代码如下:
'效率有点低,而且有限制,算是第一个版本吧,有些不好的地方还请多多指教啊 compareRegister "log1.reg","log2.reg" '************************************** '功能:采用wmi监听当前注册表是否有变动,如果有变动,导出变动后的注册表文件,然后比较导出前和导出后的文件的不同之处,并显示出现 '参数:filename1表示注册表监听前的文件名,filename2表示注册表修改变动后的文件名 '返回值:无 '************************************** Function compareRegister(filename1,filename2) wbemFlagReturnImmediately = 16 wbemFlagForwardOnly = 32 IFlags = wbemFlagReturnImmediately + wbemFlagForwardOnly result="" Set wmiServices = GetObject("winmgmts:root/default") Set dtmCreateTime = CreateObject("WbemScripting.SWbemDateTime") Set ws=WScript.CreateObject ("wscript.shell") Set colRegChanges = wmiServices.ExecNotificationQuery _ ("SELECT * FROM RegistryTreeChangeEvent " _ & "WHERE Hive='HKEY_LOCAL_MACHINE' AND RootPath=''",, IFlags) ws.Run "regedit -e "&filename1,0,True '修改前的,导出注册表文件 ws.Popup "已经导出操作前注册表为REG文件....",2 Do While (True) Set TreeChange = colRegChanges.NextEvent ws.Run "regedit -e "&filename2,0,True '修改后的,导出注册表文件 ws.Popup "已经导出了修改后注册表为REG文件。。。",2 'Time_Created property is 64-bit and ' must be converted into CIM_DateTime format dtmCreateTime.SetFileTime TreeChange.Time_Created, false 'Convert to VT_DATE format using GetVarDate ' for printing to screen WScript.Echo "注册表变动时间 = " & dtmCreateTime.GetVarDate() _ & VBNewLine _ & "主键根目录 = " & TreeChange.Hive & VBNewLine _ & "子目录名称 = "& TreeChange.RootPath &vbNewLine _ & "创建时间为:"&treechange.time_created &vbNewLine _ & "描述:"&treechange.security_descriptor&vbNewLine _ compareDif filename1,filename2 '比较注册表前后的两个文件的内容变化 Loop end Function 'compareDif "d:\test1.txt","d:\test2.txt" ''************************************** '功能:比较两个文件,显示文件中不同的地方,前提是:filename2的行数一定要大于filename的行数 '参数:filename1表示注册表监听前的文件名,filename2表示注册表修改变动后的文件名 '返回值:无 '************************************** Function compareDif(filename1,filename2) On Error Resume Next msg="" Const ForReading = 1, ForWriting = 2, ForAppending = 8 Const TristateUseDefault = -2, TristateTrue = -1, TristateFalse = 0 Set fso=CreateObject("scripting.filesystemobject") Set readfile1=fso.GetFile(filename1) Set readfile2=fso.GetFile(filename2) Set ts1=readfile1.OpenAsTextStream(ForReading,TristateUseDefault) Set ts2=readfile2.OpenAsTextStream(ForReading,TristateUseDefault) If Not ts1.AtEndOfStream then beforereg=Split(ts1.ReadAll,vbCrLf) End If If Not ts2.AtEndOfStream then afterreg=Split(ts2.ReadAll,vbCrLf) End If ' ws.Popup "正在进行比较注册表,不要关闭请稍等。。。。",5 For i=0 To UBound(afterreg)-1 If afterreg(i)<>beforereg(i) Then msg=msg&"--------------------------------------------"&vbCrLf&"操作前注册表:"&beforereg(i-1)&vbcrlf&beforereg(i)&vbcrlf&"操作后注册表:"&afterreg(i-1)&vbcrlf&afterreg(i)&vbcrlf End if next MsgBox msg Set ts2=nothing Set ts1=Nothing Set readfile2=Nothing Set readfile1=Nothing Set fso=Nothing End Function
以上代码测试可用,可参考。