These settings will help you optimize a portablized application.

By default, once registry and file system redirection is enabled, all of the possible API functions that might be used by an application for registry and file system access are hooked by the JauntePE runtime for possible portablization. These sections allow you to modify that behavior in two different ways. Both allow you to optimize a portablized application to its greatest extent possible outside of choosing not to redirect at the registry and/or file system level all together. So this is one area of optimization that you will almost always want to pursue if possible.

First, you can specify a minimum set of API functions to be hooked, based upon an application's usage (or non-usage) of the list of hookable API functions. This allows you to optimize a portablized application's overall performance.

Second, you can specify a minimum set of API functions to be hooked during application startup, deferring the hooking of the rest of the API functions to when the application goes into its initial "waiting for input" idling state. This allows you to optimize a portablized application's startup performance.

There are several ways to get a list of the API functions that an application uses. JauntePE provides 4 convenient ways which require you to only exercise the portablized application enough to ensure that all of the possible hooked API functions have been used. This is a very important point that you must not forget. If you fail to exercise the application thoroughly, and then proceed to create hook section lists based upon that run's results, your list of used API functions will most likely be incomplete. This means that any runs made with such lists in use will most likely lead to portablization "leaks," i.e., registry and/or file system redirections that used to occur will no longer occur and the system registry and non-portable file system will be compromised.

Using JPE Quickie to get an API Hooks list

The first, and easiest way to get such a list is to make use of the JPE Quickie JauntePE tool. Once an application has been portably run through this tool, you are given the option to create an optimized package. Doing so will create a JauntePE configuration ini with hook sections appropriate to the run log and discovery data output for the application runs via the tool. This feature of JPE Quickie essentially automates the steps given in a following section outlining how to use the LogFuncs and Discovery output to create your own hook sections manually.

An important point to make is that JPE Quickie easily processes log and discovery data from multiple runs during the creation of the optimized package's hook-related section's lists. While using any of the other methods mentioned below require that each log or discovery file be processed individually. So you have a better chance of capturing an application's complete set of used hooked api functions with JPE Quickie.

Using JPE Discover to get an API Hooks list

The second way to get such a list is to set Redirection Discovery to 2, along with an optional Redirection DiscoveryPath to specify the path to the discovery file. This will have the JauntePE runtime create a discovery file at the end of the application's execution. This file may then be processed using the JPE Discover utility. Using JPE Discover you will be able to get a list of the used, hooked API functions that may then be pasted into your application's JauntePE configuration ini.

Using LogFuncs to get an API Hooks list

The third way to get such a list is to set both Redirection Logging and Redirection LogFuncs to 1, along with an optional Redirection LogPath to specify the path to the log file. This will have the JauntePE runtime output a "Used API Functions" table to the end of the log file at the end of the application's execution. The contents of this table looks something like the following:


