Advanced Registry Monitoring
Posted
by
RyanTimmons91
on Stack Overflow
See other posts from Stack Overflow
or by RyanTimmons91
Published on 2013-10-30T15:36:00Z
Indexed on
2013/10/30
15:54 UTC
Read the original article
Hit count: 117
c#
I'm attempting to create a small utility to watch for the creation (or modification) of a specific registry key, and to kill the process responsible for causing that registry modification.
I have had success in watching the changes to the registry via a class called 'RegistryMonitor', however it does not give you any information on what process initiated the registry call, through some googling I found that a library called 'EasyHook' should be able to do what I want, but all the documentation states that its designed for a per-application hook.
The program itself is a temporary security patch, until our vendors come out with an official security update.
As best I can tell there isn't a way to do exactly what I want to accomplish from C#, which is the only language I can comfortable write, test and execute software in.
Any help on this would be appreciated
I'm considering watching the registry changes via the program I already have, then if the change is discovered (the pc is already infected) running RKill and locking down the PC to prevent the issue from getting any worse
© Stack Overflow or respective owner