U.S. patent application number 11/060983 was filed with the patent office on 2005-07-21 for agent for collecting information about installed programs on a computer system.
This patent application is currently assigned to Microsoft Corporation. Invention is credited to Bluvshteyn, Vadim, Carroll, Mark S., Heinz, Steven S., Lupu, Corneliu, Munsil, Donald J., Sciacqua, Michael, Stephens, Maoni.
Application Number | 20050160421 11/060983 |
Document ID | / |
Family ID | 34194045 |
Filed Date | 2005-07-21 |
United States Patent
Application |
20050160421 |
Kind Code |
A1 |
Bluvshteyn, Vadim ; et
al. |
July 21, 2005 |
Agent for collecting information about installed programs on a
computer system
Abstract
A standard reporting schema to represent applications and other
information on a computer in a hierarchical manner, such as via an
XML (extensible markup language) file. An agent or engine is
provided to inventory a computer for installed applications or
services and to output a report, or log file, conforming to the
schema standard. A calculation may be performed on a subset of
attributes stored in the log file for an application or a service
so as generate a signature representing the subset. The signature
may be stored with the log file, and may be accessed quickly in a
database to determine whether or not the application is a
particular application, or, if more particular resources are
defined, to determine more specific information, such as whether
the application is a particular version or run of the
application.
Inventors: |
Bluvshteyn, Vadim;
(Woodinville, WA) ; Sciacqua, Michael; (North
Bend, WA) ; Munsil, Donald J.; (Kirkland, WA)
; Lupu, Corneliu; (Sammamish, WA) ; Stephens,
Maoni; (Sammamish, WA) ; Carroll, Mark S.;
(Woodinville, WA) ; Heinz, Steven S.; (Lynnwood,
WA) |
Correspondence
Address: |
LEYDIG, VOIT & MAYER, LTD.
TWO PRUDENTIAL PLAZA, SUITE 4900
180 NORTH STETSON
CHICAGO
IL
60601-6780
US
|
Assignee: |
Microsoft Corporation
Redmond
WA
|
Family ID: |
34194045 |
Appl. No.: |
11/060983 |
Filed: |
February 18, 2005 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
11060983 |
Feb 18, 2005 |
|
|
|
10644264 |
Aug 20, 2003 |
|
|
|
Current U.S.
Class: |
717/174 |
Current CPC
Class: |
Y10S 707/99953 20130101;
G06F 8/60 20130101; Y10S 707/99942 20130101 |
Class at
Publication: |
717/174 |
International
Class: |
G06F 009/445 |
Claims
What is claimed is:
1. A computer system, comprising: an agent, the agent comprising:
an installed programs enumeration component configured to enumerate
software items on the computer to find installed programs; an
executable enumeration component configured to enumerate software
items on the computer to find executables that are associated with
installed programs found by the installed programs enumeration
component; and an information grabber component configured to
gather information on the computer about the installed programs
found by the installed programs enumeration component.
2. The computer system of claim 1, wherein the information grabber
component is further configured to gather information about the
executables.
3. The computer system of claim 1, wherein the installed programs
enumeration component utilizes places, tools, or devices that a
user utilizes to access a program, or a subset thereof, to find
installed programs on the computer.
4. The computer system of claim 1, wherein the agent searches a
folder in which an installed program is found to find other
executables that may be associated with the installed program.
5. The computer system of claim 4, wherein, in the process of
searching the folder, the agent determines, for items in the
folder, whether the items are defined by the agent to be an
executable.
6. The computer system of claim 5, wherein the items are defined by
the agent to be an executable by one of more of an evaluation of
file type or an evaluation of an extension.
7. The computer system of claim 1, wherein the installed programs
and executables are stored in a file by the agent.
8. The computer system of claim 7, wherein the file is an
extensible markup language file.
9. The computer system of claim 7, wherein the file includes a
hierarchical list having a number of installed programs containers,
each installed programs container including an installed program
and associated executables for the installed program.
10. The computer system of claim 1, wherein associated executables
are found via walking an import table for an installed program.
11. A computer-implemented method, comprising: enumerating software
items on a computer to find installed programs; and for each
installed program, storing information about the installed program
in a file along with information about executables linked to the
installed program.
12. The method of claim 11, wherein enumerating software items
comprises enumerating executables in a shell folder on the
computer.
13. The method of claim 11, wherein enumerating executables in a
shell folder comprises: if a software item is a folder, recursing
the folder; if the software item is a link, getting the path and
argument for the link; and if the software item is a file, storing
the information about the file.
14. The method of claim 11, wherein finding installed programs
comprises utilizing places, tools, or devices that a user utilizes
to access a program to find installed programs on the computer.
15. The method of claim 11, further comprising searching a folder
in which an installed program is found to find executables that may
be associated with the installed program.
16. The method of claim 11, wherein the file is an extensible
markup language file.
17. The method of claim 11, wherein the file includes a
hierarchical list having a number of installed programs containers,
each installed programs container including the installed program
and the associated executables.
18. A computer-implemented method, comprising: utilizing places,
tools, or devices that a user utilizes to access a program, or a
subset thereof, to find installed programs on a computer; and
storing information about the installed programs in a file.
19. The method of claim 18, wherein the file is an extensible
markup language file.
20. The method of claim 18, wherein the file includes a
hierarchical list having a number of installed programs containers,
each installed programs container including the installed program
and executables associated with the installed program.
Description
REFERENCE TO RELATED APPLICATION
[0001] This application is a continuation application of U.S.
application Ser. No. 10/644,264, filed Aug. 20, 2003, and
incorporated herein by reference in its entirety.
TECHNICAL FIELD OF THE INVENTION
[0002] The present invention generally relates to computers, and
more specifically to collecting information about applications on a
computer.
BACKGROUND OF THE INVENTION
[0003] The identification of software applications on a computer is
often desirable to communicate the status of the applications on
the computer. For example, in a network environment, an
administrator may desire to know the identification of software
applications on a particular machine, or on multiple machines
within the network. The information wanted by the administrator may
include, as examples, application compatibility, vendor
information, version information, or the like. Assembling such
information by hand is often not a viable option, because the
volume of the information may be prohibitive, and some information,
such as version information, may constantly change due to updates
or other changes on individual computers within the network.
Moreover, if the information is gathered by an individual and
entered into a database, the information may be prone to errors,
and a search of the information may not result in all matches for
the particular item for which the search is being conducted.
SUMMARY OF THE INVENTION
[0004] The following presents a simplified summary of some
embodiments of the invention in order to provide a basic
understanding of the invention. This summary is not an extensive
overview of the invention. It is not intended to identify
key/critical elements of the invention or to delineate the scope of
the invention. Its sole purpose is to present some embodiments of
the invention in a simplified form as a prelude to the more
detailed description that is presented later.
[0005] In accordance with one embodiment, the present invention
provides a standard reporting schema to represent applications and
other information on a computer in a hierarchical manner, such as
via an XML (extensible markup language) file. The schema may
include, for example, such items as system information, information
about services and/or applications on the computer, and/or
application compatibility information.
[0006] In accordance with another embodiment, an agent or engine is
provided to inventory a computer for installed applications or
services and to output a report, or log file, conforming to the
schema standard. The agent is a relatively lightweight executable
which may be run on many or all of the computers in the network so
as to provide a log file for each of the computers. The log file
for each of the computers may be maintained in a central location.
The database of log files may be searched or otherwise accessed by
an administrator or another user desiring status (e.g.,
compatibility, vendor information, or the like) of applications or
services on the network.
[0007] In accordance with another embodiment, a calculation may be
performed on a subset of attributes stored in the log file for an
application or a service so as generate a signature representing
the subset. The signature may be stored with the log file, and may
be accessed quickly in a database to determine whether or not the
application is a particular application, or, if more particular
resources are defined, to determine more specific information, such
as whether the application is a particular version or run of the
application.
[0008] Other features of the invention will become apparent from
the following detailed description when taken in conjunction with
the drawings, in which:
BRIEF DESCRIPTION OF THE DRAWINGS
[0009] FIG. 1 is a block diagram showing several computers
communicating with one another over a network usable to implement
an embodiment of the invention;
[0010] FIG. 2 is a block diagram displaying an example of a basic
configuration for a computer on which all or parts of the invention
described herein may be implemented;
[0011] FIG. 3 is a block diagram displaying a representation of an
agent installed on the computer of FIG. 2 in accordance with an
embodiment of the present invention;
[0012] FIG. 4 is a block representation of an example of a log file
in accordance with an embodiment of the invention;
[0013] FIG. 5 is a flow chart generally showing steps for a
collection process performed by the agent of FIG. 3 in accordance
with an embodiment of the invention;
[0014] FIG. 6 is a flow diagram generally representing steps that
may be used by the agent of FIG. 3 to enumerate executables in
accordance with an embodiment of the invention;
[0015] FIG. 7 is a flow chart generally showing steps for
determining whether an executable should be added to installed
programs list in accordance with an embodiment of the present
invention;
[0016] FIG. 8 is a flow diagram generally representing steps for
gathering information about an executable in accordance with an
embodiment of the invention;
[0017] FIG. 9 is a flow diagram generally representing steps for
gathering information about compatibility in accordance with an
embodiment of the invention;
[0018] FIG. 10 shows a flow diagram generally representing steps
for generating a signature for an executable in accordance with an
embodiment of the invention; and
[0019] FIG. 11 shows a flow diagram generally representing steps
for producing a combined signature file in accordance with an
embodiment of the invention.
