Hi All,
I am attempting to retrieve USB Usage History using VB.NET. I am using VS 2012.
The following block of code lists this entry.
My code produces this output:
But when I export this registry entry to a text file, I get the following results:
I am trying to write some code to obtain USB Usage History. How can I obtain the Last Write Time for the sub keys listed? I believe that these would show me the times that the USB device was used.
Thanks for any help,
I am attempting to retrieve USB Usage History using VB.NET. I am using VS 2012.
The following block of code lists this entry.
Code:
Dim RegKey As RegistryKey = Registry.LocalMachine.OpenSubKey("SYSTEM\CurrentControlSet\Enum\USBSTOR\", False)
Dim str1 As String
For Each subKeyName As String In RegKey.GetSubKeyNames()
Dim tempKey As RegistryKey = RegKey.OpenSubKey(subKeyName)
Debug.Print("USBSTORE KEY: " & subKeyName & RegKey.GetValue(subKeyName, "").ToString())
Debug.Print(" -----------")
For Each NxtSubKeyName As String In tempKey.GetSubKeyNames()
Dim tempKey1 As RegistryKey = tempKey.OpenSubKey(NxtSubKeyName)
Debug.Print("USBSTOR SUBKEY: " & NxtSubKeyName.ToString() & " Value Count: " & tempKey1.ValueCount.ToString())
For Each valueName As String In tempKey1.GetValueNames()
Debug.Print(valueName & ": " & tempKey1.GetValue(valueName).ToString())
Next
Next
NextCode:
USBSTORE KEY: Disk&Ven_SanDisk&Prod_Cruzer&Rev_1100
-----------
USBSTOR SUBKEY: SDXX1005181106121551&0 Value Count: 12
DeviceDesc: @disk.inf,%disk_devdesc%;Disk drive
Capabilities: 16
HardwareID: System.String[]
CompatibleIDs: System.String[]
ContainerID: {2471d8a3-e22c-5a5e-8b09-f0bb7616119d}
ConfigFlags: 0
ClassGUID: {4d36e967-e325-11ce-bfc1-08002be10318}
Driver: {4d36e967-e325-11ce-bfc1-08002be10318}\0010
Class: DiskDrive
Mfg: @disk.inf,%genmanufacturer%;(Standard disk drives)
Service: disk
FriendlyName: SanDisk Cruzer USB DeviceI am trying to write some code to obtain USB Usage History. How can I obtain the Last Write Time for the sub keys listed? I believe that these would show me the times that the USB device was used.
Thanks for any help,
Code:
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_SanDisk&Prod_Cruzer&Rev_1100
Class Name: <NO CLASS>
Last Write Time: 1/17/2013 - 2:51 PM
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_SanDisk&Prod_Cruzer&Rev_1100\SDXX1005181106121551&0
Class Name: <NO CLASS>
Last Write Time: 1/17/2013 - 2:51 PM
Value 0
Name: DeviceDesc
Type: REG_SZ
Data: @disk.inf,%disk_devdesc%;Disk drive
Value 1
Name: Capabilities
Type: REG_DWORD
Data: 0x10
Value 2
Name: HardwareID
Type: REG_MULTI_SZ
Data: USBSTOR\DiskSanDisk_Cruzer__________1100
USBSTOR\DiskSanDisk_Cruzer__________
USBSTOR\DiskSanDisk_
USBSTOR\SanDisk_Cruzer__________1
SanDisk_Cruzer__________1
USBSTOR\GenDisk
GenDisk
Value 3
Name: CompatibleIDs
Type: REG_MULTI_SZ
Data: USBSTOR\Disk
USBSTOR\RAW
Value 4
Name: ContainerID
Type: REG_SZ
Data: {2471d8a3-e22c-5a5e-8b09-f0bb7616119d}
Value 5
Name: ConfigFlags
Type: REG_DWORD
Data: 0
Value 6
Name: ClassGUID
Type: REG_SZ
Data: {4d36e967-e325-11ce-bfc1-08002be10318}
Value 7
Name: Driver
Type: REG_SZ
Data: {4d36e967-e325-11ce-bfc1-08002be10318}\0010
Value 8
Name: Class
Type: REG_SZ
Data: DiskDrive
Value 9
Name: Mfg
Type: REG_SZ
Data: @disk.inf,%genmanufacturer%;(Standard disk drives)
Value 10
Name: Service
Type: REG_SZ
Data: disk
Value 11
Name: FriendlyName
Type: REG_SZ
Data: SanDisk Cruzer USB Device
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_SanDisk&Prod_Cruzer&Rev_1100\SDXX1005181106121551&0\Device Parameters
Class Name: <NO CLASS>
Last Write Time: 1/17/2013 - 2:51 PM
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_SanDisk&Prod_Cruzer&Rev_1100\SDXX1005181106121551&0\Device Parameters\MediaChangeNotification
Class Name: <NO CLASS>
Last Write Time: 9/5/2011 - 8:07 PM
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_SanDisk&Prod_Cruzer&Rev_1100\SDXX1005181106121551&0\Device Parameters\Partmgr
Class Name: <NO CLASS>
Last Write Time: 9/5/2011 - 8:07 PM
Value 0
Name: Attributes
Type: REG_DWORD
Data: 0
Value 1
Name: DiskId
Type: REG_SZ
Data: {00af4242-d76c-11e0-8169-0024e8e34876}
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USBSTOR\Disk&Ven_SanDisk&Prod_Cruzer&Rev_1100\SDXX1005181106121551&0\LogConf
Class Name: <NO CLASS>
Last Write Time: 1/17/2013 - 2:51 PM