December 4, 2008 Share Posted December 4, 2008 (edited) This is a function to create a registry checkpoint and to compare the checkpoint to the current registry.*** New AutoIt3 code using "reg export ..." and Windiff instead of "reg copy ..." and "reg compare ...":Note: I got Windiff from the Microsoft Support Tools for Windows XP.You will need a copy of the following to compile this script. These are all part of the Microsoft Support Tools for Windows XP. "gutils.dll" is a dependancy of Windiff.(script directory)\Windiff\Windiff.exe(script directory)\Windiff\gutils.dll(script directory)\Windiff\Windiff.hlp <-- This is optionalexpandcollapse popup#cs ---------------------------------------------------------------------------- AutoIt Version: 3.2.13.11 (beta) Author: Michael Sunwoo Script Function: Registry saving and comparing function #ce ---------------------------------------------------------------------------- ; Script Start #include <ButtonConstants.au3> #include <GUIConstantsEx.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> #include <Constants.au3> Opt("GUIOnEventMode", 1) #Region ### START Koda GUI section ### Form= Local $formRegCompare = GUICreate("RegCompare", 381, 104) GUISetOnEvent($GUI_EVENT_CLOSE, "formRegCompareClose") Local $inputRegKey = GUICtrlCreateInput("HKCU\Software", 8, 8, 363, 21) Local $btnCreate = GUICtrlCreateButton("Create Registry Checkpoint", 8, 33, 177, 25, 0) GUICtrlSetOnEvent(-1, "btnCreateClick") Local $btnCompare = GUICtrlCreateButton("Compare Current to Checkpoint", 189, 33, 177, 25, 0) GUICtrlSetOnEvent(-1, "btnCompareClick") Local $lblLastDateTime = GUICtrlCreateLabel("Initialized.", 10, 62, 354, 38) GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### Local $locSave = @MyDocumentsDir & "\" & StringTrimRight(@ScriptName, 4) & "\" Local $locWindiffDir = $locSave & "Windiff\" Local $locWindiff = $locWindiffDir & "Windiff.exe" DirCreate($locWindiffDir) FileInstall("Windiff\Windiff.exe", $locWindiffDir, 1) FileInstall("Windiff\Windiff.hlp", $locWindiffDir, 1) FileInstall("Windiff\gutils.dll", $locWindiffDir, 1) Local $regOld = $locSave & "RegOLD.txt" Local $regNew = $locSave & "RegNEW.txt" While 1 Sleep(10000) WEnd Func TimeStamp() Return @HOUR & ":" & @MIN & ":" & @SEC EndFunc Func DateStamp() Return @MON & "/" & @MDAY & "/" & @YEAR EndFunc Func btnCreateClick() Blah("Clicked: Compare Current to Checkpoint") RegCreateCheckpoint() EndFunc Func RegCreateCheckpoint() Blah(TimeStamp() & ": Starting registry backup . . .") If FileExists($regOld) Then FileDelete($regOld) EndIf ShellExecuteWait("reg.exe", 'export ' & GUICtrlRead($inputRegKey) & ' "' & $regOld & '"', "", "open", @SW_HIDE) Blah(TimeStamp() & ": Finished registry backup!") EndFunc Func btnCompareClick() Blah("Clicked: Button Compare to Current Checkpoint") RegCompareToCheckpoint() EndFunc Func RegCompareToCheckpoint() Local $i = 1 If FileExists($regOld) Then Blah("Starting registry export for comparison . . .") If FileExists($regNew) Then FileDelete($regNew) EndIf ShellExecuteWait("reg.exe", 'export ' & GUICtrlRead($inputRegKey) & ' "' & $regNew & '"', "", "open", @SW_HIDE) Blah(TimeStamp() & ': Finished registry export. Starting Windiff.' & @CRLF & 'F7/F8 = "View Prev/Next Change"') ShellExecute($locWindiff, '"' & $regOld & '" "' & $regNew & '"') Else MsgBox(16, StringTrimRight(@ScriptName, 4) & " error on line " & @ScriptLineNumber, "$regOld not found." & @CRLF & "$regOld = " & $regOld) EndIf EndFunc Func formRegCompareClose() Exit EndFunc Func Blah($text) ConsoleWrite($text & @CRLF) GUICtrlSetData($lblLastDateTime, $text) EndFuncHere are the batch file versions I originally created and based the above AutoIt3 version off of.RegSave.cmd:@echo off reg>nul query "hkcu\_BackUp_" 2>nul && ( echo Found old backup. Deleting it . . . reg>nul delete "hkcu\_BackUp_" /f ) echo. echo Starting registry backup . . . for /f "tokens=3 delims=\" %%a in ('reg.exe query hkcu\software') do ( if /i not "%%a"=="Microsoft" ( echo. echo Saving %%a . . . reg copy "hkcu\software\%%a" "hkcu\_Backup_\%%a" /s /f ) ) echo. echo Completed registry backup.RegCompare.cmd:@echo off for /f "tokens=3 delims=\" %%a in ('reg.exe query hkcu\software') do ( for /f "tokens=1,2* delims=:" %%b in ('reg compare "hkcu\_Backup_\%%a" "hkcu\software\%%a" /s 2^>nul') do ( if not "%%c"==" Identical" ( if not "%%b"=="The operation completed successfully" ( if not "%%b"=="Result Compared" ( if /i not "%%a"=="Microsoft" ( if "%%b"=="< Value" ( echo. echo OLD: %%c ) if "%%b"=="> Value" ( echo NEW: %%c ) if "%%b"=="< Key" ( echo. echo REMOVED: %%c ) if "%%b"=="> Key" ( echo. echo ADDED: %%c ) if not "%%b"=="> Value" if not "%%b"=="< Value" if not "%%b"=="< Key" if not "%%b"=="> Key" ( echo. echo %%a: %%b --^> %%c ) ) ) ) ) ) )These skip the "Microsoft" key because there seems to be some type of Access Denied error on WinXP with one of the keys in there.Here some example output from RegCompare.cmd:Z:\>RegCompare.cmd OLD: HKEY_CURRENT_USER\_Backup_\Google preferred_language REG_SZ NEW: HKEY_CURRENT_USER\software\Google preferred_language REG_SZ en OLD: HKEY_CURRENT_USER\_Backup_\Google blt_count_slp REG_DWORD 0xeab38 NEW: HKEY_CURRENT_USER\software\Google blt_count_slp REG_DWORD 0xeabc8 OLD: HKEY_CURRENT_USER\_Backup_\Google blt_msec_slp REG_DWORD 0x17c64a NEW: HKEY_CURRENT_USER\software\Google blt_msec_slp REG_DWORD 0x17c69c OLD: HKEY_CURRENT_USER\_Backup_\Google dib_count_slp REG_DWORD 0x57aa6e NEW: HKEY_CURRENT_USER\software\Google dib_count_slp REG_DWORD 0x57aafe OLD: HKEY_CURRENT_USER\_Backup_\Google dib_msec_slp REG_DWORD 0x20e57 NEW: HKEY_CURRENT_USER\software\Google dib_msec_slp REG_DWORD 0x20e5b OLD: HKEY_CURRENT_USER\_Backup_\Google searches_integrated REG_DWORD 0x4f1 NEW: HKEY_CURRENT_USER\software\Google searches_integrated REG_DWORD 0x4f2 OLD: HKEY_CURRENT_USER\_Backup_\Google google_search REG_DWORD 0x505 NEW: HKEY_CURRENT_USER\software\Google google_search REG_DWORD 0x506 OLD: HKEY_CURRENT_USER\_Backup_\Google google_search_slp REG_DWORD 0x505 NEW: HKEY_CURRENT_USER\software\Google google_search_slp REG_DWORD 0x506 OLD: HKEY_CURRENT_USER\_Backup_\Panda Software InstallCLSID REG_SZ {F6B1ED50-1F91-46A6-A104-64B99145C1BC} NEW: HKEY_CURRENT_USER\software\Panda Software InstallCLSID REG_SZ {F6B1ED50-1F91-46A6-A104-64B99145C1BC} REMOVED: HKEY_CURRENT_USER\_Backup_\StudiosQA\Testing Key 1 ADDED: HKEY_CURRENT_USER\software\StudiosQA\Testing Key 2Hope this helps someone Edited December 10, 2008 by duckling78 Link to comment Share on other sites More sharing options...
Demonic Posted December 4, 2008 Share Posted December 4, 2008 Sounds good. Perhaps an addition from yourself to load a checkpoint, possibly only specifying which ones you would like to load? Could be usefull for rolling back from some pesky virus's.. then again we have system restore. Link to comment Share on other sites More sharing options...
Jango Posted December 10, 2008 Share Posted December 10, 2008 Thank you it's usefull to me. Link to comment Share on other sites More sharing options...
corgano Posted December 10, 2008 Share Posted December 10, 2008 Thank you it's usefull to me.i have looking for a program like this, but could you upload compiled version? 0x616e2069646561206973206c696b652061206d616e20776974686f7574206120626f64792c20746f206669676874206f6e6520697320746f206e657665722077696e2e2e2e2e Link to comment Share on other sites More sharing options...
duckling78 Posted December 10, 2008 Author Share Posted December 10, 2008 Fixed the script to work on Vista. The "reg" executable has some different parameters on XP vs Vista. I believe I'm done with this. The updated script is in the original post. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now