| View previous topic :: View next topic |
| Author |
Message |
geicsge
Newbie
Joined: 27 Feb 2009
Posts: 19
|
 Posted: Fri Feb 27, 2009 12:21 am Post subject: Real Time files\registry monitor |
 |
|
| There is a way to monitor the files\registry changes (create\read\change\delete) made by an application that you selected? |
|
| Back to top |
|
 |
Garrett
Moderator Team
Joined: 04 Oct 2001
Posts: 2149
Location: A House
|
| Posted: Fri Feb 27, 2009 1:38 am Post subject: |
|
|
Yes, you can make a registry monitor and or a file monitor using VDS. In fact, I think I did a registry monitor example on the main site, if you can't find it, let me know and I'll upload it.
I believe it only monitored some key sections in the registry, like the startup entry sections.
I recently did a file monitor also, but! It's not good for say monitoring the entire Windows directory and sub directories. It kind of hits the cpu hard when you try to check that many files, and it's not so quick since there's so many files.
Now, on the other hand, if you're selective about which files to keep an eye on, then yes, VDS would work just fine for that.
_________________
'What you do not want done to yourself, do not do to others.' - Confucius (550 b.c. to 479 b.c.) |
|
| Back to top |
|
|
geicsge
Newbie
Joined: 27 Feb 2009
Posts: 19
|
| Posted: Fri Feb 27, 2009 9:43 am Post subject: |
|
|
Thank you for your answer, Garrett.
I already saw the GT-RegistryMonitor.dsc example.
Yes, I asked for a true real time reg/files monitor.
I can not interact with any commercial or freeware reg/files monitor (to use it with my VDS applications), in fact only RegMon and FileMon from SysInternals can do the right things, other programms have bugs, do blue screens or have other problems, for example, don't show the PID/proccess who make the file/reg change, so... etc
I don't know in this moment how to build a DLL for VDS or how to monitor API calls.
That's why I asked for help, maybe someone already build a VDS extension...
Regarding registry functions monitoring, the complete list is:
On Windows XP
NtDeleteKey
NtSetValueKey
NtDeleteValueKey
NtSetInformationKey
NtRenameKey
NtEnumerateKey
NtEnumerateValueKey
NtQueryKey
NtQueryValueKey
NtQueryMultipleValueKey
NtCreateKey
NtOpenKey
NtKeyHandleClose
On Windows Server 2003 all of the above and
NtCreateKeyEx
NtOpenKeyEx
On Windows Vista all of the above and
NtFlushKey
NtLoadKey
NtUnLoadKey
NtQuerySecurityKeyInformation
NtSetSecurityKeyInformation |
|
| Back to top |
|
|
Garrett
Moderator Team
Joined: 04 Oct 2001
Posts: 2149
Location: A House
|
| Posted: Fri Feb 27, 2009 9:53 am Post subject: |
|
|
Well that's not a very big list at all. If VDS has the ability to get you all your information need, I believe it should do just fine.
Best thing to do is to try a few experiments to see if VDS as is will do what you desire.
Also, check out the freeware and shareware dll file sections to see if there are any dll files that might help in you with this project.
Good luck and have fun 
~Garrett
_________________
'What you do not want done to yourself, do not do to others.' - Confucius (550 b.c. to 479 b.c.) |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
@vdsworld