Glenn9999

And don't forget the problem of removed files. That's why most software usually doesn't store/cache MD5. Because there isn't any guarantee that the directory scanned won't have all the files in the MD5 list or that they aren't changed (and need the MD5 recalculated). I don't know if the "file monitoring" examples do this or not. Besides that, MD5 is pretty computational/time intensive on multiple files or large files (I'm finding that out first-hand), so it doesn't work too well in a real-time situation. That said, you might find CDCheck interesting, though it might not fit what you are interested in.

In a way this is indeed true. I found a dependency issue between it and the other dotnets (specifically 3 or 3.5 I think). I found problems (I don't think blue screens, but lockups and the like) when I tried to remove dotnet4. To fix what I had, I ended up having to wipe all dotnet versions (using the DotNet Cleanup Tool) and reinstall sequentially (1.1 then 2.0/3.5, then 4), and then apply all the dotnet updates from there. I don't know if that helps, but probably worth trying. You can download the .NET cleanup tool here: http://blogs.msdn.com/b/astebner/archive/2006/05/30/611355.aspx

Sorry, I know you mean well, but part of this is me doing the coding to learn about Microsoft/Windows Update and what kind of information you can get out of it. Besides, I have most of a tool kit written to do just about anything that I could see as legitimate and reasonable in studying WUAPI. To that end, I answered most all of these questions well so far (and have working code) except #4 and #5, and I'm not sure that can be done since it seems a very limited amount of information is available in cross-referencing patches to other patches. #5 can't be done evidently at all since Microsoft crippled Windows Update to not allow queries against other operating systems and products than what is on the user machine (kinda bad if you want to download updates for your XP VM within Windows 7). Current answers to the questions I posted in Post #1 of this thread. 1) As I said I have a program doing this, though it's slower than dogmeat. I may have to just crack the file and process the XML to get reasonable performance. 2) This is the patch downloader I reference in my status lines and posted for those that might want to try it (and answer me if it works on Vista and 7 right). I have it working on XP and it worked wonderfully the last two Patch Tuesdays but need to get it polished before I wide-release it. 3) I got this question mostly answered. Installed+Uninstalled returns a static patch list which seemed to be what was needed to bring the XP system I tested this on fully up to date. It doesn't return all the updates that WU would complain about on a virgin SP3 system. But this seems to work for a baseline if one wanted it, since I have noticed the older patches roll off the Installed+Uninstalled list. 4) I notice a LIMITED amount of information on superseded patches, the problem I haven't really been able to explore yet is how to take this information (update GUID) the rare times its presented and back-track it to Update KBs and file names. Since people could rename files, a downloaded update manager would have to keep track of what file names belong to what KB#. This would benefit by being able to dump the patch list, but there doesn't seem to be any way to do this other than process the XML. 5) Again Microsoft seems to cripple WU this way, so cracking the XML would be a requirement again. Probably won't, since what I have in #2 and #3 seem to work for mine and probably most others with similar needs to mine general need without a non-standardized update file that requires human intervention. Thanks for the suggestion.

Actually, that's XP SP3 since service pack 2 was discontinued for updates and most of the newer patches will not run on SP2 anymore. A great many things require WGA (892130) as well, which means you will be doing without an awful lot. This seems to suit you, so I won't say any more on this. The attitude that you have chosen to take pretty much necessitates that. Which is only by luck and not anything you have done, assuming it hasn't already happened to you and you don't realize it. In this day and age, getting hit by a virus or malware is not a matter of if, but when, if you are connected to the Internet.

A lot depends on the code you are writing (script or program) and what you are doing with that code. If you are doing other things with system restore, the easiest is to check for the error ERROR_SERVICE_DISABLED on your first call to one of the SRCLIENT.DLL routines. Otherwise, you can check for the status of the System Restore Service (srservice), and return an error if the service is not started, since this is how system restore works. For WMI, you can interrogate Win32_Service (http://msdn.microsoft.com/en-us/library/aa394418%28v=vs.85%29.aspx). For regular Win32 API, you can use QueryServiceConfig of the windows service API (http://msdn.microsoft.com/en-us/library/ms685942%28v=VS.85%29.aspx).

