#8 New file dates are great, but have problems

[Enod Barker]

Have given the new v1.9.1 beta r313 a try. Nice work incorporating dates for files as requested in ticket #6 ( https://sourceforge.net/p/regshot/feature-requests/6/ ).

One big problem with the implementation as it is now, though. On each line, there are four sets of numbers: date, time, an odd hex value & size in bytes. An example: "2013-01-21 14:16:52, 0x00000020, 407552". Many different files/lines have identical hex values.

That hex value makes it significantly more hassle/tiring looking at file differences than it would be without it present. As I mentioned in ticket #6, Inctrl5's date/time/size listing on multiple lines is by far the most convenient to look at. Single lines with all that info are more hassle, but apparently needed for compatibility with UNDOReg. That weird hex value added on each line makes it even more hassle to look through.

What is that hex value and could it be removed from future versions? Or if really needed for compatibility with UNDOReg, could an option be added (startup command or otherwise) for it not to be recorded?

[M. Buecher]

That "odd" hex value are the dir/file attributes.
As these attributes are also tracked and compared, they should be listed at all times.

Size was put at the end of the line as it is the only field with varying output length.
The attributes in hex have always the same width and place, therefore easier to ignore/watch/parse.
Right now we do not want to hide them as they are an important part of each dir/file.

We are open minded for any other form of display.
Or describe how you process the output file.
Any scripts or programs? Or just manually checking?

Your Regshot Team

P.S.:
You can ignore UNDOreg for dir/file ouput format. As it only deals with registry changes.
Was a mistake on my side, sorry - Maddes

[Enod Barker]

Thanks for the reply and sorry for being unable to get back to you earlier. Nice to know what the hex values are for.

However, those file/directory attributes being in hex form makes them unreadable and thus unusable to most humans. Thus its a waste to have them there. Unless, of course, you need them for the UNDOreg program or something.

If you do need them in hex form for such programs, my request is for being able to disable the recording of them if a user wants to. If you don't need them for such programs, get rid of recording them completely or put them in a human-readable form (like "ah" (archive & hidden), "sh" and so on).

As to parsing the output files here, yes, its always done manually.

The good layout standard is still Inctrl5 (despite the fact it often bugs out recording registry changes in Windows 7+). For example, a file added or deleted in an install:

c:\Program Files\LibreOffice 4\program\acclo.dll
Date: 7/23/2013 8:06 AM
Size: 873,368 bytes

A file changed:

c:\Users\Administrator\AppData\Roaming\LibreOffice\4\user\extensions\bundled\extensions.pmap
Old date: 5/16/2013 5:47 PM
New date: 7/26/2013 12:03 PM
Old size: 778 bytes
New size: 677 bytes

Seeing as that UNDOreg in fact doesn't deal with file/dir changes, could we get an output that looks like the above or similar for them?

As to registry values added/deleted/modified, I know you need to keep each of them on a single line for people that use UNDOreg. But any way you could change "Values modified:" lines to add a space between each change set? As it is now, its virtually impossible to sort through the changes with them all grouped together.

For example, 2000 lines that look like this in Regshot is really messy:

HKLM\SOFTWARE\Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\DefaultIcon\: "C:\Program Files\LibreOffice 4.0\program\soffice.bin,0"
HKLM\SOFTWARE\Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\DefaultIcon\: "C:\Program Files\LibreOffice 4\program\soffice.bin,0"
HKLM\SOFTWARE\Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\InprocHandler32\: "C:\Program Files\LibreOffice 4.0\program\inprocserv.dll"
HKLM\SOFTWARE\Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\InprocHandler32\: "C:\Program Files\LibreOffice 4\program\inprocserv.dll"
HKLM\SOFTWARE\Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\LocalServer32\: "C:\Program Files\LibreOffice 4.0\program\soffice.exe --nodefault --nologo"
HKLM\SOFTWARE\Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\LocalServer32\: "C:\Program Files\LibreOffice 4\program\soffice.exe --nodefault --nologo"
HKLM\SOFTWARE\Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\DefaultIcon\: "C:\Program Files\LibreOffice 4.0\program\soffice.bin,0"
HKLM\SOFTWARE\Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\DefaultIcon\: "C:\Program Files\LibreOffice 4\program\soffice.bin,0"

Putting a single space between each of the two line change sets would be far more readable.

For example, going from this:

HKLM\SOFTWARE\Classes\LibreOffice.CalcDocument.1\AppUserModelID: "TheDocumentFoundation.LibreOffice.Calc"
HKLM\SOFTWARE\Classes\LibreOffice.CalcDocument.1\AppUserModelID: "TheDocumentFoundation.LibreOffice"
HKLM\SOFTWARE\Classes\LibreOffice.CalcDocument.1\DefaultIcon\: "C:\Program Files\LibreOffice 4.0\program\soffice.bin,3"
HKLM\SOFTWARE\Classes\LibreOffice.CalcDocument.1\DefaultIcon\: "C:\Program Files\LibreOffice 4\program\soffice.bin,3"

to this:

HKLM\SOFTWARE\Classes\LibreOffice.CalcDocument.1\AppUserModelID: "TheDocumentFoundation.LibreOffice.Calc"
HKLM\SOFTWARE\Classes\LibreOffice.CalcDocument.1\AppUserModelID: "TheDocumentFoundation.LibreOffice"

HKLM\SOFTWARE\Classes\LibreOffice.CalcDocument.1\DefaultIcon\: "C:\Program Files\LibreOffice 4.0\program\soffice.bin,3"
HKLM\SOFTWARE\Classes\LibreOffice.CalcDocument.1\DefaultIcon\: "C:\Program Files\LibreOffice 4\program\soffice.bin,3"

Thanks!

[M. Buecher]

Please check Regshot-1.9.1-beta_r321.7z for having separation lines.