Comments on: A Windows 7 Launch Party Trick!

By: Windows’un sizi izlemekte kullandığı 5 yol! | Haber – Mekanı

Windows’un sizi izlemekte kullandığı 5 yol! | Haber – Mekanı — Tue, 15 Nov 2011 16:38:28 +0000

[...] çalıştırarak bu listeye ulaşmanız mümkündür. Aracın XP/Vista sürümünü bu adresten, Windows 7 sürümünü ise bu adresten [...]

By: Windows 7 – MFU (Most Frequent Used Programs) « Anything about IT

Windows 7 – MFU (Most Frequent Used Programs) « Anything about IT — Sat, 22 Oct 2011 00:21:09 +0000

[...] Hope you found this interesting. You can download the latest version of UserAssist from here [...]

By: 5 Ways to Track Windows Hidden Activities and Claim back User Privacy « ADITYACE

Tue, 18 Oct 2011 14:11:26 +0000

[...] of the tools available for this is called UserAssist, which need not be installed on the computer. After downloading and running, you can display more [...]

By: 5 Ways to Track Windows Hidden Activities and Claim back User Privacy

5 Ways to Track Windows Hidden Activities and Claim back User Privacy — Tue, 11 Oct 2011 05:32:44 +0000

[...] of the tools available for this is called UserAssist, which need not be installed on the computer. After downloading and running, you can display more [...]

By: Mark H.

Mark H. — Thu, 01 Sep 2011 17:50:59 +0000

Also, just in case you (I’m sure you already know) or anyone else that goes through this post cares. you can add this code to convert the guid to folder path. (x = original guid path string -example -> “{6D809377-6AF0-444B-8957-A3773F02200E}\Adobe\Photoshop.exe”)

Guid myguid = new Guid(x.Substring(1, 36));
IntPtr pPath;
string fullPath;

if (SHGetKnownFolderPath(myguid, 0, IntPtr.Zero, out pPath) == 0)
{
fullPath = System.Runtime.InteropServices.Marshal.PtrToStringUni(pPath) + x.Split(‘}’)[1];
System.Runtime.InteropServices.Marshal.FreeCoTaskMem(pPath);
}

By: Didier Stevens

Didier Stevens — Wed, 31 Aug 2011 18:19:55 +0000

@Mark UserAssist keys will only count programs started interactively by the user. I suggest you read my article about UserAssist in (IN)SECURE Magazine, take a look at my article list under Professional.

By: Dobbelina

Dobbelina — Wed, 31 Aug 2011 16:18:36 +0000

The “Focus time” (bytes 12-15) isn’t milliseconds for shortcuts (.Ink)
It’s counting the number of times the shortcut was executed.

By: Mark H.

Mark H. — Tue, 30 Aug 2011 19:39:24 +0000

@Didier -> Here’s a question that you may have the answer to: when running my program (C#) I use the command “System.Diagnostics.Process.Start(myprocess);”. When I run a program using this method, it doesn’t update the corresponding UserAssist key, (nor does it create a new key, not that it should). Is there a different method that I should be using to get it to update properly?

By: Didier Stevens

Didier Stevens — Mon, 29 Aug 2011 21:52:33 +0000

@Mark No problem, it’s public domain.

By: Mark H.

Mark H. — Mon, 29 Aug 2011 03:58:00 +0000

@Didier -> It’s all good. I was able to read through your post on “into the boxes” to make a “dirty coded” version of what I needed. Am I allowed to use your source or do I need to write my own? (my project will be a free, open-source project). Thanks again for all of your hard work and I love reading about your new alarm system!