Gave me a good excuse to test a couple of things. Here's what I got when I downloaded it. File Size: 1,789,542,400 bytes CRC32 Hash: 9008BC2A MD5 Hash: 1E73B24A89ECEAB9D50585B92DB5482F SHA1 Hash: 793F4CC4741EBAD223938BE0EEEE708EDA968DAA

Microsoft Update Catalog

I've been using 32x32 in my programs for system tray icons and have no problems. Actually, though, I've been using icons with the value of GetSystemMetrics(SM_CXICON)xGetSystemMetrics(SM_CYICON). I just tested and on ME and XP both it equates to 32x32. Coincidentally, this is the only dimension that works with the LoadIcon function, so it definitely works. Windows might be scaling the icons down, though. I never really measured it or found anything explicitly stating what the system notification area uses. 32x32 works though, anyhow.

Usually the notification area only allows icons of a certain size to display (32x32). There may be ways in newer OSes to change that, but in 98 I've never encountered anything that changes this behavior. Seems to be a hard-wired default.

Feel free to try this: As well there are a number of scripts out there which do pretty much the same thing.

Firefox 3.6.12 Yes

When I try to login from the main forum page, it says "[#10193] We encountered a problem processing your login request. Please try again." has a link that says "click here to login again", and then I can login successfully from that.

Yeah, they edit/change pages to remove references to software they don't support anymore (you see this on the API references all the time). But that doesn't necessarily mean it won't work on the older Windows. 815062 works on ME (I patched a few ME installs for about a year or two in sequence using 815062 and either batch scripts or Batch Patcher) so it should work on 95/98 too. I know this works on ME, but I think 95/98 patches were similar. There's 2 or 3 more patch types, but I don't think they were ever relevant to 95/98/ME (except for .NET 1.1 if 95/98 ever supported that). Patch Type #1 - WEXTRACT http://support.microsoft.com/kb/197147/ /q Specifies quiet mode, or suppresses prompts. /q:u Specifies user-quiet mode, which presents some dialog boxes to the user. /q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user. /t:path Specifies the target folder for extracting files. /c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder. /c:path Specifies the UNC path and name of the Setup .inf or .exe file. /r:n Never restarts the computer after installation. /r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a. /r:a Always restarts the computer after installation. /r:s Restarts the computer after installation without prompting the user. /n:v No version checking - Install the package over any previous version. You usually want /q:a /r:n if you are installing multiple patches. Of course it depends on the patch (there was one in ME that had a wierd command-line that I'm thinking of).

I don't know how many are interested (still or at all), but since I made the status update... There's a query language that's associated with running a Windows Update search. You can have it use certain strings to have it bring back desires. What I said was that this query language doesn't support using OR as anything other than a top-level operator. For example, if I want updates that are not hidden and updates that are not installed, I use IsHidden=0 and IsInstalled=0 Now if I want it to just bring back all relevant updates that are not hidden, I can try IsHidden=0 and (IsInstalled=0 or IsInstalled=1) which is what works with most languages. The problem in this application, though, is that OR is only supported in the place the AND is and this query does not work. So I have to do something like: (IsHidden=0 and IsInstalled=0) or (IsHidden=0 and IsInstalled=1) This is a simple example, but if you add in a number of other possible supported flags and options with the view of making a query writer, the queries get long and confusing fast.

Actually there is the issue of whether the latest version of files are placed onto the system if multiple patches are installed. In that sense, the file associated with Microsoft KB815062 is needed to resolve this. Also, certain switches are required to automate patch installs (make them not show UI, not restart, and so on). These vary depending on the patch in question, but a number of them are very similar. If you want to know the list, I would have to pull out my data on them, but I can provide that if you want. Also if it helps, you can try Batch Patcher 1.03, which automates a lot of the task of installing multiple updates. Generally, outside of the use of 815062, updates are sequential. Generally yes. Microsoft always has exceptions, but most (99.99%) of the patches work properly if you install multiple ones at once and then reboot as opposed to installing them individually and rebooting after each one.

