VB Script experts help needed

[nakedpeanut]

I'm very new to this ( about 4 hours experience )
This was my original problem: http://mybroadband.co.za/vb/showthread.php/248229-Script-to-export-windows-registry...

Now I've managed to get a vb script going which partially solves the problem

[LIST=1]
[*]Set wmiServices = GetObject("winmgmts:root/default") 
[*]Set wmiSink = WScript.CreateObject("WbemScripting.SWbemSink", "SINK_") 
[*] 
[*] 
[*]wmiServices.ExecNotificationQueryAsync wmiSink, _ 
[*]  "SELECT * FROM RegistryKeyChangeEvent WHERE Hive='HKEY_LOCAL_MACHINE' AND " & _ 
[*]    "(KeyPath='SYSTEM\\CurrentControlSet\\Enum\\USB' OR KeyPath='SYSTEM\\CurrentControlSet\\Enum\\USBSTOR')" 
[*] 
[*]WScript.Echo "Listening for Registry Change Events..." & vbCrLf 
[*] 
[*]While(1) 
[*]    WScript.Sleep 1000 
[*]Wend 
[*] 
[*]Sub SINK_OnObjectReady(wmiObject, wmiAsyncContext) 
[*]    WScript.Echo "Received Registry Change Event" & vbCrLf & _ 
[*]                 "------------------------------" & vbCrLf & _ 
[*]                 wmiObject.GetObjectText_() 
[*]End Sub
[/LIST]

Now the output I get is as follows:

Received Registry Change Event
------------------------------
{
Hive = "HKEY_LOCAL_MACHINE";
KeyPath = "SYSTEM\\CurrentControlSet\\Enum\\USB"
TIME_CREATED ="129238405880625252";
};

But I want to know exactly what is changed!
I kept looking and found an alternative to line 4. I've tried using "RegistryValueChangeEvent" as opposed to "RegistryKeyChangeEvent" but then it only looks at the USB key and the values which are changed in it.
I first want to find out which registry keys are created! (example when you insert a flash drive. Which new registry keys are made)

 

[dequadin]

I first want to find out which registry keys are created! (example when you insert a flash drive. Which new registry keys are made)

Process Monitor will tell you this.

 

[bleh69]

yup. procmon. you seem to be rather advanced for someone script hacking the registry for only 4 hours. : )

 

[nakedpeanut]

That's why i love google , but scripting can be simple or really complicated. Just read a few tutorials and copy paste then edit

 

[dequadin]

That's why i love google , but scripting can be simple or really complicated. Just read a few tutorials and copy paste then edit

Have a look at Scriptomatic 2.0, makes writing VB Script really easy.

 

[nakedpeanut]

thanks will look into both programs

 

[bboy]

regmonnt... a program to monitor your registry

 

[thisgeek]

Just use reg.exe - it's a command line util that will do what you need. Included with Windows.

 

[dequadin]

regmonnt... a program to monitor your registry

procmon contains regmon, made by the same dude.

Just use reg.exe - it's a command line util that will do what you need. Included with Windows.

That won't tell you what registry keys get created? Unless you export the entire registry and compare it to a backup..?

 

[nakedpeanut]

Thanks for the help, I just finished coding a small program to use the reg.exe as it was easy to customize to my needs thanks again!