DETAILED DESCRIPTION
[0020] In the following description, various embodiments of the
present invention will be described. For purposes of explanation,
specific configurations and details are set forth in order to
provide a thorough understanding of the embodiments. However, it
will also be apparent to one skilled in the art that the present
invention may be practiced without the specific details.
Furthermore, well-known features may be omitted or simplified in
order not to obscure the embodiment being described.
[0021] Prior to proceeding with a description of the various
embodiments of the invention, a description of a computer and a
networking environment in which the various embodiments of the
invention may be practiced will now be provided. Although it is not
required, the present invention may be implemented by programs that
are executed by a computer. Generally, such programs include
routines, objects, components, data structures and the like that
perform particular tasks or implement particular abstract data
types. The term "program" as used herein may connote a single
program module or multiple program modules acting in concert. The
terms "computer" and "computer system" as used herein includes any
device that electronically executes one or more programs, such as
personal computers (PCs), hand-held devices, multi-processor
systems, microprocessor-based programmable consumer electronics,
network PCs, minicomputers, mainframe computers, consumer
appliances having a microprocessor or microcontroller, routers,
gateways, hubs and the like. The invention may also be employed in
distributed computing environments, where tasks are performed by
remote processing devices that are linked through a communications
network. In a distributed computing environment, programs may be
located in both local and remote memory storage devices.
[0022] An example of a networked environment in which the invention
may be used will now be described with reference to FIG. 1. The
example network of FIG. 1 includes several computers 10
communicating with one another over a network 11, represented by a
cloud. The network 11 may include many well-known components, such
as routers, gateways, hubs, etc. and allows the computers 10 to
communicate via wired and/or wireless media. When interacting with
one another over the network 11, one or more of the computers 10
may act as clients, servers or peers with respect to other
computers 10. Accordingly, the various embodiments of the invention
may be practiced on clients, servers, peers or combinations
thereof, even though specific examples contained herein do not
refer to all of these types of computers.
[0023] In the network 11 shown in FIG. 1, one of the computers 10
serves as a network administrator for the network 11, and is
designated generally by the reference numeral 12. The network
administrator computer 12 is a computer through which an
administrator of the network 11 may access the computers 10 on the
network 11, and may be, for example, a server or a client in the
network 11.
[0024] Referring to FIG. 2, an example of a basic configuration for
a computer 10 on which all or parts of the invention described
herein may be implemented is shown. In its most basic
configuration, the computer 10 typically includes at least one
processing unit 14 and memory 16. The processing unit 14 executes
instructions to carry out tasks in accordance with various
embodiments of the invention. In carrying out such tasks, the
processing unit 14 may transmit electronic signals to other parts
of the computer 10 and to devices outside of the computer 10 to
cause some result. Depending on the exact configuration and type of
the computer 10, the memory 16 may be volatile (such as RAM),
non-volatile (such as ROM or flash memory) or some combination of
the two. This most basic configuration is illustrated in FIG. 2 by
dashed line 18.
[0025] The computer 10 may have additional features and/or
functionality. For example, the computer 10 may also include
additional storage (removable storage 20 and/or non-removable
storage 22) including, but not limited to, magnetic or optical
disks or tape. Computer storage media includes volatile and
non-volatile, removable and non-removable media implemented in any
method or technology for storage of information, including
computer-executable instructions, data structures, program modules,
or other data. Computer storage media includes, but is not limited
to, RAM, ROM, EEPROM, flash memory, CD-ROM, digital versatile disk
(DVD) or other optical storage, magnetic cassettes, magnetic tape,
magnetic disk storage or other magnetic storage devices, or any
other medium which can be used to stored the desired information
and which can be accessed by the computer 10. Any such computer
storage media may be part of computer 10.
[0026] The computer 10 preferably also contains communications
connection(s) 24 that allow the device to communicate with other
devices. A communication connection (e.g., one of the communication
connections 24) is an example of a communication medium.
Communication media typically embody computer readable
instructions, data structures, program modules or other data in a
modulated data signal such as a carrier wave or other transport
mechanism and include any information delivery media. By way of
example, and not limitation, the term "communication media"
includes wired media such as a wired network or direct-wired
connection, and wireless media such as acoustic, RF, infrared and
other wireless media. The term "computer-readable medium" as used
herein includes both computer storage media and communication
media.
