Tip #42: Tracking System Changes of an Application Install

Today's tip is on monitoring the changes made to your Windows system during the installation of an application. We'll be using a utility called InCtrl5, which was developed by PC Magazine. This utility will allow us to track all filesystem and registry changes associated with an application's installation. Knowing this information can prove helpful if you have an application which will not uninstall correctly, or if you suspect that the install package may be installing spyware or other unwanted programs.

InCtrl5 can be downloaded from here or here.

After you have downloaded and installed InCtrl5, you're now ready to monitor an application's install process. To get started, launch InCtrl5 and you should see a screen similar to the one below.


I'll be using the VideoLan Client (VLC) installer as an example. Select the install program you'll be tracking in the top text field. You may also want to change the path and filename of the resulting report if you don't wish to use the default. After you've made your selections, go ahead and click on the GO! button to begin the installation and analysis. Proceed through the program's install as normal.


After the install has completed, click on the Install Complete button to generate the report.


The resulting report should now contain any registry additions, deletions, or changes, as well as any filesystem changes.

Please leave a comment if you have any questions.

Tip #41: Obtain Whois Information from the Windows Command Prompt

Today's tip is on obtaining domain registration data from the Windows Command Prompt. The whois command is a standard fixture in the Linux/Unix world, but Windows users typically need to resort to web based applications to query Whois information. We'll be taking a look at a small utility called WhoisCL, which will allow you to query whois servers from the Command Prompt as well as from within batch files.

WhoisCL, an application developed by Nir Sofer, can be downloaded from here. Once you have downloaded the application, unzip the WhoisCL.exe file and place it in your path (i.e. C:\Windows). After you have extracted the file, you may want to rename it to whois.exe to make the command easier to remember, especially if you find yourself working on Linux machines frequently.

One nice feature of WhoisCL is the -r switch, which will remove the registrar's cruft from the results you receive.


If you have questions, please leave a comment.