maxbrito / bootlogger Goto Github PK
View Code? Open in Web Editor NEWA Windows driver to log boot the drivers and services launched during the start phase to a text file on disk
License: European Union Public License 1.1
A Windows driver to log boot the drivers and services launched during the start phase to a text file on disk
License: European Union Public License 1.1
-- Summary -- This code permits to compile a generic Windows driver that will log to a text file the boot drivers and services launched during the startup phase of Windows. -- Installing -- To Install the driver on a Windows machine: 1) Select appropriate driver file (32 or 64 bit) on Windows explorer 2) Rename (for e.g.) BootLogger64.sys to BootLogger.sys 3) Place the driver on the %windowsdir%\System32\Drivers folder 4) Run the BootLogger_Install.reg to add the registry keys 5) Reboot 6) For x64 Windows 7 and above press F8 and select "Disable driver signature enforcement". Optionally, compile the drivers with a digital signature to permit this driver to be loaded by recent Windows editions -- Uninstalling -- To remove the driver: 1) Delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BootLogger 2) Delete the BootLoogsys file from c:\Windows\System32\drivers -- Customization / log report -- - The log report will be placed on c:\BootLog - For each computer boot, a new log with a time stamp is created - To track specific events on boot, use this page as reference: http://en.wikipedia.org/wiki/Windows_NT_startup_process It is possible to change the default folder where the reports are placed. Look inside this registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\BootLogger The driver will log each call to a executable. It is possible to deduce it's current stage of booting by observing which executables are launched. For example, SMSS.exe called means that the boot and service drivers were already booted. An entry for winlogon.exe means the login screen is now visible to the end user. A call to Explorer.exe or proquota.exe means that the user has completed a login with success and that the desktop is being launched. Due to the nature of parallel and diverse nature of the processes being launched during the startup operation, Windows does not provide a definition of "boot complete". For example, some applications such as Skype continue to run in the background after being launched. Another suggested approach is to monitor the CPU activity and detect a moment of less throtle but this would fail on older computers and on cases where the end-user begins to operate the machine before the startup processes complete their typical processing. -- Compiling -- To build the solution you require WDK, preferably 7600.1. You can also try VS2012, but it doesn't build drivers for the XP platform (actually it doesn't matter much, since driver will still work on XP, but it might be tricky sometimes) This is the build process using WDK: 1) Select appropriate build environment (you can find this in the Start menu). The aim is Win7, Release, x86 or x64 (binaries built with this environment will work on both XP and 8, as well as on any other OS between) 2) Navigate to solution directory, "cd" inside bin folder 3) Launch build command 4) Done! -- Compatibility -- This driver was tested on: - Windows XP SP3 - Windows 7 SP1 x86 - Windows 8.1 x64 - Windows 10 x64 technical preview Other Windows versions *should* work, please test and provide us the feedback. -- Feedback -- Something not working? Improvements? Feedback is welcome. Please contact the author using [email protected] or @nn81 through twitter. For additional contacts: http://triplecheck.net -- License --- Copyright (c) 2015 by Nuno Brito, TripleCheck This software is made available free of charge, under the European Public Licence (EUPL) terms, version 1.1 or above. Files not containing a statement of license on their headers should be considered as refering to the EUPL terms, unless expressed otherwise. You may not use, convey or distribute this work except in compliance with the conditions expressed in the licence. You may obtain a copy of the EUPL 1.1 Licence at: https://joinup.ec.europa.eu/software/page/eupl
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.