Page 1 of 1
The new "real" registry
Posted: Sat Jan 06, 2007 9:48 am
by lwc
It's great I can see sandboxed changes in regedit, but how do I compare the registry before/after running a program sandboxed (without running each time, say, sandboxed InCtrl as a middleman to the needed sandboxed program)?
Posted: Sat Jan 06, 2007 12:45 pm
by tzuk
Before you install, run sandboxed:
Code: Select all
reg export HKLM Before_HKLM.reg
reg export HKCU Before_HKCU.reg
After you install, run sandboxed:
Code: Select all
reg export HKLM After_HKLM.reg
reg export HKCU After_HKCU.reg
Then compare the files.
I think this method should also work with version 2.64, since
the reg utility is running sandboxed.
Posted: Sat Jan 06, 2007 5:51 pm
by lwc
Since this program knows the changes (they're written in "reghive"), I wish it would just create a REG file with them.
Posted: Sun Jan 07, 2007 6:22 pm
by tzuk
Since this program knows the changes
It knows the changes just as well as you know the changes. In other words, if you start RegEdit, and look in the sandbox hive -- we'll, you're
seeing the changes.
If you were to export the entire contents of this hive, then these are the so-called
changes that Sandboxie would export. (In fact it's just the entire hive.)
Now, you asked for a way to compare
before and
after hives, and I explained how.
Now it's just a matter of getting a good file comparison utility that will make the comparison make sense.
Posted: Mon Jan 08, 2007 8:29 am
by lwc
Well, I don't think the file "RegHive" contains the entire registry. The proof is that the only keys I manage to find inside it are those added in sandboxed mode.
Posted: Mon Jan 08, 2007 9:49 am
by OwenBurnett
Here is a quite good registry comparator programm:
http://www.elcomsoft.com/art.html free 30 day trail available
Just run it once inside the SB and once outside and compare the made registry snapshots (the path to stor ethem should be marked in SB ad OpenFilePath)
Owen