I need to trace and deny writing to the specified registry keys, but it is impossible for me to use IAT patching/proxy DLL/process injections and so on, because my app will have no rights to create/write to file. What I can do? Can I use system hooks? If yes, what messages I need to trap?

Thanks beforehand.
Posted on 2001-09-02 14:25:03 by Maestro
I think this is usually done with a VXD/KMD. I saw some apps to do
it some time ago, which definitely included VXDs. Other than that,
I'm afraid I can't be of much help.
Posted on 2001-09-02 15:49:05 by f0dder
Why don't you check Regmon's source at
sysinternals ?
Regmon is a Registry monitor.

Hope that helps

Posted on 2001-09-02 19:53:30 by latigo
Thanks for your answers. I have forgotten about REGMON completely.
Posted on 2001-09-03 10:33:02 by Maestro