Jump to content











Photo
- - - - -

Event Log Explorer


  • Please log in to reply
34 replies to this topic

#1 steelbone

steelbone

    Frequent Member

  • Advanced user
  • 126 posts
  •  
    Austria

Posted 02 February 2009 - 09:23 PM

Hi There, :cheers:

Please move to "System and Registry Tools" i don't have permissions there to create threads

File name: Event Log Explorer
Description:program for analysing offline NT/2000/XP/2003/Vista Logs
Build: latest Release downable over the Script
OS: NT/2000/XP/20003/Vista
Winbuilder: Tested with 077 RC2
Homepage: http://www.eventlogxp.com/
License: FREE personal license is available for personal non-commercial use.


With this Script u could analyse Windows Event logs of a offline crashed system (evt+evtx files)

the License u could obtain from: http://www.eventlogx...ee-personal.php

if obtained u have to input this key under the script Textbox "Serial Number". the script will do the rest (push to registry)
------------------------------------------------------------------------------------------------------------------------------------------------------------------
U could open the Eventlog files with File-Open Log File - Direct (then browse to the offline logs)

PS:Free License is valid for a half year. after the expiration, u can renew your free license

NEWS:
Version 4 (Final)
- for little more availability i integrated the Source encoded (so online download+offline version are available) in case of broken Connection Problems
- Availability Check of the Homapage - If not existing message will follow + Question with decision to use offline version or to exit script
- CheckBox for removing Languages



Version 3
- check if sources are available. if files not offline available a download will be made automaticly
- Gdiplus integrated
- Integrated "Order License" possibility + Weblink integration
- Regkeys cleaned up
- changed hardcoded paths


Version 2
- Download Source Possibility integrated
- the extraction of the Installer will be made automaticly over innounp.exe (the installer is an "inno setup")
- Info: innounp.exe will be copied to %Tools% and will remain there (may usefull for other scripts) B)
- RunFromRam or not, both are working well now

Please download latest Script:

My Script Website


Have fun

Regards Steel

#2 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 02 February 2009 - 10:54 PM

Thanks for the script, this is nice for forensics!

:cheers:

#3 billonious

billonious

    Silver Member

  • .script developer
  • 528 posts
  • Location:greezeland
  • Interests:curiosity

Posted 03 February 2009 - 08:54 PM

thank you for this useful app.
Since program asks for a license key, given for free for a six month time, could you add a textbox to type the license key prior to the built?

#4 steelbone

steelbone

    Frequent Member

  • Advanced user
  • 126 posts
  •  
    Austria

Posted 03 February 2009 - 09:54 PM

Hi there. i sent u an PM. in this script i had a texbox integrated ;(

#5 billonious

billonious

    Silver Member

  • .script developer
  • 528 posts
  • Location:greezeland
  • Interests:curiosity

Posted 03 February 2009 - 10:14 PM

as I replied with pm, I think I have myopia. textbox was in front my eyes but I didn't saw it.
But I insist, it asks for s/n
:cheers:

#6 steelbone

steelbone

    Frequent Member

  • Advanced user
  • 126 posts
  •  
    Austria

Posted 03 February 2009 - 10:41 PM

it asks for s/n?

very strange i tryed out right now with blank, and with my serial key.

blank = asking for s/n
with key= not asking me. free version was unlocked

could u please check out if u have the registry entry:

Software\EventLogXP\Event Log Explorer

String: RegData
Value: your SerialKey

Regards

Steel

#7 Lancelot

Lancelot

    Frequent Member

  • .script developer
  • 5013 posts
  • Location:Turkiye/Izmir
  • Interests:*Mechanical stuff and Physics,
    *LiveXP, BartPE, SherpyaXPE,
    *Basketball and Looong Walking,
    *Buying outwear for my girlf (Reason: Girls are stupid about buying bad stuff to make themselves uglier :))
    *Girls (Lyric: Girl,...., You will be a womann, Soon)
    *Answering questions for "Meaning of life",
    *Helping people,

    Kung with LiveXP, Fu with Peter :)
  •  
    Turkey

Posted 04 February 2009 - 01:35 AM

Thanks for the script :cheers:

#8 steelbone

steelbone

    Frequent Member

  • Advanced user
  • 126 posts
  •  
    Austria

Posted 18 July 2009 - 10:26 PM

Hi guys,

i updated my Event Log Script to Version 2.

News are posted in the main Thread

regards

Steel

#9 homes32

homes32

    Gold Member

  • .script developer
  • 1035 posts
  • Location:Minnesota
  •  
    United States

Posted 20 July 2009 - 09:14 PM

Hi guys,

i updated my Event Log Script to Version 2.

