Join 3,561 readers in helping fund MetaFilter (Hide)


What are you doing to my computer?
January 14, 2008 7:23 PM   Subscribe

I'd like to have a log file of everything an application does to my Windows (XP) system. All files added/removed, all changes to the registry, and everything else it does to the disk. Can this be done free or cheaply?

I'd like a separate log file for each application, or at least have each log file entry easily traceable to an app. I'd like this for a couple of reasons. I'd like to know what some apps are doing to slow down my system, lengthen boot times, etc. I'd also like to be able to back up and restore custom settings for some apps in an automated way rather than reconfiguring manually. And I just like to complain, complain, complain about windows and the registry. I don't need suggestions on how to speed up my system. I understand that stuff.
posted by DarkForest to Computers & Internet (8 answers total) 2 users marked this as a favorite
 
Diskmon, Filemon, & Process Monitor from sysinternals would be good for this sort of thing.

http://technet.microsoft.com/en-us/sysinternals/default.aspx
posted by aerotive at 7:30 PM on January 14, 2008


The included backup software (ntbackup.exe?) creates a log file of its actions:
x.exe                                        65561   7/19/2007     9:03 AM
x.htm                                         2598   4/19/2007     9:57 PM
x1.htm                                      160407   4/19/2007     9:57 PM
Folder C:\$VAULT$.AVG
29717593.FIL             RHS             3201375  10/22/2007     3:35 AM
46786671.FIL             RHS              304464   8/13/2007     3:03 AM
63024768.FIL             RHS             4348245   9/16/2007     4:42 AM
Folder C:\AtomTime
ATOMTIME.EXE                                153088   2/10/1997     8:20 PM
&etc ad nauseum (atomtime is from 1997? oh, well, it still works)
posted by hexatron at 7:44 PM on January 14, 2008


The log file is conveniently located at (this is Win2K--your mileage may differ)

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsof
t\Windows NT\NTBackup\data\backup01.log
posted by hexatron at 7:49 PM on January 14, 2008


You want to use auditing.

Sample Google terms.
posted by rhizome at 7:58 PM on January 14, 2008


Diskmon, Filemon, & Process Monitor from sysinternals would be good for this sort of thing.

They certainly let you see the ridiculous amount of disk accesses that modern apps do. A stupid taskbar icon might be checking a file every second, just in case. It so bad that it's very difficult to filter the signal from the noise. Good luck though.
posted by smackfu at 7:59 PM on January 14, 2008


If you're not really concerned about what the app is doing on a second-by-second basis, and what you really want to know is what files and registry keys alter across runs, try InstallWatch. It's designed to do this stuff specifically for setup programs, but you can do the snapshot/run/compare dance with any app.
posted by flabdablet at 1:04 AM on January 15, 2008


I think SpyBot Search and Destroy has a registry watch component.
posted by mattoxic at 3:43 AM on January 15, 2008


If flabdablet has it right (that you want install-time, not run-time monitoring) then Incntrl is a great tool as well.
posted by Four Flavors at 8:26 PM on January 16, 2008


« Older What is the visual 'style' of ...   |  What is the most elegant solut... Newer »
This thread is closed to new comments.