Page 4 of 4
Q C D
July 19 2017
This page contains links for the DSNTODAY system, a set of Windows
batch programs that show information on files that were changed today,etc:
. its' output can be used in a manual/programmable incremental backup/
syncing system by year/month/day (to clone drives);
. it can check the 3 (CWA) file timestamps (TODs) at once;
. it can show any recently-implanted executables to detect any malware,
AND has an external monitor which beeps when one is detected today
(.exe, .lnk, etc can be set);
. it can TRACK all/specified executables by extension regardless of TOD;
. it can show registry classes/subkeys changed today,etc IN DETAIL,
tho registry VALUES do not return a TOD, and so are not shown;
. it can extract 1 or ALL Windows EventLog records around a specified TOD;
. it can show your CPU% profile, providing a textual hardcopy;
. it can TRACK/count all the URLs sent to a DNS server (Win10 only);
this helps determine what Web sites have been accessed.
. it can show a history of all the completed programs/processes.
This system consists of the following items:
1. the .bat files (Windows Batch File) which also contains the
documentation; the main one says how to watch specific DIRectories,
use a specific date, the output produced, run-time options, and more.
The others are for sort, external monitor support, tools, etc.
2. the .exe files (Application; x86, MASM 32bit WINAPI)
which were tested on Windows 6, 7 and 8; 10 has return code issues.
3. the .log file (Text Document) which is just an empty .txt file and
is where the main .exe program writes the output.
4. the optional .cnt file (Text Document) which is just an empty .txt
file and is where the .exe program writes counts.
This system can be right-clicked and saved to a DIR,
then extracted to an accessable working DIR:
. Be aware of the 'launching applications and unsafe files' setting and
'running from an Unknown Publisher' possible pop-up warnings/failures.
Using cmd.exe works correctly, but the .zip file TODs change.
. To prevent those warnings AND preserve the .zip contents' file TODs,
I) under ADMIN, temporarily change the Registry BEFORE the download:
then download and save, change the Registry back (delete/rename) AND RE-BOOT
I) in explorer, r-click the .zip, properties/general, security (if shown);
click the Unblock box
Then: II) r-click the .zip and select Extract All
III) select the destination DIR and extract it there.
Then see @README.txt.
. To remove this system, merely delete the DIR that you extracted it to.
No OS modifications of any kind are made at any time during installation.
Once extracted, you can make a shortcut to the .BATs below on
your DeskTop, double-click the .BATs with Explorer, use cmd.exe,
make a WTS timer (below) to run them periodically/on-demand, etc.
. For the main DSNTODAY.BAT (run this first):
After a minute or so, the window will flash this: ... =0,CMSort=N/A ...
Open DSN(TODAY/SORTD).log with Explorer for your results.
You can remove the "rem" from the .BATs' "InvokeNOTEPAD=rem"
to place yourself in NOTEPAD immediately after it completes (non-WTS).
Using this, you can answer this question very easily:
what files were changed on my personal drive this year, most current first?
This gives you a timeline of your personal changes. You can then print the log.
For example, using NOTEPAD.exe to create/edit the following 2 files,
DSNTODAY.prm and DSNTODAY.tim, containing, respectively:
d: (2 characters - if, say, your personal drive is on drive letter D)
2016 (replace 4 blanks with 4 numbers - if this is the desired year)
then running this .BAT, creates the sorted file, which can be printed.
. For NOTIFY.BAT (external monitor):
This is designed to work with a WTS timer, but can be tested;
as delivered, it beeps each minute for apx 30min and then exits (see .BAT doc).
. For REGTODAY.BAT (show registry subkeys recently changed):
When complete, NOTEPAD is started to show the results.
. For APPEVTOD.BAT (extract EventLog records by TOD):
The current time is the default and it spans 5 minutes.
It dynamically searches ALL Applications logs and shows details.
. For CPUUSAGE.BAT (show your CPU% profile):
It runs for a minute. Open CPUUSAGE.log with Explorer for your hardcopy.
You can check CPU history of all machines connected to your machine
by merely using Explorer/NOTEPAD to open the file on each one
(if, say, this was added to each \STARTUP and so runs constantly).
No need to logon, start TaskMgr,etc on each to get this information.
A simple .BAT can invoke NOTEPAD to check them all at once, ie:
call notepad.exe \\machine\CPUUSAGE\CPUUSAGE.log
. For DNSTRACK.BAT (create DSNs of URLs sent to a DNS server):
This extracts DNS requests from the Windows EventLog, strips out
the desired records, then sorts it, eliminates the "duplicates",
and saves/counts them into 2 files. Use NOTEPAD.exe to see them.
It can also provide a chronological history of all DNS requests;
for example, you can easily see how 1 URL can blossom into dozens,
and whether or not any were blocked (say, via the HOSTS file).
This works best and is designed to run under WTS.
. For PIDHIST.BAT (show history of completed programs/processes):
This is a passive monitor, similar to PROCEXP, except with hardcopy.
Every second, it snaps all the running processes (PIDs) and compares it
to an internal table. Any processes that no longer exist are logged,
while any new processes are added to the internal table for later.
It is mainly used to know what programs ran when, along w/some add'l info.
If your CPU usage is high, this will show what was running at that time.
It runs "forever" unless manually stopped (Ctl-C/y,DSN) or terminated.
As CMSort.exe is NOT included within this .zip file, to sort the output
in the preferred order, it can be installed. It can be downloaded from here:
to sort the .log file in descending order by date and time to place the
most-recently updated files at the top. You can either just copy its' .exe
into the DIR you un-zipped to, or add its' DIR to PATHSET.BAT
(if, say, you are running WTS timers). Otherwise, DOS SORT is used.
performance load test
A snapshot of the old 16bit and 32bit systems "recursive-looping"
together, scanning the root drive. They are CPU-intense and run in about
5 seconds when buffered. They had debug=y for more I/O, and were
snapped when the 32bit ended (the CMSort had started) shown in GREY.
external monitor output
This shows a program being tested and debugged, from creation,
multiple changes, and then deletion. Each RED line has an associated beep.
Windows Task Scheduler (WTS) can run most AUTOMATICALLY and SILENTLY.
This is available AS-IS, with no warranty of any kind, explicit or implied.
Comments, suggestions, etc? Send an