The new "real" registry

Please post your problem description here

Moderator: Barb@Invincea

Post Reply
lwc
Posts: 338
Joined: Tue Dec 19, 2006 6:37 am

The new "real" registry

Post by lwc » Sat Jan 06, 2007 9:48 am

It's great I can see sandboxed changes in regedit, but how do I compare the registry before/after running a program sandboxed (without running each time, say, sandboxed InCtrl as a middleman to the needed sandboxed program)?

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Sat Jan 06, 2007 12:45 pm

Before you install, run sandboxed:

Code: Select all

reg export HKLM Before_HKLM.reg
reg export HKCU Before_HKCU.reg
After you install, run sandboxed:

Code: Select all

reg export HKLM After_HKLM.reg
reg export HKCU After_HKCU.reg
Then compare the files.

I think this method should also work with version 2.64, since the reg utility is running sandboxed.
tzuk

lwc
Posts: 338
Joined: Tue Dec 19, 2006 6:37 am

Post by lwc » Sat Jan 06, 2007 5:51 pm

Since this program knows the changes (they're written in "reghive"), I wish it would just create a REG file with them.

tzuk
Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 12:57 pm

Post by tzuk » Sun Jan 07, 2007 6:22 pm

Since this program knows the changes
It knows the changes just as well as you know the changes. In other words, if you start RegEdit, and look in the sandbox hive -- we'll, you're seeing the changes.

If you were to export the entire contents of this hive, then these are the so-called changes that Sandboxie would export. (In fact it's just the entire hive.)

Now, you asked for a way to compare before and after hives, and I explained how.

Now it's just a matter of getting a good file comparison utility that will make the comparison make sense.
tzuk

lwc
Posts: 338
Joined: Tue Dec 19, 2006 6:37 am

Post by lwc » Mon Jan 08, 2007 8:29 am

Well, I don't think the file "RegHive" contains the entire registry. The proof is that the only keys I manage to find inside it are those added in sandboxed mode.

OwenBurnett
Posts: 112
Joined: Mon Dec 18, 2006 11:36 am

Post by OwenBurnett » Mon Jan 08, 2007 9:49 am

Here is a quite good registry comparator programm: http://www.elcomsoft.com/art.html free 30 day trail available
Just run it once inside the SB and once outside and compare the made registry snapshots (the path to stor ethem should be marked in SB ad OpenFilePath)

Owen

Post Reply

Who is online

Users browsing this forum: No registered users and 6 guests