how hook the registry
-
hello, i would like to write a small service that checks programs that write to registry. does anyone have hints on this subjects? i just wanna detect it. detectif an aplication write/read fro the registry. and if needed prevent from writing to the registry. how to achieve this.
Bad = knowing 2 much
-
hello, i would like to write a small service that checks programs that write to registry. does anyone have hints on this subjects? i just wanna detect it. detectif an aplication write/read fro the registry. and if needed prevent from writing to the registry. how to achieve this.
Bad = knowing 2 much
RegistryKeyChangeEvent Class http://msdn.microsoft.com/en-us/library/aa393040(v=VS.85).aspx WMI Registry Classes http://msdn.microsoft.com/en-us/library/aa394573(VS.85).aspx WMI Tasks: Registry http://msdn.microsoft.com/en-us/library/aa394600(v=VS.85).aspx RegistryPermission Class http://msdn.microsoft.com/en-us/library/system.security.permissions.registrypermission.aspx
-
hello, i would like to write a small service that checks programs that write to registry. does anyone have hints on this subjects? i just wanna detect it. detectif an aplication write/read fro the registry. and if needed prevent from writing to the registry. how to achieve this.
Bad = knowing 2 much
My guess would be to try to inject a dll into every process and hook the registry access methods. But as said, just a guess. Google for "injecting a DLL" and "hooking api calls" if you don't understand what i mean...
> The problem with computers is that they do what you tell them to do and not what you want them to do. < > Sometimes you just have to hate coding to do it well. <
-
My guess would be to try to inject a dll into every process and hook the registry access methods. But as said, just a guess. Google for "injecting a DLL" and "hooking api calls" if you don't understand what i mean...
> The problem with computers is that they do what you tell them to do and not what you want them to do. < > Sometimes you just have to hate coding to do it well. <
yes, that's what i wanna do, hook a dll into 'windows' or explorer.exe. just like sopme virusses, accept i wanna prevent them.
Bad = knowing 2 much
-
yes, that's what i wanna do, hook a dll into 'windows' or explorer.exe. just like sopme virusses, accept i wanna prevent them.
Bad = knowing 2 much
i could be completely wrong here but as far as my knowledge goes hooking into explorer won't affect any other processes trying to access the registry...
> The problem with computers is that they do what you tell them to do and not what you want them to do. < > Sometimes you just have to hate coding to do it well. <
-
i could be completely wrong here but as far as my knowledge goes hooking into explorer won't affect any other processes trying to access the registry...
> The problem with computers is that they do what you tell them to do and not what you want them to do. < > Sometimes you just have to hate coding to do it well. <
wel, i don't know at all , but i wanna write sometol, to inform my customers that there is something wrong. i probably need to hook in the kernel or so. i read some of the links from msdn and codeproject, but stil nothing what i need, but good info. : )
Bad = knowing 2 much
-
i could be completely wrong here but as far as my knowledge goes hooking into explorer won't affect any other processes trying to access the registry...
> The problem with computers is that they do what you tell them to do and not what you want them to do. < > Sometimes you just have to hate coding to do it well. <
hmmmm, this is 'API hooking revealed[^]' instresting material. it provide something i need. hook all proceses. atleast the test app's log told me exactly what programm i have open. : )
Bad = knowing 2 much
-
hmmmm, this is 'API hooking revealed[^]' instresting material. it provide something i need. hook all proceses. atleast the test app's log told me exactly what programm i have open. : )
Bad = knowing 2 much
Don't know which method of DLL injection you will choose but i guess since you want to monitor every process's attempts to access the registry you will choose the 1st method (Registry) under the "Injecting techniques" on the page you linked to in your post. Just a warning here, not everyone has the rights to read/write any parts of the registry, so don't get bad surprises e.g. when your proggie works great under Windows xp but fails on Vista (like i had this experience sadly :( ) or it works ok under the admin account but not under a normal user account. Anyways, i did some work with api hooking myself, so if you get stuck somewhere, ask away and if i can, i help.
> The problem with computers is that they do what you tell them to do and not what you want them to do. < > Sometimes you just have to hate coding to do it well. <
-
Don't know which method of DLL injection you will choose but i guess since you want to monitor every process's attempts to access the registry you will choose the 1st method (Registry) under the "Injecting techniques" on the page you linked to in your post. Just a warning here, not everyone has the rights to read/write any parts of the registry, so don't get bad surprises e.g. when your proggie works great under Windows xp but fails on Vista (like i had this experience sadly :( ) or it works ok under the admin account but not under a normal user account. Anyways, i did some work with api hooking myself, so if you get stuck somewhere, ask away and if i can, i help.
> The problem with computers is that they do what you tell them to do and not what you want them to do. < > Sometimes you just have to hate coding to do it well. <
wel the program is for my customers. the computers i sell and install, debug & fix for my clients in my friends lilte store. so i have 'admin' acces from first moment on. yes, i wanna intercept any program a user executes and attempts to write to the registry. but much investigation has to be done. because some proceses execute as 'system' and not as user. but in the first place, i only want to protect certains spots in the registry, you know the dangerous spots, run, runonce, etc, etc. the 'hook' is targetted @ people that have no clue and just chat, navigate a litle.
Bad = knowing 2 much