	                              First     No. of    Total     Percent   Percent
	Hooked API                  Call (ms)   Calls    Time(ms)    Calls      Time 
	=============================================================================
	GetCurrentDirectoryA             120        2          0      0.06       0.00
	GetModuleFileNameA               140        1          0      0.03       0.00
	GetModuleFileNameW               120       42          1      1.32       0.26
	GetPrivateProfileIntA            130        6          0      0.18       0.00
	GetPrivateProfileStringA         140        1          0      0.03       0.00
	GetProfileIntA                   130        6          0      0.18       0.00
	LoadLibraryA                     120       23          0      0.72       0.00
	LoadLibraryExW                   130        4         16      0.12       4.21
	LoadLibraryW                     130        4          9      0.12       2.36
	RegCloseKey                      130      769         14     24.27       3.68
	RegCreateKeyExA                  130       14          0      0.44       0.00
	RegOpenKeyExA                    120      106          6      3.34       1.57
	RegOpenKeyExW                    140      886        153     27.96      40.26
	RegQueryValueExA                 120      103          3      3.25       0.78
	RegQueryValueExW                 140      570          8     17.99       2.10
	------------------------------------
	CreateFileA                    15902        3          0      0.09       0.00
	CreateFileW                     1832       45         64      1.42      16.84
	DuplicateHandle                 2343       23          0      0.72       0.00
	FindClose                       2713       37          0      1.16       0.00
	FindFirstFileA                 15942       25          2      0.78       0.52
	FindFirstFileExW                2713       12          6      0.37       1.57
	FindNextFileA                  15952       90          0      2.84       0.00
	FindNextFileW                   2804       17          0      0.53       0.00
	GetCurrentDirectoryW            2413        2          0      0.06       0.00
	GetFileAttributesA              1782        4          7      0.12       1.84
	GetFileAttributesW              2333       21          7      0.66       1.84
	GetPrivateProfileStringW        2343        6          1      0.18       0.26
	RegCreateKeyExW                 1892       22         30      0.69       7.89
	RegCreateKeyW                   1892        2          0      0.06       0.00
	RegDeleteValueA                10655        4          0      0.12       0.00
	RegEnumKeyExW                   1762       25          3      0.78       0.78
	RegEnumKeyW                     1762       25          3      0.78       0.78
	RegNotifyChangeKeyValue         1822       15          0      0.47       0.00
	RegOpenKeyA                     2763        5          0      0.15       0.00
	RegOpenKeyW                     1742       80         35      2.52       9.21
	RegOpenUserClassesRoot          1822        1          0      0.03       0.00
	RegQueryValueW                  1762       17          0      0.53       0.00
	RegSetValueExA                  2763       18          0      0.56       0.00
	RegSetValueExW                  1912       10          0      0.31       0.00
	SearchPathW                     2333       10          0      0.31       0.00
	SetCurrentDirectoryA            1652        6          0      0.18       0.00
	SetCurrentDirectoryW            3114        3          0      0.09       0.00
	SHGetFileInfoW                  2423        4          2      0.12       0.52
	SHGetFolderPathW                2343       70          0      2.20       0.00
	SHGetPathFromIDListW            2763        7          0      0.22       0.00
	SHGetSpecialFolderLocation      1962       22         10      0.69       2.63
	=============================================================================
	                                         3168        380

For application startup optimization, what you're interested in are the function names given in the Hooked API column that are listed above the "waiting for input" time line, which is marked in that table via the "------------------------------------" line. Along with a 1=* entry for the HookInitExclude list to exclude all other hooks, these are the names that you enter into the HookInitInclude list. If there is no "waiting for input" time line, then you should not use the HookInit... sections.

As an example, the above table's entries would be entered into the hook init sections as follows. The order is unimportant:

[HookInitExclude]
1=*

[HookInitInclude]
1=GetCurrentDirectoryA
2=GetModuleFileNameA
3=GetModuleFileNameW
4=GetPrivateProfileIntA
5=GetPrivateProfileStringA
6=GetProfileIntA
7=LoadLibraryA
81LoadLibraryExW
9=LoadLibraryW
10=RegCloseKey
11=RegCreateKeyExA
12=RegOpenKeyExA
13=RegOpenKeyExW
14=RegQueryValueExA
15=RegQueryValueExW

For overall optimization, what you're interested in are all of the function names given in the Hooked API column. Along with a 1=* entry for the HookExclude list to exclude all other hooks, these are the names that you enter into the HookInclude list.

The only other thing to consider is whether there are ANSI and Unicode versions of a particular API function. You find this out by looking up each API function name in the allowable registry and allowable file system lists given below. If you wish to portablize the application across 9x as well as NT-based versions of Windows, you need to make sure to list both the ANSI (...A) as well as the Unicode (...W) versions of an API function, if both exist.