[0027] The computer 10 may also have input devices 26 such as a
keyboard, mouse, pen, voice input device, touch input device, etc.
Output devices 28 such as a display 30, speakers, a printer, etc.
may also be included. All these devices are well known in the art
and need not be discussed at length here.
[0028] Referring now to FIG. 3, in accordance with an embodiment of
the invention, an agent 40 is provided that is capable of finding,
and collecting information from, one or more applications 42.sub.1,
42.sub.2, . . . 42.sub.N and/or one or more services 44.sub.1,
44.sub.2, . . . 44.sub.M on a computer (e.g., the computer 10). To
this end, the agent 40 interacts with an operating system 46 of the
computer 10, the applications 42.sub.1, 42.sub.2, . . . 42.sub.N
and/or one or more services 44.sub.1, 44.sub.2, . . . 44.sub.M, and
other components as needed, as further described below.
[0029] In accordance with an embodiment of the invention, the
information regarding the applications 42.sub.1, 42.sub.2, . . .
42.sub.N and/or the services 44.sub.1, 44.sub.2, . . . 44.sub.M is
extracted and placed in a log file 50, which may, for example, be
an extensible markup language (XML) file. One or more of these log
files 50 may be then forwarded to a database 51 (FIG. 1) or several
databases, which may, for example, be accessed by the network
administrator computer 12, or by one or more other computers 10 on
the network that may have an interest in accessing the information
in the log file 50. The information in the log file may also be
utilized by the computer 10 upon which the agent 40 is collecting
information.
[0030] In accordance with one embodiment, the agent 40 is a tool or
executable that may be loaded onto a single computer 10 so as to
extract a log file 50 from that single computer, or may be
distributed to a number of computers 10 so that a corresponding log
file 50 may be provided for each of the computers 10. The agent 40
may be, as examples, distributed through a logon script, by running
from a floppy disk, a website, a parent application, a network
share, or may be run in conjunction with a software management
system.
[0031] To aid in finding, and collecting information from, the
applications 42.sub.1, 42.sub.2, . . . 42.sub.N and/or the services
44.sub.1, 44.sub.2, . . . 44.sub.M, the agent 40 includes an
installed programs enumeration component 47, an executable
enumeration component 48, and an information grabber component 49.
The function of each of these components is described below.
[0032] A block representation of an example of a log file 50 in
accordance with an embodiment of the invention is shown in FIG. 4.
The log file 50 in the example includes system information 52,
services information 54, applications information 56, and
compatibility information 58. Each of these items is further
described below, but some description is given here for the benefit
of the reader.
[0033] The system information 52 is generally information that is
specific to the computer 10 upon which the agent 40 is running its
operation and may include, for example, operating system
information, hardware information, drive information, processor
information, and the like. In addition, the system information 52
may include information such as whether the computer is a
particular type of server, such as a web server or email server, or
network information, such as a department, the domain of the
computer, an IP address of the computer, or a machine name for the
computer. Additional system information 52 may include such items
as an asset tag, a serial number, a vender for the computer, or
other information.
[0034] The services information 54 generally includes a list of
services on the computer 10, and information about services that
are running on the computer. The information may include such
information as the name, display name, and type of service, for
example.
[0035] The application information 56 in accordance with an
embodiment of the invention includes a list of the applications 42
on the computer 10, and information about each of the applications
42, such as version information, name information, folder or
location information, checksum, company name, description, linker
version, link date, copyright information, and so forth. In
addition, information about each of the executables that are linked
to each application 42 is preferably included in the application
information 56.
[0036] The compatibility information 58 includes information about
known compatibility issues. The known compatibility issues may
include, for example, application help information for particular
applications 42 having known issues of incompatibility, information
about patches available for applications, or other information that
may be useful for an application to run in particular
environments.
[0037] In accordance with an embodiment of the invention, the log
file 50 is maintained as an XML file. The hierarchical structure of
XML, and its ease of use via tags, permits the log file 50 to be
easily compressed, stored, transformed, displayed, assembled,
accessed, and searched. However, if desired, another format, such
as a relational table or a text file, may be used to store the log
file. However, for ease of description, the log file 50 is
described herein as being formed in XML.
[0038] An example of a log file 50 is shown in FIG. 4. The log file
50 shown in FIG. 4 is a simplified, high level representation of
the schema of a log file in accordance with an embodiment of the
invention. In the schema at FIG. 4, containers are defined for the
system information 52, the services information 54, the application
information 56, and compatibility information 58. Each of these
containers includes various attribute sub-containers that may be
used to store information retrieved by the agent 40. In accordance
with an embodiment of the invention, switches or flags may be set
on the agent 40 so that particular attributes of the schema may be
selected for retrieval by the agent 40 in a collection process. For
example, a collection process may define that all system
information 52 for a computer may be retrieved, and that only
particular attributes of applications 42 be retrieved.
