Hi
i search someone who like to help me understanding how to code a routine to watch if a file is changed.
i need it to make a registry spy ,who watch if the regfiles are edited by another program then regedit.exe
i think i have to make a timer who read alltime the filessize of the registry and if its changed :
see if the handle of the program ,who actual try to edit the registry ,has the same as regedit.exe
if yes,make nothing
if no show popup warning message
but if another program has the same handlename ,i have a problem i think.
any ideas what i have to do or what i can do else ?
thx
how do you want to obtain this handle? the only thing i've got in mind is creating a timer (like you said) and checking the filesize of the registry - if the registry is changed regedit MUST be open and you know it's windowname and windowclass so if "findWindow" returns some error the registry have been manipulated by some other program i think...
Hi
yes ,thats the way i try to use it.
i use a tool to get the window handles and write down the name of the regedit.exe handle.
now,im not shure if i should make a timer to see if filesize has changed or if i should make a hook for the api call to write to files.
i use allready a timer inside my tool and i dont want to use much resources from the system by using 2.
so what is better the hook or the timer function i declare ?
thx
I didn't look to see if this is c/c++ VB or asm.
Regmon v4.32
http://www.sysinternals.com/ntw2k/source/regmon.shtml
This monitoring tool lets you see all Registry activity in real-time. It works on all versions of WinNT/2K as well as Windows 9x/Me and full source is included.
There is also a utility for watching file activity, with source at this website.