registry operations
-
how can i get registry operations associatd to a given executable files? in other words, how can i get subkeys names that are created by a given process?
-
how can i get registry operations associatd to a given executable files? in other words, how can i get subkeys names that are created by a given process?
There are tools that watch what a process is doing and can inform you of the changes to the registry that it makes. Alternatively you can use a disassembler and look for registry strings, or calls to the Registry APIs and see what it is doing.
*Developer Day Scotland - Free community conference Delegate Registration Open
-
There are tools that watch what a process is doing and can inform you of the changes to the registry that it makes. Alternatively you can use a disassembler and look for registry strings, or calls to the Registry APIs and see what it is doing.
*Developer Day Scotland - Free community conference Delegate Registration Open
I already found such tool(procmon) but i need to get subkeys associated to a given process using c#.