I used the RegistryMonitor-Wrapper to create an application that notifies the user when a Subkey is added to a specific Regsitrykey. Now I want my application to tell the user which process created that Subkey.
Is that possible?
Asked
Active
Viewed 78 times
0
-
Without reading all the source - it would suggest that this is not visible. Have you tried asking the guys who write it? – BugFinder May 14 '18 at 11:39
-
Sorry I guess you've got me wrong. I don't want to know if there's a "built-in" possiblity in the RegistryMonitor-Wrapper to do so. I'd like to know if there is any possibility in general to get the information which process created a specific subkey inside the registry. – Vik Toria May 14 '18 at 11:53
1 Answers
0
It is possible to monitor registry access as it happens, that's what e.g. ProcMon from Sysinternals is doing (https://learn.microsoft.com/en-us/sysinternals/downloads/procmon). For some information on how that might work, see e.g. https://stackoverflow.com/a/4835195/9272280
If you are asking whether it's possible to find out after the fact, which process created a given subkey: I believe the answer to that would be no.
pniederh
- 111
- 8