Advanced Registry Monitoring

Posted by RyanTimmons91 on Stack Overflow See other posts from Stack Overflow or by RyanTimmons91
Published on 2013-10-30T15:36:00Z Indexed on 2013/10/30 15:54 UTC
Read the original article Hit count: 119

Filed under:

I'm attempting to create a small utility to watch for the creation (or modification) of a specific registry key, and to kill the process responsible for causing that registry modification.

I have had success in watching the changes to the registry via a class called 'RegistryMonitor', however it does not give you any information on what process initiated the registry call, through some googling I found that a library called 'EasyHook' should be able to do what I want, but all the documentation states that its designed for a per-application hook.

The program itself is a temporary security patch, until our vendors come out with an official security update.

As best I can tell there isn't a way to do exactly what I want to accomplish from C#, which is the only language I can comfortable write, test and execute software in.

Any help on this would be appreciated

I'm considering watching the registry changes via the program I already have, then if the change is discovered (the pc is already infected) running RKill and locking down the PC to prevent the issue from getting any worse

© Stack Overflow or respective owner

Related posts about c#