Is there any way, using c#, to monitor which registry key has been added by a certain process? the important thing for me is to know the key name (path) and not just the fact that a key has been added. thanks
Asked
Active
Viewed 149 times
0
-
No, not by a 'certain process'. – Hans Passant Nov 22 '13 at 16:47
-
See if this link helps you get a better idea of what you are trying to do: http://stackoverflow.com/questions/8898182/how-to-handle-key-press-event-in-console-application – Kpt.Khaos Nov 22 '13 at 16:53
-
**registery** key. not keyboard key. – Olivier Nov 22 '13 at 16:55
-
My apologize looking at another post. – Kpt.Khaos Nov 22 '13 at 16:56
-
See if this is more along the lines you are looking for: http://stackoverflow.com/questions/1614088/finding-out-what-registry-keys-have-been-changed-c-sharp?rq=1 – Kpt.Khaos Nov 22 '13 at 16:58
1 Answers
0
In my humble opinion, you cannot do this in C# only.
However, I can guide you to a solution (but it is quite advanced, though)
Registery is handled by winapi calls (which are native functions). For instance, one of them is:
[DllImport("advapi32.dll", CharSet = CharSet.Auto, BestFitMapping = false)]
internal static int RegSetValueEx(SafeRegistryHandle hKey, string lpValueName, int Reserved, RegistryValueKind dwType, string lpData, int cbData);
Thus, knowing when a process sets a registry value is equivalent to know when this function is called.
You can inject a process and "hack" a function (i.e. replace an existing function with your own implementation) using easy hook.
Your solution would be to use this library, hook the process you want and replace RegSetValueEx (in advapi32.dll) with a custom implementation that would only forward the call to the real implementation, and notify you when needed.
Olivier
- 5,578
- 2
- 31
- 46
-
-
suppose I want to create an application that monitor when the function RegSetValueEx is been triggered and which parameters it gets, how can I do that ? – Sagi Nov 22 '13 at 21:56