I decided to go ahead and put the update downloader from my original post point #2 online anyway. It's a test version, as the opening screen says. It works for me on Windows XP, and I'm not seeing any reason it shouldn't work elsewhere. If this seems useful to someone and it does work on other stuff that uses the Windows Update Agent, I can try to polish it up some more for general use. (a little newer version, if anyone is interested in trying it out, by all means. Please let me know how well it works out.) (pulled, working on a third alpha revision) Description: This program uses the online Windows Update facility to discover either installed or not installed patches on the system it is running on. Then it gives you the option to select and download those patches (EXE and hopefully MSU) to a specific directory. Notes: 1) Windows Update sometimes packages multiple files in one patch listing. I wouldn't be surprised if you found no files at all in some cases. 2) The download part takes a SHA-1 hash of the file it downloads, and then compares it to the corresponding string on the EXE. You will see an error message if this doesn't match up. 3) Again, since it's test software, don't be surprised if you find problems that I didn't find in my testing. HTH.

I got around to writing something to analyze/list patch history on a computer and found some main update ids that were on superseded id lists on my Windows Update list. So I'm thinking this is a possibility and I'll have to analyze the data to see how useful it is. That's the odd thing I'm finding in listing everything to do with an update - some of the fields aren't even hardly used. I'm thinking from looking at my source closely this is probably going to end up a garden-variety bug. I changed/fixed it and am going to get to try it tomorrow. Hopefully it will work. One more question from analyzing data that I didn't get a clear answer on from Google: From analyzing the data I got back, I found links to files with a PSF extension. I figure the CAB is something for the Windows Update Engine installer. I found references to WSUS when it came to the PSF extension, and when I looked at the file it seemed to be a binary file format, but didn't find much else. Is it only useful for that, and something that WSUS automatically pulls in? I know with most that frequent this site (myself included), the EXE is the only interesting file link, but I'm just wondering if the others present interesting downloads or not. Update ID: 611b36f3-ad07-4872-bb34-c51b338e70c8 Title: Security Update for Windows XP (KB2279986) Min Download Size: 270102 Download Size: 652160 File URLs: 0: http://download.windowsupdate.com/msdownload/update/software/secu/2010/09/windowsxp-kb2279986-x86-enu_94a7af17907c0ed6ef08abaa0bf41228ef0b3aff.exe 1: http://download.windowsupdate.com/msdownload/update/software/secu/2010/09/windowsxp-kb2279986-x86-express-enu_8d00c48e6be6a5553bd3da012430b8272f577543.cab 2: http://download.windowsupdate.com/msdownload/update/software/secu/2010/09/windowsxp-kb2279986-x86-enu_c84b7e12a38c944906802bd8892158efe4fb280a.psf This has definitely been an interesting project so far.

Actually what I've been doing is accessing Windows Update using the WUA API, and I can get any kind of data that I find documented. The problem is more what to do with some of the data after I get it to perform some useful things that seem to have not been done. That's really the problem - what does the data represent or how does the data change when a new patch occurs? Most of it is pretty straight forward, but there are a few that are pretty nebulous on inspection that Microsoft doesn't explain. I'm sure much will be answered for me regarding this post when I analyze the data I get back on a Patch Tuesday. Of course the big issue I haven't figured out is how to scan for patches for a system that is not currently running (eg. scanning for "Windows XP" patches while on a Windows 7 system, or for "es" patches on an "en" system). I'm sure there has to be some way, though, since the data is there in the offline scanner file and WSUS Offline processes the XML in that CAB file. I'm not sure regarding how the data changes between the systems, though. I did get to try my update downloader (which works fully on XP) on a Windows 7 system and it ended up not working for some reason on Windows 7 patches. Meanwhile it did work when I downloaded the latest (Oct 2010) MSRT tool. This is one reason I haven't put it up for people to try - I'd like to know that it works on Vista and 7 and haven't gotten the development time yet to find out why it didn't work when I tried it.