[0039] In accordance with an embodiment of the invention, as
further described below, the agent 40 enumerates items on the
computer to find installed programs (e.g., services and
applications). In the process of doing so and/or at a later time,
the agent 40 retrieves information about the installed programs
that are on the computer 10. In addition, associated executables of
the installed programs are determined, and information about those
associated executables is retrieved. Associated executables may be
found, for example, by walking an import table for an
executable.
[0040] In accordance with an embodiment of the invention, as
further described below, to find installed programs on the computer
10, the agent 40 utilizes places, tools, or devices that a user
utilizes to access an application. For example, if the Windows.RTM.
Operating System is the operating system 46 of the computer 10, the
agent 40 may utilize folders associated with Add/Remove Programs,
the Start menu, and similar tools provided by the operating system
or otherwise available on the computer to search for installed
programs. As other examples, the user may use folders associated
with links in the shell, the program menu, executables or links on
the desktop, or items that have been indicated in the registry as
RunOnce or Run. These folders may be accessed programmatically, for
example.
[0041] As described below, after the agent 40 has searched for
executables and installed programs, the agent 40 searches the
folder in which the executable was found to find other executable
programs that may be associated with (i.e., statically linked to)
the installed program. To do so, the agent determines if the item
is defined by the agent 40 to be an executable. This definition may
be made by switches available on the agent, and may be defined by
file type, extension, or another suitable method. As an example,
the files may be the types having an extension of DLL, ICD, DAT,
ICO, BIN, or SYS. If a file is determined to be associated with an
installed program, the agent then establishes within the log file
50 a hierarchical list having a number of application and services
containers, each of which includes the installed program and the
associated files. Associated executables may also be found via
walking an import table for an executable.
[0042] FIG. 5 is a flow chart generally showing steps for the
collection process performed by the agent 40 in accordance with an
embodiment of the invention. Beginning at step 500, the application
gets system information 52. This system information 52, as
described above, includes particular information about the computer
10 upon which information is collected by the agent 40. The agent
40 may extract the system information 52, for example by calling
application programming interfaces (APIs) that are provided on the
operating system 46 for the computer 10, via registry or similar
information stored with the operating system, via hardware
description that is stored in association with the operating
system, or may be extracted via assembly code that may be written
and included with the agent 40. A programmer of ordinary skill with
knowledge of an operating system 46 for and/or structure of a
computer may utilize features of the operating system and
information stored with the operating system to write code or
otherwise provide access to the system information 52. Once the
system information 52 is extracted, it is inserted into the log
file 50 at step 502.
[0043] At step 504, the agent 40, for example via the executable
enumerator component 48, enumerates the executables within the
defined set of shell folders on the computer 10. As an example, for
a Windows.RTM. Operating System, these folders may be associated
with "Common Desktop," "Desktop," "Common Start Menu," "Start
Menu," "Common Programs," 37 Programs," or similar tools through
which a user typically accesses an installed program or
application. The executables may be found by looking for a defined
file type or extension, such as EXE.
[0044] In accordance with an embodiment of the invention, operating
system components are not added to the list of items to be added to
the log file 50, because the agent 40 preferably extracts
executables other than those that are operating system components.
By not gathering information on executables that are designated as
system components, most of these operating system items will be
missed. In addition, if desired, items designated as protected or
otherwise associated with the operating system will be skipped.
[0045] In any event, an example of a process that may be used for
enumerating executables in the shell folders is described with FIG.
6 below. At step 506, service executables are enumerated, for
example, for the Windows.RTM. Operating System, the services may be
enumerated using the SCM APIs and a list of service executables may
be generated. Some, none, or all of these may have previously been
added to the list via step 504.
[0046] At step 506, the agent 40 determines the installed programs
on the computer 10. Some or all of these installed programs may be
the same as the executables found in step 504. In accordance with
an embodiment of the invention, the determination of installed
programs may be made via services or features on the computer 10
that provide lists or other information about installed programs.
As an example, if the Windows.RTM. Operating System is used, then
each of the applications 42 may include a Microsoft installer (MSI)
component for each application 42 that includes information about
the applications 42. A Microsoft installer product includes APIs
which the agent 40 may access to determine whether the applications
having the Microsoft installer feature are to be added to the list.
An example of a method for determining the installed programs using
MSI components is described together with FIG. 7, below.
