Reputation: 48686
Intercepting Registry changes
I know that I can monitor registry changes using RegNotifyChangeKeyValue. What I am wondering is if its possible to intercept and possibly prevent reading and writing to the registry. I know some virus programs, such as Norton Anti-Virus, will popup a warning, asking if its okay for some program to modify the registry, there for, I can only assume there must be a way to do this.
Preferably, I'd prefer a managed way, using C#, however, if anyone has any idea how to do this, even if its using some WINAPI function, I'll accept that answer too.
Thanks, in advance
Upvotes: 4
Views: 2389
Answers (2)
Reputation: 920
Have a look at Easyhook - this is a managed version of an existing Microsoft Research project called Detours. This should do what you want.
Upvotes: 1
Reputation:
A few years ago I did it on Windows XP by writing a driver (sys). On 32-bit version of Windows I found the table with function addresses and I replaced them with my own. Of course, the driver was calling the original registry API functions from the inside.
Don't know how it works on Vista/7 and x64 systems. Perhaps you will have to do some reasearch on that.
If you go this way, don't be surprised if some anti virus software reports your driver as malware.
Upvotes: 0
Related Questions
- Tracking changes in Windows registry
- Monitoring registry value to never be changed or deleted
- Detours alternative for Registry interception
- Get which Registry value changed when RegNotifyChangeKeyValue triggered in c#
- Simple way to hook registry access for specific process
- Is there a way to monitor registry changes?
- Intercept value read from registry
- Monitoring Registry Changes
- Can I use RegNotifyChangeKeyValue to track changes to a value of a Registry key?
- Catch Registry request C++