代码如下:
'效率有点低,而且有限制,算是第一个版本吧,有些不好的地方还请多多指教啊
compareRegister "log1.reg","log2.reg"
'**************************************
'功能:采用wmi监听当前注册表是否有变动,如果有变动,导出变动后的注册表文件,然后比较导出前和导出后的文件的不同之处,并显示出现
'参数:filename1表示注册表监听前的文件名,filename2表示注册表修改变动后的文件名
'返回值:无
'**************************************
Function compareRegister(filename1,filename2)
wbemFlagReturnImmediately = 16
wbemFlagForwardOnly = 32
IFlags = wbemFlagReturnImmediately + wbemFlagForwardOnly
result=""
Set wmiServices = GetObject("winmgmts:root/default")
Set dtmCreateTime = CreateObject("WbemScripting.SWbemDateTime")
Set ws=WScript.CreateObject ("wscript.shell")
Set colRegChanges = wmiServices.ExecNotificationQuery _
("SELECT * FROM RegistryTreeChangeEvent " _
& "WHERE Hive='HKEY_LOCAL_MACHINE' AND RootPath=''",, IFlags)
ws.Run "regedit -e "&filename1,0,True '修改前的,导出注册表文件
ws.Popup "已经导出操作前注册表为REG文件....",2
Do While (True)
Set TreeChange = colRegChanges.NextEvent
ws.Run "regedit -e "&filename2,0,True '修改后的,导出注册表文件
ws.Popup "已经导出了修改后注册表为REG文件。。。",2
'Time_Created property is 64-bit and
' must be converted into CIM_DateTime format
dtmCreateTime.SetFileTime TreeChange.Time_Created, false
'Convert to VT_DATE format using GetVarDate
' for printing to screen
WScript.Echo "注册表变动时间 = " & dtmCreateTime.GetVarDate() _
& VBNewLine _
& "主键根目录 = " & TreeChange.Hive & VBNewLine _
& "子目录名称 = "& TreeChange.RootPath &vbNewLine _
& "创建时间为:"&treechange.time_created &vbNewLine _
& "描述:"&treechange.security_descriptor&vbNewLine _
compareDif filename1,filename2 '比较注册表前后的两个文件的内容变化
Loop
end Function
'compareDif "d:\test1.txt","d:\test2.txt"
''**************************************
'功能:比较两个文件,显示文件中不同的地方,前提是:filename2的行数一定要大于filename的行数
'参数:filename1表示注册表监听前的文件名,filename2表示注册表修改变动后的文件名
'返回值:无
'**************************************
Function compareDif(filename1,filename2)
On Error Resume Next
msg=""
Const ForReading = 1, ForWriting = 2, ForAppending = 8
Const TristateUseDefault = -2, TristateTrue = -1, TristateFalse = 0
Set fso=CreateObject("scripting.filesystemobject")
Set readfile1=fso.GetFile(filename1)
Set readfile2=fso.GetFile(filename2)
Set ts1=readfile1.OpenAsTextStream(ForReading,TristateUseDefault)
Set ts2=readfile2.OpenAsTextStream(ForReading,TristateUseDefault)
If Not ts1.AtEndOfStream then
beforereg=Split(ts1.ReadAll,vbCrLf)
End If
If Not ts2.AtEndOfStream then
afterreg=Split(ts2.ReadAll,vbCrLf)
End If
' ws.Popup "正在进行比较注册表,不要关闭请稍等。。。。",5
For i=0 To UBound(afterreg)-1
If afterreg(i)<>beforereg(i) Then
msg=msg&"--------------------------------------------"&vbCrLf&"操作前注册表:"&beforereg(i-1)&vbcrlf&beforereg(i)&vbcrlf&"操作后注册表:"&afterreg(i-1)&vbcrlf&afterreg(i)&vbcrlf
End if
next
MsgBox msg
Set ts2=nothing
Set ts1=Nothing
Set readfile2=Nothing
Set readfile1=Nothing
Set fso=Nothing
End Function
以上代码测试可用,可参考。
本文转自hcy's workbench博客园博客,原文链接:http://www.cnblogs.com/alterhu/archive/2012/04/08/2437837.html
,如需转载请自行联系原作者。