[0047] As another example, the Add/Remove Program list may be used
to find installed programs on the computer 10. If this feature is
used, the uninstall registry path of each installed program may be
used to figure out which installed programs are installed and those
installed programs may be added to the installed program list.
[0048] At step 510, a list of installed programs (i.e.,
applications) is created with linked executables (i.e., associated
files). The linked executables may be found, for example, by
walking an import table for the executables for the installed
programs. This list of installed programs and linked executables is
entered into the log file 50.
[0049] At step 512, the agent 40, for example via the information
grabber 49, gets the information regarding the applications and
services on the computer 10, including information about the
associated executables. This information is also added to the log
file 50. An example of a method for getting the information is
described together with FIG. 8 below.
[0050] At step 514, the agent 40 gets the compatibility information
58, for example also via the information grabber 49. An example of
the process that may be used to get the compatibility information
is described together with FIG. 9.
[0051] At step 516, the agent 40 creates signatures for the
executables in the log file 50. An example of how the signatures
may be created is described together with FIGS. 10 and 11.
[0052] FIG. 6 is a flow diagram generally representing steps that
may be used by the agent 40 to enumerate shell folder executables
on the computer 10 in accordance with an embodiment of the
invention. In the embodiment shown, the agent 40 enumerates the
designated folders of the computer 10 to find executables on the
computer. Another system may be used to find the executables,
depending upon the storage method used for the computer.
[0053] In any event, for the example shown in FIG. 6, at step 602,
the enumeration of the shell folders begins. At step 604, a
determination is made whether a first item checked within the
folders is a folder. If it is, then the folder is recursed at step
606, and the process returns to step 604. If the item is not a
folder, then the process branches from step 604 to step 608, where
a determination is made if the item is a link. If so, then the path
and argument for the link are extracted in step 610, and any
folders or items found may be used in the enumeration process. As
such, the process returns to step 604, using the path and argument
as the next item. If the item is not a link, the process branches
from step 608 to step 612, where a determination is made if the
item is a file that is defined by the agent 40 to be an installed
program. This definition may be made by file type, extension, or
another suitable method.
[0054] If the item meets the definition of executable, then the
item is added to the list in step 614. If not, then the agent 40
enumerates the next item at step 616, and the process branches back
to step 604. The process continues until all items within the shell
folder have been enumerated, resulting in a list of files defined
by the agent 40 as being executables.
[0055] FIG. 7 is a flow chart generally showing steps for
determining whether an application should be added to the list
using information in Microsoft installer (MSI). MSI provides an API
that permits access to this information. Beginning at step 700,
each Microsoft installer item is enumerated. At step 702, the
products associated with the component are enumerated. At step 704,
a determination is made whether the product is a system component,
i.e., part of the operating system. If an item is a system
component, i.e., associated with the operating system 46, the item
is skipped, as described above, and the process loops back to step
700 where the next component is enumerated. Alternatively, the
process may loop back to step 702 if all products of the component
have not yet been enumerated.
[0056] If the item is not a system component, the process branches
to step 706, where the agent 40 gets the path of the product. At
step 708, a determination is made whether the product is a binary
file. If not, the process branches back to step 700. If so, then
the process branches to step 710, where a determination is made
whether the file is protected. If so, then the process branches
back to step 700. If not, then step 710 branches to step 712, where
the product is added to the installed program list.
[0057] Further enumeration may be done, such as, for example, via
the Add/Remove programs, Run or Runonce, as described above. After
enumeration is done, a list results, the list having installed
programs and executables. The import tables for the installed
programs may be walked, providing associated executables and
mapping information to the corresponding installed program. The
agent 40 may proceed with extracting information about the programs
and the executables, as shown in FIG. 8, below.
[0058] In accordance with an embodiment of the invention,
information that is extracted regarding an executable may be
obtained from one or many sources. If many sources are available,
then the agent 40 chooses the best source for extracting
information regarding the executable. In accordance with an
embodiment of the invention, the best source is the source which
has the most reliable and/or has available the most information
about an application. As an example, the information stored with a
MSI component is typically more reliable and more detailed than
information that may otherwise be stored with an application. Thus,
the agent 40 utilizes a better source for information that it
extracts and puts into the log file 50. However, if desired, the
agent 40 may also store information about the fact that the
executable is found by more than one source, such as being found
via a search of the folders listed above and via an enumeration of
the MSI components.
[0059] The act of extracting information may be conducted after all
the executables have been enumerated, or information about the
executables may be extracted when the executables are enumerated.
However, for ease of description, the information extraction
feature of the agent 40 is described separately in this
document.
