Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Code Project
  1. Home
  2. General Programming
  3. C / C++ / MFC
  4. how hook the registry

how hook the registry

Scheduled Pinned Locked Moved C / C++ / MFC
windows-admintutorialquestion
9 Posts 3 Posters 0 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N Offline
    N Offline
    Natural_Demon
    wrote on last edited by
    #1

    hello, i would like to write a small service that checks programs that write to registry. does anyone have hints on this subjects? i just wanna detect it. detectif an aplication write/read fro the registry. and if needed prevent from writing to the registry. how to achieve this.

    Bad = knowing 2 much

    S C 2 Replies Last reply
    0
    • N Natural_Demon

      hello, i would like to write a small service that checks programs that write to registry. does anyone have hints on this subjects? i just wanna detect it. detectif an aplication write/read fro the registry. and if needed prevent from writing to the registry. how to achieve this.

      Bad = knowing 2 much

      S Offline
      S Offline
      Software_Developer
      wrote on last edited by
      #2

      RegistryKeyChangeEvent Class http://msdn.microsoft.com/en-us/library/aa393040(v=VS.85).aspx WMI Registry Classes http://msdn.microsoft.com/en-us/library/aa394573(VS.85).aspx WMI Tasks: Registry http://msdn.microsoft.com/en-us/library/aa394600(v=VS.85).aspx RegistryPermission Class http://msdn.microsoft.com/en-us/library/system.security.permissions.registrypermission.aspx

      1 Reply Last reply
      0
      • N Natural_Demon

        hello, i would like to write a small service that checks programs that write to registry. does anyone have hints on this subjects? i just wanna detect it. detectif an aplication write/read fro the registry. and if needed prevent from writing to the registry. how to achieve this.

        Bad = knowing 2 much

        C Offline
        C Offline
        Code o mat
        wrote on last edited by
        #3

        My guess would be to try to inject a dll into every process and hook the registry access methods. But as said, just a guess. Google for "injecting a DLL" and "hooking api calls" if you don't understand what i mean...

        > The problem with computers is that they do what you tell them to do and not what you want them to do. < > Sometimes you just have to hate coding to do it well. <

        N 1 Reply Last reply
        0
        • C Code o mat

          My guess would be to try to inject a dll into every process and hook the registry access methods. But as said, just a guess. Google for "injecting a DLL" and "hooking api calls" if you don't understand what i mean...

          > The problem with computers is that they do what you tell them to do and not what you want them to do. < > Sometimes you just have to hate coding to do it well. <

          N Offline
          N Offline
          Natural_Demon
          wrote on last edited by
          #4

          yes, that's what i wanna do, hook a dll into 'windows' or explorer.exe. just like sopme virusses, accept i wanna prevent them.

          Bad = knowing 2 much

          C 1 Reply Last reply
          0
          • N Natural_Demon

            yes, that's what i wanna do, hook a dll into 'windows' or explorer.exe. just like sopme virusses, accept i wanna prevent them.

            Bad = knowing 2 much

            C Offline
            C Offline
            Code o mat
            wrote on last edited by
            #5

            i could be completely wrong here but as far as my knowledge goes hooking into explorer won't affect any other processes trying to access the registry...

            > The problem with computers is that they do what you tell them to do and not what you want them to do. < > Sometimes you just have to hate coding to do it well. <

            N 2 Replies Last reply
            0
            • C Code o mat

              i could be completely wrong here but as far as my knowledge goes hooking into explorer won't affect any other processes trying to access the registry...

              > The problem with computers is that they do what you tell them to do and not what you want them to do. < > Sometimes you just have to hate coding to do it well. <

              N Offline
              N Offline
              Natural_Demon
              wrote on last edited by
              #6

              wel, i don't know at all , but i wanna write sometol, to inform my customers that there is something wrong. i probably need to hook in the kernel or so. i read some of the links from msdn and codeproject, but stil nothing what i need, but good info. : )

              Bad = knowing 2 much

              1 Reply Last reply
              0
              • C Code o mat

                i could be completely wrong here but as far as my knowledge goes hooking into explorer won't affect any other processes trying to access the registry...

                > The problem with computers is that they do what you tell them to do and not what you want them to do. < > Sometimes you just have to hate coding to do it well. <

                N Offline
                N Offline
                Natural_Demon
                wrote on last edited by
                #7

                hmmmm, this is 'API hooking revealed[^]' instresting material. it provide something i need. hook all proceses. atleast the test app's log told me exactly what programm i have open. : )

                Bad = knowing 2 much

                C 1 Reply Last reply
                0
                • N Natural_Demon

                  hmmmm, this is 'API hooking revealed[^]' instresting material. it provide something i need. hook all proceses. atleast the test app's log told me exactly what programm i have open. : )

                  Bad = knowing 2 much

                  C Offline
                  C Offline
                  Code o mat
                  wrote on last edited by
                  #8

                  Don't know which method of DLL injection you will choose but i guess since you want to monitor every process's attempts to access the registry you will choose the 1st method (Registry) under the "Injecting techniques" on the page you linked to in your post. Just a warning here, not everyone has the rights to read/write any parts of the registry, so don't get bad surprises e.g. when your proggie works great under Windows xp but fails on Vista (like i had this experience sadly :( ) or it works ok under the admin account but not under a normal user account. Anyways, i did some work with api hooking myself, so if you get stuck somewhere, ask away and if i can, i help.

                  > The problem with computers is that they do what you tell them to do and not what you want them to do. < > Sometimes you just have to hate coding to do it well. <

                  N 1 Reply Last reply
                  0
                  • C Code o mat

                    Don't know which method of DLL injection you will choose but i guess since you want to monitor every process's attempts to access the registry you will choose the 1st method (Registry) under the "Injecting techniques" on the page you linked to in your post. Just a warning here, not everyone has the rights to read/write any parts of the registry, so don't get bad surprises e.g. when your proggie works great under Windows xp but fails on Vista (like i had this experience sadly :( ) or it works ok under the admin account but not under a normal user account. Anyways, i did some work with api hooking myself, so if you get stuck somewhere, ask away and if i can, i help.

                    > The problem with computers is that they do what you tell them to do and not what you want them to do. < > Sometimes you just have to hate coding to do it well. <

                    N Offline
                    N Offline
                    Natural_Demon
                    wrote on last edited by
                    #9

                    wel the program is for my customers. the computers i sell and install, debug & fix for my clients in my friends lilte store. so i have 'admin' acces from first moment on. yes, i wanna intercept any program a user executes and attempts to write to the registry. but much investigation has to be done. because some proceses execute as 'system' and not as user. but in the first place, i only want to protect certains spots in the registry, you know the dangerous spots, run, runonce, etc, etc. the 'hook' is targetted @ people that have no clue and just chat, navigate a litle.

                    Bad = knowing 2 much

                    1 Reply Last reply
                    0
                    Reply
                    • Reply as topic
                    Log in to reply
                    • Oldest to Newest
                    • Newest to Oldest
                    • Most Votes


                    • Login

                    • Don't have an account? Register

                    • Login or register to search.
                    • First post
                      Last post
                    0
                    • Categories
                    • Recent
                    • Tags
                    • Popular
                    • World
                    • Users
                    • Groups