There is a very old hack out there that enables logging for the advpack.dll and IEAdvpack.dll DLLs. Many of their functions include the logging, so enabling this may help to pick up some old-school forensic logs. Of course, the value of it today is superlow, but it’s an interesting feature nevertheless, and in a way similar to WinHTTP logging I covered in the past.

To enable this feature we simply add this Registry entry:

HKLM\SOFTWARE\Microsoft\Advanced INF Setup
AdvpackLogFile=c:\test\log.txt

To test it, we can run these 2 commands:

rundll32.exe advpack.dll,RegisterOCX calc.exe 
rundll32.exe IEAdvpack.dll,RegisterOCX calc.exe

The results will look as follows: