monitoring whole registry
-
Hi, What I would like to do is to monitor the whole registry in win xp. The best would be to receive an event when a registry key has changed/created/received but in a way that I could figure out which key was it. So far I subscribed for quite a few RegistryTreeChangeEvent to see the tree changes in every hive. But the problem with this is that in RegistryTreeChangeEvent I couldn't figure out which key changed just the hive and the rootpath. I tried to find the change in the registry but it's very time and resource consuming. My next idea would be to register for RegistryKeyChangeEvent and RegistryValueChangeEvent for every registry key but I'm guessing it would have a huge overhead. So if anybody knows any way to receive events when something changes in the registry or how to monitor the whole registry at all then please tell me! And I have read some articles here which were useful in general but it didn't solve my problem: http://www.codeproject.com/KB/system/WMI\_RegistryMonitor.aspx http://www.codeproject.com/KB/system/registrymonitor.aspx Thanks in advance, Geri
-
Hi, What I would like to do is to monitor the whole registry in win xp. The best would be to receive an event when a registry key has changed/created/received but in a way that I could figure out which key was it. So far I subscribed for quite a few RegistryTreeChangeEvent to see the tree changes in every hive. But the problem with this is that in RegistryTreeChangeEvent I couldn't figure out which key changed just the hive and the rootpath. I tried to find the change in the registry but it's very time and resource consuming. My next idea would be to register for RegistryKeyChangeEvent and RegistryValueChangeEvent for every registry key but I'm guessing it would have a huge overhead. So if anybody knows any way to receive events when something changes in the registry or how to monitor the whole registry at all then please tell me! And I have read some articles here which were useful in general but it didn't solve my problem: http://www.codeproject.com/KB/system/WMI\_RegistryMonitor.aspx http://www.codeproject.com/KB/system/registrymonitor.aspx Thanks in advance, Geri
Hi Geri, I think you may find something using "Windows Hooks" , you need to search for it , i am assuming that if registry value is changed a message or notification should be sent to the system , we can use "Windows Hooks" to get this message form the system's message queue (i am not not sure about the method , just try to mention a possible solution) , the above two methods u mentioned do pooling on to registry , which not good always :)
-Regards Bharat Jain bharat.jain.nagpur@gmail.com
-
Hi Geri, I think you may find something using "Windows Hooks" , you need to search for it , i am assuming that if registry value is changed a message or notification should be sent to the system , we can use "Windows Hooks" to get this message form the system's message queue (i am not not sure about the method , just try to mention a possible solution) , the above two methods u mentioned do pooling on to registry , which not good always :)
-Regards Bharat Jain bharat.jain.nagpur@gmail.com
Hi, First of all thanks for your reply! I looked for some reading on the windows hooks you mentioned, but unfortunately I haven't had much luck. The thing is that I couldn't find any hooks which would give information about the registry. Actually I found these hook types: * WH_CALLWNDPROC and WH_CALLWNDPROCRET Hooks * WH_CBT Hook * WH_DEBUG Hook * WH_FOREGROUNDIDLE Hook * WH_GETMESSAGE Hook * WH_JOURNALPLAYBACK Hook * WH_JOURNALRECORD Hook * WH_KEYBOARD_LL Hook * WH_KEYBOARD Hook * WH_MOUSE_LL Hook * WH_MOUSE Hook * WH_MSGFILTER and WH_SYSMSGFILTER Hooks * WH_SHELL Hook http://msdn.microsoft.com/en-us/library/ms644959(VS.85).aspx but none of them looks useful for me. If you have any other ideas or links where I could read more then it would be very much appreciated. cheers Geri