Hello 9Val, On Sat, 17 Dec 2005 00:39:43 +0200 GMT(12/16/2005, 4:39 PM -0600 GMT), per mid:[EMAIL PROTECTED] 9Val wrote:
> The Bat! 3.63.13 (Beta) is now available from: > http://www.ritlabs.com/en/tbbeta/ I've analyzed the registry requests for TB beta v3.63.13. Either I missed something or there are new reqistry requests in the new beta versions that were not included in the 3.62.14 or 3.0.2.10 versions. More specifically these 'CreateKey' and 'SetValue' request are outside the typical 'RIT' or 'Mail' path. Why are there new 'CreateKey' and 'SetValue' requests outside the typical 'RIT' or 'Mail' paths as per the detail below? ,----- [ New beta 'CreateKey' and 'SetValue' requests ] | 2920,59.15,"thebat.exe:1844","CreateKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b6ec23-6d09-11da-9254-806d6172696f}\","SUCCESS","Access: 0x2000000" | 2921,59.15,"thebat.exe:1844","SetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b6ec23-6d09-11da-9254-806d6172696f}\BaseClass","SUCCESS","""Drive""" | 2923,59.15,"thebat.exe:1844","CreateKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b6ec22-6d09-11da-9254-806d6172696f}\","SUCCESS","Access: 0x2000000" | 2924,59.15,"thebat.exe:1844","SetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b6ec22-6d09-11da-9254-806d6172696f}\BaseClass","SUCCESS","""Drive""" | 2926,59.15,"thebat.exe:1844","CreateKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b6ec24-6d09-11da-9254-806d6172696f}\","SUCCESS","Access: 0x2000000" | 2927,59.15,"thebat.exe:1844","SetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b6ec24-6d09-11da-9254-806d6172696f}\BaseClass","SUCCESS","""Drive""" | 2929,59.15,"thebat.exe:1844","CreateKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b6ec25-6d09-11da-9254-806d6172696f}\","SUCCESS","Access: 0x2000000" | 2930,59.15,"thebat.exe:1844","SetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b6ec25-6d09-11da-9254-806d6172696f}\BaseClass","SUCCESS","""Drive""" | 3433,96.84,"thebat.exe:1844","CreateKey","HKLM\Software\Microsoft\Tracing","SUCCESS","Access: 0xF003F" `----- Excuse me, but I like to know what is happening behind the scenes. I noticed the beta was changing the registry, so I decided to do a more extensive analysis using Regmon from http://www.sysinternals.com/. TIA! -- Best Regards, Greg Strong Using The Bat! v3.63.13 (Beta) on Windows XP Pro 5.1 Build 2600 Service Pack 2 ________________________________________________________ Current beta is 3.63.13 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