[0060] FIG. 8 is a flow diagram generally representing steps for
extracting information from an executable in accordance with an
embodiment of the invention. Beginning at step 800, the executable
is enumerated. At step 802, a determination is made if the
executable is an installed program, i.e., whether the executable is
in the installed program list as described above. If so, step 802
branches to step 804 where the information for the installed
program is retrieved in accordance with the filters set for the
agent 40. The process then proceeds to step 806, where a
determination is made whether the executable also found in another
search, e.g., was found in two searches, with the other search not
providing as reliable of information. If so, then limited
information is retrieved in step 808, such as only the source
information for the file, that is, the fact that the file was also
found in the other search. This similar source information may also
have been added in step 804, where the source information, such as
Add/Remove Program, may be added to the information.
[0061] The process then proceeds to step 810, where a determination
is made whether the item is in the system folder. If so, then
process branches to step 812 where first limited information is
retrieved, which may be defined by different filters set for the
agent 40. This first limited information may be, for example, the
checksum for the executable. If not, then step 810 branches to step
814 where still other, second limited information may be retrieved,
which may also be set by the filters. This second limited
information may be, for example, product name, source, and vendor.
If the executable is not an installed program, then step 802 skips
directly to step 810, where the process proceeds as described
above.
[0062] The process of FIG. 8 results in the log file 50 shown in
FIG. 4. The log file 50 includes the system information 52
described above, the service information 54, also described above,
and a number of applications 42 in application containers 60.sub.1,
60.sub.2, . . . . Each of the application containers may include
associated therewith a number of associated executables 62.
Similarly, the services information 54 may include a list of
installed programs 63, and may additionally include associated
executables (not shown).
[0063] As described above, the agent 40 may also insert
compatibility information 58 into the log file 50. To this end, a
database 70 (FIG. 3) of compatibility information may be included
with the agent 40 for the agent 40 to extract this information.
Alternatively, a similar database may be included with the
operating system 46, may otherwise be stored locally on the
computer 10, or a similar database may be available remotely, e.g.,
via the network 11.
[0064] Each of the executables found in the processes described
above are checked against the compatibility database 70, or
databases, to determine whether compatibility information is
available for the executable. As described above, this
compatibility database 70 may include information such as whether
there is application help information or fixes or known
compatibility problems for the application 42. In addition, the
information regarding the application 42 may then be stored in the
compatibility information 58 (FIG. 4). The process of finding the
compatibility information 58 may be done via a separate thread, and
may be completed at the same time or before or shortly after that
enumeration of each of the executables is completed.
[0065] FIG. 9 shows a flow chart generally representing steps for
adding compatibility information 58 to the log file 50 in
accordance with an embodiment of the invention.
[0066] Beginning at step 900, the executables in the list are
enumerated. At step 902, a determination is made whether the
executable is in the compatibility database 70. If so, step 902
branches to step 904 where the information in the database 70 is
added to the compatibility information 58 and the log file 50. If
not, step 902 branches back to step 900, where the next executable
is enumerated.
[0067] As described above, the information for each of the
executables in the service information 54 or the application
information 56 may include a number of different attributes for
each of the executables. In accordance with an embodiment of the
invention, a subset (i.e., some or all) of these attributes may be
utilized to form a signature or hash for the executable. As an
example, one signature for an executable may utilize the following
subset of attributes:
[0068] NAME (string)
[0069] BIN_FILE_VERSION (qword)
[0070] BIN_PRODUCT_VERSION (qword)
[0071] PRODUCT_VERSION (string)
[0072] FILE_DESCRIPTION (string)
[0073] COMPANY_NAME (string)
[0074] PRODUCT_NAME (string)
[0075] FILE_VERSION (string)
[0076] ORIGINAL_FILENAME (string)
[0077] INTERNAL_NAME (string)
[0078] LEGAL_COPYRIGHT (string)
[0079] MODULE_TYPE (dword)
[0080] 16 BIT_DESCRIPTION (string)
[0081] 16 BIT_MODULE_NAME (string)
[0082] VER_LANGUAGE (dword)
[0083] These attributes represent, for example, a version signature
for an executable. An operation may be performed on these
particular attributes so as to form the signature or hash,
resulting in a number representing the attributes of the
executable. In accordance with an embodiment of the invention, a
cyclic redundancy check (CRC), such as a CRC 32, is one type of
algorithm that may be applied to the information to generate the
signature or hash. As is known, a cyclic redundancy check is a
number derived from a block of data, usually used in order to
detect corruption or occlusion of all the data. To calculate the
CRC, all the attributes that can be found for an executable are
copied byte-wise into a buffer, leaving off the NULL character at
the end of strings. A CRC32 is then calculated for the entire
buffer.