One thing I've been preoccupied with lately is figuring out Microsoft Update. Specifically (more or less), the following: 1) Can I automate and detect things offline? I got that done easily enough (WSUSSCN2.CAB). Don't know if you can script it, but I got a program written doing it. 2) Can I scan the service and then get URLs to download EXEs (and presumably MSU/MSI)? I think I got that one addressed (I wrote something, want to wait a Patch Tuesday or two to test it). This was my "neat little idea" in the statuses. Now to stuff I'm not so sure about (and people have been somewhat unwilling to answer such questions on Microsoft's forums), but hopefully someone has some experience. 3) Can I get a list of all the patches required to fully patch a system from the ground up (e.g. make a patch list like what's in some of the forums here)? I'm thinking if you poll "IsInstalled=0" or "IsInstalled=1" along with both hidden and unhidden updates, that will work. The thing I'm unsure about is if you install a patch that supersedes something else, whether the old patch will roll off of this list or not. 4) Can I identify what the superseded patches themselves are? And with a little history can I map that to files on a drive/directory and identify files that can be safely deleted in a patch set? This is probably the most interesting set of data I'm finding in studying Microsoft/Windows Update - probably because I'm unsure of what to do with the data after getting it. I notice each patch seems to be tagged with an update id which you can obtain and later query in a WU search. I also notice that some patches come with a superseded update id list. I'm thinking one could hold onto these values in a file and then walk the superseded ids backward and come up with the old patch KBs. I might have to try it when the next Patch Tuesday rolls around if no one knows for sure... I didn't find any superseded ids in the original update id list, so I'm thinking this might hold the answer to #3. 5) And the big question I'm not sure is going to be possible: Can I scan for an OS and language that is not what I'm on? Probably not possible? I did figure out that I can scan for certain category ids and only get certain things back, but I don't know if that could be used? I know WSUS Offline does it by downloading WSUSSCN2.CAB, extracting it, and processing the XML, but I'm wondering if there can be a little more elegant way... Anyway, thanks for reading this if you got this far. I know this comes off more as a blog post than anything else in parts, but thought someone might have some experience to provide some helpful comments or suggestions.

Sometimes, it helps to be able to have the data for analysis or for automation, though. The script (and other means) can be useful for that.

I got to see this with Windows 7 yesterday. My "interesting idea" seems to work on Windows 7, but with a small caveat. Still haven't found a good answer to this one. Also with Windows 7, I found files with names like X86-all-mpsyschk_b48849770fd1110c15fcc48eb2ea96f58c75f0d8.exe bundled with the .MSU files. So what do these do?

QFR for those that don't know: http://en.wikipedia.org/wiki/HTTP_404 Because .PL is the default extension for a Perl Script, and the browser is attempting to handle the document as a perl script and not a file. From what you discovered, it appears obvious that there is a bug in the URL parsing/handling algorithm either in the web browser or even more likely something wrong with your web server software in how it processes URLs. Hope this helps. Sounds like the fix is going to be to use some other naming scheme for that file.

And another question about something I see that I didn't find a clear answer here or on Google when I searched: I keep running into files in my patch downloads with the phrase 'msipatchregfix' in the names... what do these do? For example, out of one of my URL lists: msipatchregfix-x86_9d8e583e06ff2d6d90ac813ae04920f48649535d.exe

And before that, didn't he describe a kludge of some kind to put ClearType into 98/ME using one of Microsoft's products? Couldn't that be repeated on 2000? Edit: Yes, Microsoft Reader. As I recall, though, there's more to it than just putting that program on there, but the information got edited away. Here's reference to the original page

Okay so this is why updates to Microsoft Visual C++ runtimes showed up on one computer I tested this on, and Windows Search 4.0 did not show up (offline scan, online scan showed it) on another computer I tested on? So offline scan shows updates to any INSTALLED software which would be considered problematic, only security wise? I got the chance to revisit this...I still have the above question unanswered. Then: 1) What does the offline scan tend to show? Just Windows, or Office/anything else, but just critical security updates? 2) What about other stuff? I really don't get to see what Office looks like on Windows/Microsoft Update, and I don't get to see other operating systems (Vista/Seven). Is there any page that illustrates well the expected behavior out of the site? I got an interesting idea just now, but I want to make sure it can be workable before I try it.