{"id":9547,"date":"2024-10-19T21:09:47","date_gmt":"2024-10-19T21:09:47","guid":{"rendered":"https:\/\/www.hexacorn.com\/blog\/?p=9547"},"modified":"2024-10-19T21:09:47","modified_gmt":"2024-10-19T21:09:47","slug":"advpack-dll-and-ieadvpack-dll-logging-capability","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2024\/10\/19\/advpack-dll-and-ieadvpack-dll-logging-capability\/","title":{"rendered":"advpack.dll and IEAdvpack.dll logging capability"},"content":{"rendered":"\n<p>There is a very old hack out there that enables logging for the <em>advpack.dll<\/em> and <em>IEAdvpack.dll<\/em> DLLs. Many of their functions include the logging, so enabling this may help to pick up some old-school forensic logs. Of course, the value of it today is superlow, but it&#8217;s an interesting feature nevertheless, and in a way similar to <a href=\"https:\/\/www.hexacorn.com\/blog\/2016\/12\/15\/supporting-dynamic-malware-analysis-with-winhttp-library-debug-logs-tracing\/\">WinHTTP logging<\/a> I covered in the past. <\/p>\n\n\n\n<p>To enable this feature we simply add this Registry entry:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">HKLM\\SOFTWARE\\Microsoft\\Advanced INF Setup<br>AdvpackLogFile=c:\\test\\log.txt<\/pre>\n\n\n\n<p>To test it, we can run these 2 commands:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">rundll32.exe advpack.dll,RegisterOCX calc.exe \nrundll32.exe IEAdvpack.dll,RegisterOCX calc.exe<\/pre>\n\n\n\n<p>The results will look as follows:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.hexacorn.com\/blog\/wp-content\/uploads\/2024\/10\/advpack_log.png\"><img decoding=\"async\" loading=\"lazy\" width=\"716\" height=\"670\" src=\"https:\/\/www.hexacorn.com\/blog\/wp-content\/uploads\/2024\/10\/advpack_log.png\" alt=\"\" class=\"wp-image-9548\" srcset=\"https:\/\/www.hexacorn.com\/blog\/wp-content\/uploads\/2024\/10\/advpack_log.png 716w, https:\/\/www.hexacorn.com\/blog\/wp-content\/uploads\/2024\/10\/advpack_log-300x281.png 300w, https:\/\/www.hexacorn.com\/blog\/wp-content\/uploads\/2024\/10\/advpack_log-321x300.png 321w\" sizes=\"(max-width: 716px) 100vw, 716px\" \/><\/a><\/figure>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>There is a very old hack out there that enables logging for the advpack.dll and IEAdvpack.dll DLLs. Many of their functions include the logging, so enabling this may help to pick up some old-school forensic logs. Of course, the value &hellip; <a href=\"https:\/\/www.hexacorn.com\/blog\/2024\/10\/19\/advpack-dll-and-ieadvpack-dll-logging-capability\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[53,19],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/9547"}],"collection":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/comments?post=9547"}],"version-history":[{"count":1,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/9547\/revisions"}],"predecessor-version":[{"id":9549,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/9547\/revisions\/9549"}],"wp:attachment":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/media?parent=9547"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/categories?post=9547"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/tags?post=9547"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}