[0084] If desired, a second signature file or even additional
signature files may be stored with the information for a service
executable or an application executable. As another example of
attributes that may be used in the second attribute file, the
following attributes may be used:
[0085] SIZE (dword)
[0086] CHECKSUM (dword)
[0087] PE_CHECKSUM (dword)
[0088] LINKER_VERSION (dword)
[0089] LINK_DATE (dword)
[0090] The above attributes result in a more specific hash for an
executable. This signature may be used, for example to determine
exact matches to a known version of an executable.
[0091] One or both of the signature files above may be utilized by
a person accessing the log file 50 to quickly determine whether the
application 42 matches a known attribute set of an executable. In
accordance with an embodiment of the invention, the combined
attributes as defined in one of the sets above or in another
attribute set for all executables associated with one installed
program may have a number derived from them, resulting in a
combined signature or hash. This combined signature or hash may
also be used to determine whether a completed installed matches
known characteristics of an application 42 or a service. This
information may be used, for example, to determine the exact
version of an application 42, whether known fixes have been
installed for executables associated with the application 42, or
for other purposes. The signature may be stored along with the
information for the executable, as is shown by the reference
numeral 64 in FIG. 9. The combined signatures may also be stored
with the application 42, or may be stored in a separate location,
such as a local or remote database, as convenient.
[0092] FIG. 10 shows a flow diagram generally representing steps
for generating a signature for an executable in accordance with an
embodiment of the invention. Beginning at step 1000, the attributes
for the executable are retrieved. At step 1002, the algorithm is
performed on the attributes, and at step 1004, the signature that
is a result of the algorithm is stored with the executable.
[0093] FIG. 11 shows a flow diagram generally representing steps
for producing a combined signature file in accordance with an
embodiment of the invention. Beginning at step 1100, the attributes
for all executables associated with the application 42 are
retrieved. At step 1102, the algorithm is performed on the
attributes and at step 1104 the signature is stored with the
application file information for the application 42.
[0094] Utilizing the agent 40 of the present invention, a user or
an administrator may generate the log file 50, which permits the
user to have readily available information regarding the
application 42, including the signature file. A number of the log
files 50 may be accumulated, for example in the database 51, and
may be searched, accessed, or otherwise utilized by an
administrator or a user that needs to know information about the
applications 42 on the computer 10. The log file 50 thus provides a
convenient vehicle for storing information about applications 42 on
a computer 10. If desired, the agent 40 may be run on an interval,
or at startup, or at other desired times defined or requested by an
administrator or a user. As such, the log file 50 may remain
current so that the information in the log file 50 represents the
actual information on the computer 10.
[0095] Other variations are within the spirit of the present
invention. Thus, while the invention is susceptible to various
modifications and alternative constructions, a certain illustrated
embodiment thereof is shown in the drawings and has been described
above in detail. It should be understood, however, that there is no
intention to limit the invention to the specific form or forms
disclosed, but on the contrary, the intention is to cover all
modifications, alternative constructions, and equivalents falling
within the spirit and scope of the invention, as defined in the
appended claims.
[0096] The use of the terms "a" and "an" and "the" and similar
referents in the context of describing the invention (especially in
the context of the following claims) are to be construed to cover
both the singular and the plural, unless otherwise indicated herein
or clearly contradicted by context. The terms "comprising,"
"having," "including," and "containing" are to be construed as
open-ended terms (i.e., meaning "including, but not limited to,")
unless otherwise noted. Recitation of ranges of values herein are
merely intended to serve as a shorthand method of referring
individually to each separate value falling within the range,
unless otherwise indicated herein, and each separate value is
incorporated into the specification as if it were individually
recited herein. All methods described herein can be performed in
any suitable order unless otherwise indicated herein or otherwise
clearly contradicted by context. The use of any and all examples,
or exemplary language (e.g., "such as") provided herein, is
intended merely to better illuminate embodiments of the invention
and does not pose a limitation on the scope of the invention unless
otherwise claimed. No language in the specification should be
construed as indicating any non-claimed element as essential to the
practice of the invention.
[0097] Preferred embodiments of this invention are described
herein, including the best mode known to the inventors for carrying
out the invention. Variations of those preferred embodiments may
become apparent to those of ordinary skill in the art upon reading
the foregoing description. The inventors expect skilled artisans to
employ such variations as appropriate, and the inventors intend for
the invention to be practiced otherwise than as specifically
described herein. Accordingly, this invention includes all
modifications and equivalents of the subject matter recited in the
claims appended hereto as permitted by applicable law. Moreover,
any combination of the above-described elements in all possible
variations thereof is encompassed by the invention unless otherwise
indicated herein or otherwise clearly contradicted by context.
* * * * *