How to be informed/notified of registry modifications
-
Hi, i need to know when some (or every, if no other way) keys of the windows' registry are modified or added or removed. I looked for some kind of hooks but didn't manage to do it... Is there a way to achieve this ? thanks ;)
-
Hi, i need to know when some (or every, if no other way) keys of the windows' registry are modified or added or removed. I looked for some kind of hooks but didn't manage to do it... Is there a way to achieve this ? thanks ;)
Alexandre GRANVAUD wrote:
Hi, i need to know when some (or every, if no other way) keys of the windows' registry are modified or added or removed.
See
RegNotifyChangeKeyValue().
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
-
Alexandre GRANVAUD wrote:
Hi, i need to know when some (or every, if no other way) keys of the windows' registry are modified or added or removed.
See
RegNotifyChangeKeyValue().
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
yeah thanks a lot ! :)
-
Alexandre GRANVAUD wrote:
Hi, i need to know when some (or every, if no other way) keys of the windows' registry are modified or added or removed.
See
RegNotifyChangeKeyValue().
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
-
Hi, i need to know when some (or every, if no other way) keys of the windows' registry are modified or added or removed. I looked for some kind of hooks but didn't manage to do it... Is there a way to achieve this ? thanks ;)
-
Thanks guys ! ^^
-
Alexandre GRANVAUD wrote:
Hi, i need to know when some (or every, if no other way) keys of the windows' registry are modified or added or removed.
See
RegNotifyChangeKeyValue().
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
Ok i tried this function but the only thing it does is notifying me something has changed under a specified regkey. But how do i know what exactly changed ?
-
Ok i tried this function but the only thing it does is notifying me something has changed under a specified regkey. But how do i know what exactly changed ?
Alexandre GRANVAUD wrote:
But how do i know what exactly changed ?
You mean what value was changed?
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
-
Alexandre GRANVAUD wrote:
But how do i know what exactly changed ?
You mean what value was changed?
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
yes or what subkey was added/removed ... etc
-
yes or what subkey was added/removed ... etc
You'll need to compare before and after "snapshots."
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
-
You'll need to compare before and after "snapshots."
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
that's what i already do but it's very very slow because ineed to compare 2 trees of HKLM\Classes ! no way to get only the things that changed ?
-
that's what i already do but it's very very slow because ineed to compare 2 trees of HKLM\Classes ! no way to get only the things that changed ?
Alexandre GRANVAUD wrote:
no way to get only the things that changed ?
None that I know of.
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
-
Alexandre GRANVAUD wrote:
no way to get only the things that changed ?
None that I know of.
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
:( so is there a way to extract a .reg (snapshot) at one time, extract another one after and a tool to compare and save another .reg containing the differences ?
-
:( so is there a way to extract a .reg (snapshot) at one time, extract another one after and a tool to compare and save another .reg containing the differences ?
Yes, see
RegSaveKey().
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
-
Yes, see
RegSaveKey().
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
great :) with this i can do my 2 snapshots (are they .reg files ?) but how to compare and extract differencies from the 2 snapshots ?
-
great :) with this i can do my 2 snapshots (are they .reg files ?) but how to compare and extract differencies from the 2 snapshots ?
Alexandre GRANVAUD wrote:
(are they .reg files ?)
That's determined by the second argument.
Alexandre GRANVAUD wrote:
but how to compare and extract differencies from the 2 snapshots ?
The same way you would compare any two files. For a quick & dirty approach, you could capture the output of fc.exe.
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
-
Alexandre GRANVAUD wrote:
(are they .reg files ?)
That's determined by the second argument.
Alexandre GRANVAUD wrote:
but how to compare and extract differencies from the 2 snapshots ?
The same way you would compare any two files. For a quick & dirty approach, you could capture the output of fc.exe.
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
fc.exe is it included in windows ?
-
fc.exe is it included in windows ?
As far as I know, it's part of the standard installation.
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
-
As far as I know, it's part of the standard installation.
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne
nice :) but the second argument you mentionned is just the filename not the fileformat, i'd need text file format (like .regs are)
-
nice :) but the second argument you mentionned is just the filename not the fileformat, i'd need text file format (like .regs are)
Alexandre GRANVAUD wrote:
i'd need text file format (like .regs are)
Which is what
RegSaveKey()does.
"A good athlete is the result of a good and worthy opponent." - David Crow
"To have a respect for ourselves guides our morals; to have deference for others governs our manners." - Laurence Sterne