Once those filtered lines appear, you can stop capture: CTRL+E. If you save the log, you only get those filtered events!
And again, I just want to know the path in those RegSetVvalue operations!!!
Oh and that Process Monitor is up to 40 million events now, and I hope its not filling my whole HD up with a log somewhere! I think I'd better stop it till I hear back from you, because of that concern.Thanks! well OK... I installed and ran it (the 64 bit version), and set the two filters you described. I started it at 6:20PM (EST). Before I could get to testing that FTP shortcut, it listed 16 items from the Explorer.exe process with Operation=RegSetValue, and I noticed that in the status area of the Process Monitor app, was saying...
Showing 16 of 9,134,867 event (0.00016%)
Those 16 events were all with the Explorer.EXE "process name", and timestamped starting at 6:20 (the time I began running the program), and these were all indeed RegSetValue operations, with BAGs in the path. The event count was continuing to increase, and the % shown was slowly decreasing. I don't know what this means since I'm not running anything yet. As I type this the count has passed 22 million! I do know Explorer.EXE is the process running the shortcut which is my FTP link, but again I was not running it (and have not started it) yet. So I figured I'll let it complete whatever its doing before I do anything else. While it counting these tens of millions of operations, I guess its a good time to ask for a clarification...
1) Should I somehow CLEAR the list before starting the FTP shortcut and start a new log somewhere?
2) Do I need to start this log, or is the Process monitor already recording one somewhere?
I'm asking because if this program is recording 30 million items, I would think I shouldn't attempt to post it here.
OH and by the way... I did open regedit and could not find
(There was no "Software" key in the above tree, but I DID find...Code:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags
And it did have a handful of numbered keys in it, but I didn't find anything that would point me to a relation to the name of the shortcut that does the FTP.Code:HKCU\Software\Microsoft\Windows\Shell\Bags
Turn on Drop filtered events:
and try to understand: those filters only capture events when an Explorer view is saved/closed.
Those milliions of filtered events are just the normal workings of WIndows.
They are a crappy place to get ANY help, period! I don't want to get off into the weeds, but if you're defending them the bottom line is that they are becoming a useless group for anyone trying to learn anything NEW. sadly that's true of many of the stack-exchange forums. I'm a member of several stack pf their groups... electrical engineering, stack overflow, and a few others. i also should mention that despite my less then complete knowledge of windows 10, I have been a successful professional engineer in both software and electronics, and a fair amount of embedded and DSP. I'm now retired. When I get on these boards I occasionally look for people asking questions, and when its something I know about I either try to offer an answer or at least point them in a direction from which they can learn. The onl exception is when someone is obviously posting their homework assignments online hoping to shirk their research.
I started back in the era of Apple-2E, and ATARI, and vacuum tubes before that. Back then people bent over backwards to help each other learn about coding, electronics, or whatever. These days you can google a dozen subjects looking for answers and find several references to one of the stack exchange forums. When you go there, more often than not, you'll find a question posted and down voted, a bunch of snide remarks, and occasionally a few "old school" folks like myself trying to offer an answer. Its now gotten to where you ask a question, get down-voted, and then your question is "closed", so that no one is even allowed to offer an answer.
So bottom line, I don't care what their rules state as far as what constitutes a good question. I have sufficient life experience in the fields to know how to ask a question, and enough human experience to recognize a cliquish mean spirited group. Go ahead and google phrases like "stack overflow are rude" (or :mean spirited" or whatever) and you'll see that even their own administrators have chastised members for being too hard on people.
- - - Updated - - -
Yes, "HKCR\Local Settings\Software\Microsoft\Windows\Shell\Bags" does exist. No, I don't know really what I'm looking for, but I suspect it has something to do with FLAGS being set, maybe in the MODE flag. I didn't realize the Process Mon had several filters set by default. I manually cleared them and started over, and then opened the FTP shortcut folder, opened a directory, and set it to LIST, and then back to VIEW. I saved off the log in a CSV file, and captured the entries that appeared when I did the VIEW change, as a screen region shot. Maybe this will offer a clue?
In ProcMon, it's best to keep those defaults and add additional filters to them. Try opening, resgtoring defaults, and not setting any addtional filters. You'll see a non-stop cascade of operations. Heavy filtering is essential.
That screenshot shows the saved view for one of the Common Dialogs (Open/Save/SaveAs) rather than an Explorer window (ComDlg vs. Shell). and that folder is using the Documents FolderTypve (view template).
So do you think that's your FTP view or a dialog you accessed saving the screenshot? Can you post a screenshot of Explorer open to the FTP site showing the Address bar & with the Navigation Pane set to Expand to current folder?
Also, HKCR is a composite view of data from HKCU & HKLM.
Can you show the Navigagtion Pame? If you right-clcik in the background & select Properties, can you post a screenshot of the Properties dialog?
I'd rather not show the whole thing. The title bar says "FTP Properties" and all it has is a GENERAL tab, showing a small icon with the name of the server I'm connected to, followed by a Location: ftp://xxxxxxxxxxxxxxxxxxxxxx where XXX is all the username and password credentials needed to make the shortcut work as an FTP folder. So you can see where I'd rather not show that.
