Hi,
I need to trace and deny writing to the specified registry keys, but it is impossible for me to use IAT patching/proxy DLL/process injections and so on, because my app will have no rights to create/write to file. What I can do? Can I use system hooks? If yes, what messages I need to trap?
Thanks beforehand.
I need to trace and deny writing to the specified registry keys, but it is impossible for me to use IAT patching/proxy DLL/process injections and so on, because my app will have no rights to create/write to file. What I can do? Can I use system hooks? If yes, what messages I need to trap?
Thanks beforehand.
I think this is usually done with a VXD/KMD. I saw some apps to do
it some time ago, which definitely included VXDs. Other than that,
I'm afraid I can't be of much help.
it some time ago, which definitely included VXDs. Other than that,
I'm afraid I can't be of much help.
Why don't you check Regmon's source at
sysinternals ?
Regmon is a Registry monitor.
Hope that helps
Latigo
sysinternals ?
Regmon is a Registry monitor.
Hope that helps
Latigo
Thanks for your answers. I have forgotten about REGMON completely.