What are you doing to my computer?
January 14, 2008 7:23 PM Subscribe
I'd like to have a log file of everything an application does to my Windows (XP) system. All files added/removed, all changes to the registry, and everything else it does to the disk. Can this be done free or cheaply?
I'd like a separate log file for each application, or at least have each log file entry easily traceable to an app. I'd like this for a couple of reasons. I'd like to know what some apps are doing to slow down my system, lengthen boot times, etc. I'd also like to be able to back up and restore custom settings for some apps in an automated way rather than reconfiguring manually. And I just like to complain, complain, complain about windows and the registry. I don't need suggestions on how to speed up my system. I understand that stuff.
I'd like a separate log file for each application, or at least have each log file entry easily traceable to an app. I'd like this for a couple of reasons. I'd like to know what some apps are doing to slow down my system, lengthen boot times, etc. I'd also like to be able to back up and restore custom settings for some apps in an automated way rather than reconfiguring manually. And I just like to complain, complain, complain about windows and the registry. I don't need suggestions on how to speed up my system. I understand that stuff.
The included backup software (ntbackup.exe?) creates a log file of its actions:
posted by hexatron at 7:44 PM on January 14, 2008
x.exe 65561 7/19/2007 9:03 AM x.htm 2598 4/19/2007 9:57 PM x1.htm 160407 4/19/2007 9:57 PM Folder C:\$VAULT$.AVG 29717593.FIL RHS 3201375 10/22/2007 3:35 AM 46786671.FIL RHS 304464 8/13/2007 3:03 AM 63024768.FIL RHS 4348245 9/16/2007 4:42 AM Folder C:\AtomTime ATOMTIME.EXE 153088 2/10/1997 8:20 PM&etc ad nauseum (atomtime is from 1997? oh, well, it still works)
posted by hexatron at 7:44 PM on January 14, 2008
The log file is conveniently located at (this is Win2K--your mileage may differ)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsof
t\Windows NT\NTBackup\data\backup01.log
posted by hexatron at 7:49 PM on January 14, 2008
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsof
t\Windows NT\NTBackup\data\backup01.log
posted by hexatron at 7:49 PM on January 14, 2008
Diskmon, Filemon, & Process Monitor from sysinternals would be good for this sort of thing.
They certainly let you see the ridiculous amount of disk accesses that modern apps do. A stupid taskbar icon might be checking a file every second, just in case. It so bad that it's very difficult to filter the signal from the noise. Good luck though.
posted by smackfu at 7:59 PM on January 14, 2008
They certainly let you see the ridiculous amount of disk accesses that modern apps do. A stupid taskbar icon might be checking a file every second, just in case. It so bad that it's very difficult to filter the signal from the noise. Good luck though.
posted by smackfu at 7:59 PM on January 14, 2008
If you're not really concerned about what the app is doing on a second-by-second basis, and what you really want to know is what files and registry keys alter across runs, try InstallWatch. It's designed to do this stuff specifically for setup programs, but you can do the snapshot/run/compare dance with any app.
posted by flabdablet at 1:04 AM on January 15, 2008
posted by flabdablet at 1:04 AM on January 15, 2008
I think SpyBot Search and Destroy has a registry watch component.
posted by mattoxic at 3:43 AM on January 15, 2008
posted by mattoxic at 3:43 AM on January 15, 2008
If flabdablet has it right (that you want install-time, not run-time monitoring) then Incntrl is a great tool as well.
posted by Four Flavors at 8:26 PM on January 16, 2008
posted by Four Flavors at 8:26 PM on January 16, 2008
This thread is closed to new comments.
http://technet.microsoft.com/en-us/sysinternals/default.aspx
posted by aerotive at 7:30 PM on January 14, 2008