By the way... by watching those logs in Process Monitor as you mentioned, I can see that every folder I open within the FTP folder triggers event listings for a different "Bags" key number. Looking into each on, they all have a "Shell" key and some (probably ones I've accessed?) have a "ComDlg" key. In those cases the data within those keys seems to reflect things related to views, screen position, etc. But none of those entries offer any clues like the name of the folder, or what its a "parent" of. So back to the log, paying attention only to the initial "events" that appear when I first open the FTP folder, those events are not related to a numbered "Bags" key, but simply to the "All Folders" (Bags) key. That key contains a Shell key as well. Within the Shell key is also a "Microsoft.Windows.ControlPanel" key. So I guess that one gets its own data set? Anyway, most of the data I see in the AllFolders->Shell, once again has to do with screen positions and sizes. But there are also keys there called: "Default", "HotKey", "Navbar", "Showkey", and "wFlags". I don't see anything there specifically tying AllFolders to a template. I suppose I could manually add somethings? I think if the default view for any FTP shortcut should be "Documents". But as you see, an FTP shortcut isn't really a folder, but a shortcut that behaves like a folder. So this is why I'm trying to avoid any procedure for setting all folders to a specific view. If I did that, and later add a new folder to my "Public Pictures" (for example), I wouldn't want it to default to anything but its proper photos template.
I think that since the FTP is not a folder really, it is a unique situation. That's why I thought a VB script what allowed me to pass a shortcut, and then mimic my manual procedure of recursively opening every folder found and changing it to VIEW would be the only sensible approach. But now I'm not really sure that's a smart thing to do. There are nearly 1000 numbered "Bags" keys in my system, and probably half of them are the result of ME manually doing just what I wanted the script to do. That means that even if I got my script, any new server I make a shortcut connection to will end up filling the registry with another 500 bags, whether I set the VIEWs programmatically or manually. The better way, if I had any clue how, would be to attach the shortcut to a template with recursive behavior. But I don't want to do that to the "AllFolders" entry, so this may be a case where there is no good solution. Maybe its best I do as one person suggested and just work with Filezilla. It ALWAYS shows the equivalent of a "Details" view (Which might be the same as a Documents view?).
Last edited by PeterPan2000; 23 Apr 2020 at 10:44.
OK, since you're having difficulty using ProcMon, let's try something different. If you save the following as a .reg file & merge it, it will over-ride default icon styles of all the various FolderTypes with Details. So if the FTP view uses any of the defined types, folders that don't have a saved view should display in Details mode.
So merge the file, sigh out & back in, then see if the Details view is applied to FTP folders that haven't been previiously viewed. Since none of the keys created by this file exist by default, undoing the mod is a simple deletion.
Code:Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{0b0ba2e3-405f-415e-a6ee-cad625207853}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{0b2baaeb-0042-4dca-aa4d-3ee8648d03e5}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{20338b7b-531c-4aad-8011-f5b3db2123ec}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{24ccb8a6-c45a-477d-b940-3382b9225668}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{292108be-88ab-4f33-9a26-7748e62e37ad}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{36011842-dccc-40fe-aa3d-6177ea401788}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{3D1D4EA2-1D8C-418a-BFF8-F18370157B55}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{3f2a72a7-99fa-4ddb-a5a8-c604edf61d6b}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{3f98a740-839c-4af7-8c36-5badfb33d5fd}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{4dcafe13-e6a7-4c28-be02-ca8c2126280d}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{4F01EBC5-2385-41f2-A28E-2C5C91FB56E0}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{503a4e73-1734-441a-8eab-01b3f3861156}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{51294DA1-D7B1-485b-9E9A-17CFFE33E187}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{524ddb2b-2a4f-43b8-b8fe-e91ef9d8ba69}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{59BD6DD1-5CEC-4d7e-9AD2-ECC64154418D}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{5c4f28b5-f869-4e84-8e60-f11db97c5cc7}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{5f4eab9a-6833-4f61-899d-31cf46979d49}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{5fa96407-7e77-483c-ac93-691d05850de8}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{631958a6-ad0f-4035-a745-28ac066dc6ed}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{654a1b99-8a4b-4e7b-a4e1-46378ad77a61}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{672ECD7E-AF04-4399-875C-0290845B6247}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{71689ac1-cc88-45d0-8a22-2943c3e7dfb3}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{71D642A9-F2B1-42cd-AD92-EB9300C7CC0A}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{7d49d726-3c21-4f05-99aa-fdc2c9474656}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{7F2F5B96-FF74-41da-AFD8-1C78A5F3AEA2}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{7fde1a1e-8b31-49a5-93b8-6be14cfa4943}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{834d8a44-0974-4ed6-866e-f203d80b3810}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{885a186e-a440-4ada-812b-db871b942259}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{8faf9629-1980-46ff-8023-9dceab9c3ee3}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{921C636D-9FC8-40d7-899E-0845DCD03010}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{94d6ddcc-4a68-4175-a374-bd584a510b78}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{978e0ed7-92d6-4cec-9b59-3135b9c49ccf}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{982725ee-6f47-479e-b447-812bfa7d2e8f}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{B337FD00-9DD5-4635-A6D4-DA33FD102B7A}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{b3690e58-e961-423b-b687-386ebfd83239}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{c1f8339f-f312-4c97-b1c6-ecdf5910c5c0}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{C4D98F09-6124-4fe0-9942-826416082DA9}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{CD0FC69B-71E2-46e5-9690-5BCD9F57AAB3}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{da3f6866-35fe-4229-821a-26553a67fc18}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{db2a5d8f-06e6-4007-aba6-af877d526ea6}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{DD61BD66-70E8-48dd-9655-65C5E1AAC2D1}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{de2b70ec-9bf7-4a93-bd3d-243f7881d492}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{e053a11a-dced-4515-8c4e-d51ba917517b}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{ea25fbd7-3bf7-409e-b97f-3352240903f4}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{ef87b4cb-f2ce-4785-8658-4ca6c63e38c6}] "Mode"=dword:00000004 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{fbb3477e-c9e4-4b3b-a2ba-d3f5d3cd46f9}] "Mode"=dword:00000004
Quote