News are posted in the main Thread

regards

Steel


you should consider changing your script to download to %GlobalTemplates% instead of %ScriptDir%. we are trying to get away from cluttering up the project directories and provide cross-project access to the files.

thank you for the script. it is a useful program.

#10 Lancelot

Lancelot

    Frequent Member

  • .script developer
  • 5013 posts
  • Location:Turkiye/Izmir
  • Interests:*Mechanical stuff and Physics,
    *LiveXP, BartPE, SherpyaXPE,
    *Basketball and Looong Walking,
    *Buying outwear for my girlf (Reason: Girls are stupid about buying bad stuff to make themselves uglier :))
    *Girls (Lyric: Girl,...., You will be a womann, Soon)
    *Answering questions for "Meaning of life",
    *Helping people,

    Kung with LiveXP, Fu with Peter :)
  •  
    Turkey

Posted 20 July 2009 - 11:03 PM

very useful, from v1 it is in my archive :lol:

Continuing from homes32's recommendation an idea to download here (dont delete)
%GlobalTemplates%\Event_Log_Explorer_Files\Download
and extract here
%GlobalTemplates%\Event_Log_Explorer_Files\Extracted

and If the file redistributable I prefer having it packed ;).

Well after checking v2, I prefer continue using v1 .....

For everycase thanks a lot again for this useful script.

#11 homes32

homes32

    Gold Member

  • .script developer
  • 1035 posts
  • Location:Minnesota
  •  
    United States

Posted 21 July 2009 - 01:33 PM

very useful, from v1 it is in my archive ;)

Continuing from homes32's recommendation an idea to download here (dont delete)
%GlobalTemplates%\Event_Log_Explorer_Files\Download
and extract here
%GlobalTemplates%\Event_Log_Explorer_Files\Extracted

and If the file redistributable I prefer having it packed :lol:.

Well after checking v2, I prefer continue using v1 .....

For everycase thanks a lot again for this useful script.


personally I leave the downloaded zip/exe in %GlobalTempates% and extract directly to %ProgramDir%. that's me though.

#12 Lancelot

Lancelot

    Frequent Member

  • .script developer
  • 5013 posts
  • Location:Turkiye/Izmir
  • Interests:*Mechanical stuff and Physics,
    *LiveXP, BartPE, SherpyaXPE,
    *Basketball and Looong Walking,
    *Buying outwear for my girlf (Reason: Girls are stupid about buying bad stuff to make themselves uglier :))
    *Girls (Lyric: Girl,...., You will be a womann, Soon)
    *Answering questions for "Meaning of life",
    *Helping people,

    Kung with LiveXP, Fu with Peter :)
  •  
    Turkey

Posted 21 July 2009 - 01:35 PM

personally I leave the downloaded zip/exe in %GlobalTempates% and extract directly to %ProgramDir%. that's me though.

This is also a very good method ;) :lol:

#13 steelbone

steelbone

    Frequent Member

  • Advanced user
  • 126 posts
  •  
    Austria

Posted 21 July 2009 - 03:03 PM

Hi guys,

thx for your Feedbacks ;)

i changed now little bit again the script belongs to the hints from Lancelot+homes32


- Download is %GlobalTemplates%\Event_Log_Explorer_Files\Download
- Extract is %GlobalTemplates%\Event_Log_Explorer_Files\Extracted
- copyprogram will be from %GlobalTemplates%\Event_Log_Explorer_Files\Extracted
- no necessary files will be deleted from Download+extraced

my goal was to automaticly download + extract the "inno Installer Package" so to win little bit time :lol:

i hope now you like it more ;)

i would be glad if you guys test it again ;)

thx

Steel

#14 Lancelot

Lancelot

    Frequent Member

  • .script developer
  • 5013 posts
  • Location:Turkiye/Izmir
  • Interests:*Mechanical stuff and Physics,
    *LiveXP, BartPE, SherpyaXPE,
    *Basketball and Looong Walking,
    *Buying outwear for my girlf (Reason: Girls are stupid about buying bad stuff to make themselves uglier :))
    *Girls (Lyric: Girl,...., You will be a womann, Soon)
    *Answering questions for "Meaning of life",
    *Helping people,

    Kung with LiveXP, Fu with Peter :)
  •  
    Turkey

Posted 21 July 2009 - 05:00 PM

i would be glad if you guys test it again ;)


Hi steelbone,

test result: Failed
\Workbench\Common\Event_Log_Explorer\Extracted\ folder is empty
I leave this fix to you ;)

Here some advices/addings for your scripts:

