advpack.dll and IEAdvpack.dll logging capability
2024-10-20 05:9:47 Author: www.hexacorn.com(查看原文) 阅读量:10 收藏

There is a very old hack out there that enables logging for the advpack.dll and IEAdvpack.dll DLLs. Many of their functions include the logging, so enabling this may help to pick up some old-school forensic logs. Of course, the value of it today is superlow, but it’s an interesting feature nevertheless, and in a way similar to WinHTTP logging I covered in the past.

To enable this feature we simply add this Registry entry:

HKLM\SOFTWARE\Microsoft\Advanced INF Setup
AdvpackLogFile=c:\test\log.txt

To test it, we can run these 2 commands:

rundll32.exe advpack.dll,RegisterOCX calc.exe 
rundll32.exe IEAdvpack.dll,RegisterOCX calc.exe

The results will look as follows:


文章来源: https://www.hexacorn.com/blog/2024/10/19/advpack-dll-and-ieadvpack-dll-logging-capability/
如有侵权请联系:admin#unsafe.sh