Ok if anyone can solve this they must be a genius because its nowhere on the web!
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
This program detects registry accesses and tells you which process did it.
Does anyone know how i can do this? I can detect changes, but i cant get the process.
Thanks in advance
It's done by hooking system calls. It hooks calls to RegOpenKey (etc) and records all the information about the process accessing the registry before passing the call to the real RegOpenKey.
See EasyHook for a library that makes it relatively easy to write API hooks in Windows.
However, when I say "easy", I actually mean "here be monsters!" API hooking is not for the faint of heart and you should have a very good working knowledge of the internals of Windows before you attempt it.
If you just want to find out what's doing it, then you can use ProcessMonitor, or one of the other derivations of those tools from Sysinternals, now run by Microsoft as Winternals. See the list of programs here.
If you want to write a program to do it, you'll have to hook the registry access functions. The source code for that can be found in archives of the Sysinternals tools. It doesn't seem to be available anymore with the program.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论