UBCD4Win Forums: Shell Execute Logger - UBCD4Win Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Shell Execute Logger 4 your toolbox...

#1 User is offline   pcuser Icon

  • Project Programmer
  • PipPipPipPipPipPipPip
    • Group: Moderator & Development
    • Posts: 4470
    • Joined: 20-November 04
    • Gender:Male
    • Location:Kneebrasskee

    Posted 14 March 2006 - 11:46 PM

    This one's for the techie toolbox. It logs all apps (in order) that are executed via ShellExecute and ShellExecuteEx api calls (this includes startup items and anything started via Explorer.exe (shell).

    Ever had a pc that hangs during boot, just before the desktop icons appear?

    Here's what it does (in a nutshell).

    When you run the program and click "Install", it extracts SELogger.dll to the system folder and registers it on the system then sets it as a ShellExecuteHook at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks.

    SELogger.dll is a customized dll based on code from http://www.mvps.org/.../en/index.shtml

    The log file is at %WINDOWS%\SELogger.log

    When you click "Uninstall", it removes the hook, unregisters the dll and attempts to delete it and gives you an option to remove the log file.

    It really wasn't that much more work to make it compatible with Win9x/me so that's what I did. It's been tested on win95, me, xp home sp2 and xp pro sp1a

    To give you an idea of the power of this app... run it and click "Install" then reboot the pc. When the system comes back up, run it again and click "Open Log File" and look at all the apps that got started on boot and the order that they were started!

    It was made with vb6 so it requires msvbvm60.dll

    I tried it on a fresh win95 install and simply copied msvbvm60.dll to %WINDOWS%\system and it worked like a charm.

    Don't forget to Uninstall it!!! If you don't then it'll keep appending to the log file and really bad things will happen.

    Download it HERE

    Enjoy ;)

    Tom
    If you're afraid of taking any chances then the chances are great that you will never learn anything

    Multiboot Plugins - UBUSB (Ultimate Boot USB) - EzPcFix - RootKitty - Network Configuration Utility - UnIsoFS - A Small Linux Distro - SELogger - HashME - WSock - My Paypal
    0

    #2 User is offline   hilander999 Icon

    • Project Development
    • PipPipPipPipPipPipPip
      • Group: Moderator & Development
      • Posts: 3664
      • Joined: 28-September 05
      • Gender:Male

      Posted 15 March 2006 - 12:21 AM

      Sounds like an awesome program. :worthy:



      Quote

      Don't forget to Uninstall it!!! If you don't then it'll keep appending to the log file and really bad things will happen.
      How hard would it be to have it start a new log each time & only keep 1 backup (old log.)?

      I find things get installed all the time while i'm not here & having a log to look at whenever I want, sounds
      like a really great option. It would be a little anoying to have to install it every time I was curious about
      what has been added to my startup options by programs that other users installed on this system.

      I still think it sounds really cool & hope to get time to check it out, but that most likely won't be untill
      after we FINALLY get the next version out & then fix the bugs our members find.
      Dead Blow Hammer - 19 colors of Duck Tape - Bailing Wire
      0

      #3 User is offline   pcuser Icon

      • Project Programmer
      • PipPipPipPipPipPipPip
        • Group: Moderator & Development
        • Posts: 4470
        • Joined: 20-November 04
        • Gender:Male
        • Location:Kneebrasskee

        Posted 15 March 2006 - 12:43 AM

        Quote

        It would be a little anoying to have to install it every time I was curious about
        what has been added to my startup options by programs that other users installed on this system.


        After you install it, it keeps logging until you you uninstall it. It might be a good idea to have it clear the log before shutdown (maybe winlogon\notify?) but I'll have to look into it more.

        I have a ton of work to do with the new version of the Config Tool so I don't know if it'll happen within the next week or so but I think this option would be nice.

        Thanks for the feedback ;)

        Tom
        If you're afraid of taking any chances then the chances are great that you will never learn anything

        Multiboot Plugins - UBUSB (Ultimate Boot USB) - EzPcFix - RootKitty - Network Configuration Utility - UnIsoFS - A Small Linux Distro - SELogger - HashME - WSock - My Paypal
        0

        #4 User is offline   stormal Icon

        • Newbie
        • Pip
          • Group: Members
          • Posts: 1
          • Joined: 04-September 06

          Post icon  Posted 04 September 2006 - 05:16 PM

          Looks like a useful utility.

          Thanks.
          0

          Page 1 of 1
          • You cannot start a new topic
          • You cannot reply to this topic

          1 User(s) are reading this topic
          0 members, 1 guests, 0 anonymous users