Detect changes to registry, prevent changes, etc

tags:

views:

198

answers:

1

Q:

Detect changes to registry, prevent changes, etc

How can you detect when the registry is changed? Furthermore, how can you prevent changes to the system registry?

I want to create a security tool, but can't seem to find this anywhere.

This is in vb.net.

I know the registry is stored as files on your computer somewhere, but I have no clue where it is stored, though I could probably use a FileSystemWatcher component to check it.

Then, for prevention, would simply duplicating the registry files and rolling back the changes work?

Would this be picked up as being "bad" by anti-virus software?

A:

I suspect you need to hook into the Windows APIs to do that. Process Explorer provides the "picture" of how that might work. And, yes, it does seem likely that anti-virus software might take a bad view of such behavior.

Not knowing what your goal is, it seems it might just be better to use Windows permissions to protect it. For example, this article discusses a bit on how to set permissions to allow/disallow edits.

Mark Wilkins 2009-12-29 03:51:51

Any suggestions for P/Invoke-ing that?

Cyclone 2009-12-29 03:59:50

Heh - I was worried that you might want details. I doubt that using process explorer directly is an option. I suspect, though, that one might be able to extract hints from it on how things might be done. There are examples, though, of hooking windows APIs. A quick search turns up one at: http://www.codeproject.com/KB/system/hooksys.aspx

Mark Wilkins 2009-12-29 04:10:54

This sounds confusing >.<

Cyclone 2009-12-29 16:27:01

Yes, hooking the APIs would be a fair bit of work. I think using the built-in ACL type of control would be simpler.

Mark Wilkins 2009-12-29 16:47:26

ansaurus

tags:

views:

answers:

Detect changes to registry, prevent changes, etc

related questions