**
starting with adding an icon to look more handsome :lol:
and contact info (contact= ) ** this is essential for others to find current topic to support your script
**
gdiplus added for livexp support
**
weblink written on interfarce
**
changed script name and title to be unique
**
pTextBox2="Serial Number"
fixed on interface
**
-->to make the script work good with first usage
If,%pCheckBox3%,Equal,False,If,NotExistFile,%GlobalTemplates%\%EventDownload%\elex.zip,Run,%ScriptFile%,Download
-->prevent script working further if download not succeed for a reason
If,NotExistFile,%GlobalTemplates%\%EventDownload%\elex.zip,Exit,"Event Log source not exists"
+another to download section
**
do not use dirmove to copy files (elex.exe)
**
do not use / or #
use // or ##
**
I feel
wb-default\Software\Microsoft\Windows
values are not needed on your script, i removed them (moved to [removed] section)

****
you must not use X:\Program Files\blabla (hardcoded paths) in your scripts
use %PE_Programs%\%ProgramFolder% ;)

exception for 0x1 values:
If the hardcoded path value is 0x1, try to use 0x2 and test if it is working
if 0x2 trick dont work than use RegAddBoot,... with 0x1 and use %PE_Programs%\%ProgramFolder%

exception registry extension:
even with 0x2 use RegAddBoot,.... for registring extension. example:
RegAddBoot,HKLM,0x2,"Software\Classes\Elex.Workspace\DefaultIcon",,"%PE_Programs%\%ProgramFolder%\elex.exe,0"

RegAddBoot,HKLM,0x2,"Software\Classes\Elex.Workspace\shell\open\command",,"#$q%PE_Programs%\%ProgramFolder%\elex.exe#$q #$q%1#$q"


here it is:
http://lancelot.winb...r_Steelbone.rar

Waiting your fixed v3 ;) ;)

#15 steelbone

steelbone

    Frequent Member

  • Advanced user
  • 126 posts
  •  
    Austria

Posted 21 July 2009 - 05:40 PM

Hi ;)

thx for all this hints. i know there are lots of "beauty" failures.:lol: ;(

so but few questions i have on that.

- do not use dirmove to copy files

in this case i had to move the files because during the extract procedure there will be 2 folders where the files are remaining.

{app} (ellback.exe,elex.chm,elex.exe,...)
{sys} (there is the gdiplus.dll)

so my mind was to have the file extracted into "Extraced" Folder, and as second Step the Preparation for the Copy Process. so sensless folders, files i tryed to delete

thx for all these hints, i will fix this soon ;)

Regards

Steel

#16 homes32

homes32

    Gold Member

  • .script developer
  • 1035 posts
  • Location:Minnesota
  •  
    United States

Posted 21 July 2009 - 06:58 PM

working fine in vistaPE. I agree with Lancelot, we should be able to enter a serial number in the interface and have a link to get a serial number if we don't have one already.

#17 steelbone

steelbone

    Frequent Member

  • Advanced user
  • 126 posts
  •  
    Austria

Posted 21 July 2009 - 07:50 PM

Hi there,

so i placed V3 with additional changes. thx to homes32+Lancelot :lol:

so i place a short screenshot

it's getting better and better *g*

Attached Thumbnails

  • EventLogExplorer.jpg


#18 Lancelot

Lancelot

    Frequent Member

  • .script developer
  • 5013 posts
  • Location:Turkiye/Izmir
  • Interests:*Mechanical stuff and Physics,
    *LiveXP, BartPE, SherpyaXPE,
    *Basketball and Looong Walking,
    *Buying outwear for my girlf (Reason: Girls are stupid about buying bad stuff to make themselves uglier :))
    *Girls (Lyric: Girl,...., You will be a womann, Soon)
    *Answering questions for "Meaning of life",
    *Helping people,

    Kung with LiveXP, Fu with Peter :)
  •  
    Turkey

Posted 21 July 2009 - 11:56 PM

Hi steelbone,

*

in this case i had to move the files

yep i understand you
*

- do not use dirmove to copy files

Dirmove is to copy folders, not files. Maybe your current usage may success with moving files but with future wb development it may cause an error resulting not moving files !! resulting a not working/uncompatible script.

instead of
DirMove,"%GlobalTemplates%\%EventExtract%\{app}\elback.exe","%GlobalTemplates%\%EventExtract%\"

better to use first FileCopy than FileDelete (ps, in your script case, filedelete not needed)

