|What is winlog? Winlog is everything!! Well, not far from it. It has taken seven years of my experience and fitted it all into a little over 1mb. It started as a utility to compare system files to create 'before' and 'after' snapshots of windows sytstem files to allow files being altered by a problematic installer to be monitored, and evolved into the repository of all the annoying little problem fixes that I find usefull. Basically, if I needed to code anything to help me examine a system, instead of going into an applet which will be forgotten, it went here instead so it would always be available to me. It is not complete yet, and it never will be!! I'll keep adding to it as I find things. It has been used (by me) to successfully locate and isolate one new virus so far!!
When you run it, you will be asked if you want to open an external list file, answer NO for now. It will open behind whatever is on the screen, I don't know why yet but it started doing it one day and has done so ever since.
Because this program can be placed on a shared directory in a network and general users shouldn't be able to use it, you will need to enter a password. The password is hard coded as "p455w0rd" and can be entered by clicking on the padlock button, this will then unlock the program and allow other buttons to be clicked.
From left to right, the buttons are (the names appear in hints when you put the mouse over them):
"Build File List". This builds an ini file which holds the name of every file in the windows and system directories along with the size of the file. If the ini file exists, it will be added to so it's a good idea to clear the file first. This will be explained later.
"Analyze File List" This will read the ini file then compare all the files giving lists of changed files, removed files and added files.
"Clear File List" Exactly as the name suggests, the file list ini file is cleared.
"Generate Change Report" This can only be clicked after the file list has been analyzed. Winlog has an inbuilt text editor which is designed to save reports, this button will open the editor and create a report of the changed files.
"About Winlog" Just tells you I wrote it.
"Export File List" Exports the list to a specified file name. When it is first opened and asks you if you want to use an external list file, it is these export files which it wants if you click yes. Opening an external list will not allow the list to be altered so the list can remain unchanged for future reference.
"Display Winlog Reporting Tool" This button simply brings up the reporting tool which is a text editor. Note that the editor has an option "Auto Clear", if this option isn't ticked, everything you add to the report will be added to the end creating one huge report. If the checkbox isn't ticked, everytime you send something to the report utility, the previous contents are cleared.
"Compare Reports" This is a utility which allows any two text files to be compared and generates a report of what is common to both and what is missing from either. The idea is that since most functions of winlog can generate reports, simillar types of reports from different times (or machines) can be compared allowing differences in anything which winlog can report on to be monitored and analyzed, even between different PC's. This is amongst the most powerfull capabilities of Winlog.
"Display Settings" Doesn't really do much, just allows it to be alpha blended so that it can be seen through on cluttered screens. I only needed to use it once but decided to leave it in anyway.
The last two are for Unlock and Exit.
"Windows Files" and "System Files" - These tabsheets list all the windows and system files on the PC.
"Zero Length Files", "Files Added", "Files Deleted" and "Files Changed" - These Tabsheets relate to the analysis of the logfile and the lists are only available after the "Analyze File List" button has been clicked.
"Shared DLL Files" and "Missing Shared DLL Files" - These Tabsheets relate to the Shared DLL files on the PC and are only available when the "Analyze File List" button has been clicked. Shared DLL's is a section in the registry where a list of shared libraries are stored. When a new library file is added to the PC, it is added here and When another program requiring a library listed here is added, the count next to each library name is incremented. It allows windows to keep track of which files are no longer needed. When programs are uninstalled, the count on every file it needed is decremented and any file with a zero count can be deleted. If a file has been deleted and is still registered as being required, it shows up in "Missing Shared DLL's"
"View Log File" - This allows you to view the logfile.
"View Process List" - This lists all the processes and child processes running on the PC. If you don't want to list child processes, click the "Display Child Processes" tick box off and click on "Refresh List". "Shutdown Windows" asserts an immediate shutdown command to windows which can be usefull if a crashed program prevents windows form shutting down. "Kill Process" will send a request to the selected process to make it close down, just like selecting End Task in the windows 95 task manager. The process list feature was added because every subsequent version of windows after 95 had a worse version of task manager than the previous version. The task manager in the latest versions is completely useless. "Refresh list" rebuilds the list to make it more current. The big and small icons are displayed for any selected program which has one and double clicking on the icon will allow you to save it. Clicking the "Change" buttons allows you to change the icon for the selected process. The API section allows API commands to be sent for enabling, disabling, minimizing and maximizing process windows. Try it out on controls within windows, you can actually minimize buttons!! In the Caption section, you can type in a caption and search for it or you can change the caption of any process running. You can even rename buttons. These features are mostly for educational value but can be quite fun to play with.
"About" - Gives some basic instructions.
"File Browser" - allows you to browse directories and make reports of the contents. It is usefull if you need to list the contents of a directory to a text file.
"Optional Directories" - holds the list of optional directories to be covered by the list file.
"Registry Services" - Shows most of the registry sections which can be used to automatically run programs without showing up in startup. Such programs as firewalls and virus scanners use these sections to activate themselves on startup. Viruses, trojans and malware apps also hide here often. Double click on a program to display it as text.
"DDE Services" - Hard one to explain but anyone who has used DDE will be able to figure it out easily enough. I put DDE into winlog to help troubleshoot programs I write by being able to send my own DDE requests to it.
"Additional" - Displays Win.ini (still used by some viruses as a backdoor to make itself execute) Win.ini is still used but is often forgotten and thought of as only a windows3.11 legacy. Also shows the services running in CurrentControlSet (the registry services page ran out of space).
As with all my programs, if you intend to use Winlog for any commercial applications, please contact me first. If you find any bugs, please let me know and I'll endeavour to rectify them. If you think this program is really usefull, let me know aswell. In this 'unregistered' version of Winlog, all the features are enabled except for the 'save' and 'print' functions in the reporting utility. To get a registered version with these features enabled, please E-Mail me to arrange registration.