As an example, the above table's entries would be entered into the hook sections as follows. The order is unimportant:

[HookExclude]
1=*

[HookInclude]
1=GetCurrentDirectoryA
2=GetCurrentDirectoryW
3=GetModuleFileNameA
4=GetModuleFileNameW
5=GetPrivateProfileIntA
6=GetPrivateProfileIntW
7=GetPrivateProfileStringA
8=GetPrivateProfileStringW
9=GetProfileIntA
10=GetProfileIntW
11=LoadLibraryA
12=LoadLibraryW
13=LoadLibraryExA
14=LoadLibraryExW
15=RegCloseKey
16=RegCreateKeyExA
17=RegCreateKeyExW
18=RegOpenKeyExA
19=RegOpenKeyExW
20=RegQueryValueExA
21=RegQueryValueExW
22=CreateFileA
23=CreateFileW
24=DuplicateHandle
25=FindClose
26=FindFirstFileA
27=FindFirstFileW
28=FindFirstFileExA
29=FindFirstFileExW
30=FindNextFileA
31=FindNextFileW
32=GetCurrentDirectoryA
33=GetCurrentDirectoryW
34=GetFileAttributesA
35=GetFileAttributesW
36=GetPrivateProfileStringA
37=GetPrivateProfileStringW
38=RegCreateKeyExA
39=RegCreateKeyExW
40=RegCreateKeyA
41=RegCreateKeyW
42=RegDeleteValueA
43=RegDeleteValueW
44=RegEnumKeyA
45=RegEnumKeyW
46=RegEnumKeyExA
47=RegEnumKeyExW
48=RegNotifyChangeKeyValue
49=RegOpenKeyA
50=RegOpenKeyW
51=RegOpenUserClassesRoot
52=RegQueryValueA
53=RegQueryValueW
54=RegSetValueExA
55=RegSetValueExW
56=SearchPathA
57=SearchPathW
58=SetCurrentDirectoryA
59=SetCurrentDirectoryW
60=SHGetFileInfoA
61=SHGetFileInfoW
62=SHGetFolderPathA
63=SHGetFolderPathW
64=SHGetPathFromIDListA
65=SHGetPathFromIDListW
66=SHGetSpecialFolderLocation

Using Discovery to get an API Hooks list

The fourth way to get such a list is to set Redirection Discovery to 2, along with an optional Redirection DiscoveryPath to specify the path to the discovery file. This will have the JauntePE runtime create a discovery file at the end of the application's execution.

Within the discovery file will be 3 sections that may then be used to populate a HookInclude section to minimize the overall hook usage of a portablized application. The sections of interest are RegFuncs, WFSFuncs, and PrcFuncs. All may be found near the top of the discovery file before the itemized api call list's first section.

The advantage of using the discovery vs the log output is that the discovery output will contain additional information which may be used for additional types of optimizations, such as module use related, registry key use related, and file system use related optimizations.


The [HookExclude] section

In this section you specify the API functions that you don't want to be hooked. There are two ways to do this. The first is to enter an ascending, consecutively numbered list of API functions that you don't want to be hooked. The second is to enter 1=* as the only entry, which tells JauntePE to exclude all API functions from being hooked. You then optionally enter a list of API functions that you do want to have hooked via the HookInclude section.


The [HookInclude] section

In this section you specify the API functions that you want to be hooked. You do this by entering an ascending, consecutively numbered list of API functions. Since all of the API functions are hooked by default, you only make use of this section when you have 1=* as the only entry in the HookExclude section.


The [HookInitExclude] section

In this section you specify the API functions that you don't want to be hooked during application startup. There are two ways to do this. The first is to enter an ascending, consecutively numbered list of API functions that you don't want to be hooked during application startup. The second is to enter 1=* as the only entry, which tells JauntePE to exclude all API functions from being hooked during application startup. You then optionally enter a list of API functions that you do want to have hooked via the HookInitInclude section.


The [HookInitInclude] section

In this section you specify the API functions that you want to be hooked during application startup. You do this by entering an ascending, consecutively numbered list of API functions. Since all of the API functions are hooked by default, you only make use of this section when you have 1=* as the only entry in the HookInitExclude section.


Allowable registry-related hook entries


Allowable file system-related hook entries


Allowable child process-related hook entries


Allowable MS Installer prevention-related hook entries