++Here is new modifications to v3 script:
**At last i find the reason of my failure with new script, innosetup line fixed ;)
**gdiplus not copying on second build fixed :lol:
*I used api with registry, tested with LiveXP working fine, It should be working fine with VistaPE too
*I change interface, another hint: Whenever possible, try to fit the default wb screen ;).
*using application version with script file name is not a good idea ;). Better on title or description (I prefer description)
*unique script name is important, this time I used SB instead of steelbone. (we have some same app scripts written at different time by different author, best way I find is adding script author's nickname and/or shortnickname to script)
*added startmenu box
*added some fixes mentioned on previous post


Here it is:
http://lancelot.winb...Explorer_SB.rar

Well this time nothing left steelbone, all on golden plate. After your experience on current script I feel we will have more scripts coming from you soon ;)

#19 steelbone

steelbone

    Frequent Member

  • Advanced user
  • 126 posts
  •  
    Austria

Posted 22 July 2009 - 08:58 AM

Hi there ;)

thanks for the Optimization Hints, i also changed little bit too:

- nothing would be deleted in %Extracted%, only in the %Target_Prog%\%Programfolder%
--------------------------------------------------------------------------------------------------------------



so i have litte Problems since the "Hive changes"

why should i use

Hive_Load,Default
instead of
RegHiveLoad,WB-Default,%RegDefault%


- it seems to be that the RegAddBoot do not working. after starting he's is asking for a license.
- now i have strange hive files in %BaseDir% which are remain also after finishing the winbuilder process. (attachment)

the hives in my last script works well with RegHiveLoad,WB-Default,%RegDefault% + without regaddboot.

any Hints on that?

so if not, i will change the hive entrys back like the last script.

thx again :lol:

Steel

Attached Thumbnails

  • Hive.jpg


#20 Lancelot

Lancelot

    Frequent Member

  • .script developer
  • 5013 posts
  • Location:Turkiye/Izmir
  • Interests:*Mechanical stuff and Physics,
    *LiveXP, BartPE, SherpyaXPE,
    *Basketball and Looong Walking,
    *Buying outwear for my girlf (Reason: Girls are stupid about buying bad stuff to make themselves uglier :))
    *Girls (Lyric: Girl,...., You will be a womann, Soon)
    *Answering questions for "Meaning of life",
    *Helping people,

    Kung with LiveXP, Fu with Peter :)
  •  
    Turkey

Posted 22 July 2009 - 01:11 PM

Hi steelbone

I made some fixes, here is the new modified script (hoping this time it is final :lol: )

http://lancelot.winb...Explorer_SB.rar

working nicely with LiveXP, I hope works with VistaPE too

ps:

the hives in my last script works well

not with livexp
I leave rest of your questions to homes32 ;)

#21 steelbone

steelbone

    Frequent Member

  • Advanced user
  • 126 posts
  •  
    Austria

Posted 24 July 2009 - 10:10 AM

So, Version 4 is out (Final)

Changes first Thread

Attached Thumbnails

  • Eventlog_WB_Interface.jpg


#22 dsolomon

dsolomon

    Frequent Member

  • Advanced user
  • 243 posts

Posted 10 September 2009 - 05:56 PM

im having an issue getting eventlog explorer to run properly.
anytime i try to look into my systems event logs, i click on Security, Applications, or System. and it gives me an error that says
"Could not connect to systems event log."

#23 steelbone

steelbone

    Frequent Member

  • Advanced user
  • 126 posts
  •  
    Austria

Posted 10 September 2009 - 07:37 PM

Hello,

right now you have to open the files directly.

windows <Vista/2008 (EVT Files) c:\windows\system32\config
Windows >XP/2003 (EVTX files) C:\windows\system32\winevt

Proceed as followed:

File-Open Log File - Direct

And then choose your Eventlog File depends on the OS.

i will have a look at the weekend for finding the correct path. primary for Vista

Regards

Steel

#24 Lancelot

Lancelot

    Frequent Member

  • .script developer
  • 5013 posts
  • Location:Turkiye/Izmir
  • Interests:*Mechanical stuff and Physics,
    *LiveXP, BartPE, SherpyaXPE,
    *Basketball and Looong Walking,
    *Buying outwear for my girlf (Reason: Girls are stupid about buying bad stuff to make themselves uglier :))
    *Girls (Lyric: Girl,...., You will be a womann, Soon)
    *Answering questions for "Meaning of life",
    *Helping people,

    Kung with LiveXP, Fu with Peter :)
  •  
    Turkey

Posted 10 September 2009 - 09:07 PM

Hi steelbone,
please check this at weekend too
see you ;)

#25 dsolomon

dsolomon

    Frequent Member

  • Advanced user
  • 243 posts

Posted 03 November 2010 - 04:27 PM

Problem with script :hyper:
im using WB 080 to build a livexp project.
screenie and log below
Posted Image
http://www.mediafire...emmxcqj6gksrqw6




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users