Monitoring registry

How can you monitor the registry changes but not using RegNotifyChangeKeyValue cuz by using this API function you can find out only when a registry is modified but not what key is modified and how is modified(renaming create delete etc).
10x

Comments

  • : How can you monitor the registry changes but not using RegNotifyChangeKeyValue cuz by using this API function you can find out only when a registry is modified but not what key is modified and how is modified(renaming create delete etc).
    : 10x
    :
    The on;y way I can come up with is to make a copy of the complete registry structure into the memory of your program. Then you can simply determine the changes by comparing the registry with that copy. This is a simple yet brutal method, but it will show you which values are modified, deleted and created. You will see renamed as a combination of deletion (of the old name) and creation (of the new name).
    Perhaps there are some registry notification functions in windows, but they are not known by me.
  • : : How can you monitor the registry changes but not using RegNotifyChangeKeyValue cuz by using this API function you can find out only when a registry is modified but not what key is modified and how is modified(renaming create delete etc).
    : : 10x
    : :
    : The on;y way I can come up with is to make a copy of the complete registry structure into the memory of your program. Then you can simply determine the changes by comparing the registry with that copy. This is a simple yet brutal method, but it will show you which values are modified, deleted and created. You will see renamed as a combination of deletion (of the old name) and creation (of the new name).
    : Perhaps there are some registry notification functions in windows, but they are not known by me.
    :

    There is an application called Regmon which uses a tehniq called system call hook which notice you when keys are modified and what key and which way they were modified.But i don't know how this tehniq works it's something about windows kernel modifieng some things or something like that.
  • : : : How can you monitor the registry changes but not using RegNotifyChangeKeyValue cuz by using this API function you can find out only when a registry is modified but not what key is modified and how is modified(renaming create delete etc).
    : : : 10x
    : : :
    : : The on;y way I can come up with is to make a copy of the complete registry structure into the memory of your program. Then you can simply determine the changes by comparing the registry with that copy. This is a simple yet brutal method, but it will show you which values are modified, deleted and created. You will see renamed as a combination of deletion (of the old name) and creation (of the new name).
    : : Perhaps there are some registry notification functions in windows, but they are not known by me.
    : :
    :
    : There is an application called Regmon which uses a tehniq called system call hook which notice you when keys are modified and what key and which way they were modified.But i don't know how this tehniq works it's something about windows kernel modifieng some things or something like that.
    :
    A windows system hook is nothing more than a user defined function, which is hooked (hence its name) into one of the windows "subsystems". Each time a certain event happens that function is called. An example, which is simple to visualize, is the keyboard hook. This allows a program to watch the keyboard keys, even if that program doesn't have the focus. I hope this explains a little what system hooks are.
    As for your particular hook, I would suggest that you visit the online microsoft knowedge-base (http://msdn.microsoft.com) and look into registry hooks.
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories