I want to be able to see what file and registry changes a file is making, equivilent to filemon and sysmon. Does anyone know how to do this?
Printable View
I want to be able to see what file and registry changes a file is making, equivilent to filemon and sysmon. Does anyone know how to do this?
I think it is actually possible to set up a system wide hook monitoring registry access (in a C/C++ DLL), but i haven't got a clue how to do this etc :(
Soz
I wish to this same thing in VB, i know it is possible to do in windows because i have this program called RegMon which monitors the registry and displays it. It is made by Jan Sultan.
Well I've seen a program doing this, it was written in C++, *but* it needed a VxD to integrate into windows and get info about which file was written to wich byte was changed and stuff, real cool, altough I have no clue how to make VxD's...
About that registry thingie, that's easier, because there are callback api's that notify you when something changes, and I believe it also tells you what's changing...
There's something like that for files, but they only let you know if it changed...
oh wait.. there's something that tell's you if it's getting renamed and to what it's renamed/copied/whatever...
Lemme look it up for ya... I can remember it was in some beta state or something so be careful ;)
I believe this is what you're looking for...
it's for VB, but it shouldn't be too hard to convert to C++
http://www.mvps.org/vbnet/code/shell/shchangenotify.htm