General Registry Monitoring Protection

[abazabam]

Is there a general function to use to prevent registry monitoring programs from monitoring the registry values a VB program accesses? I know there's ways to stop specific registry monitors from monitoring a VB program such as detecting Regmon but I'm looking for a general function. Thanks

[randem]

Why would you want to secretly put things in the registry in the protected areas???

[abazabam]

No, just prevent registry monitors from figuring out what registry keys/values a VB program accesses to prevent anyone from figuring out its "secret".

[randem]

If you could do that the registry monitors would already be monitoring that. Anything you can do so can they.

[abazabam]

Yeah, I know. I'm not trying to create an uncrackable program since there's no such thing but I'm trying to create a program with a little above basic anticracking methods.

[randem]

Encryption is your best bet...

[abazabam]

But encryption isn't going to work while reading registry keys/values that have already been set such as HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and other keys.

[randem]

Why would you need to encrypt that key? That makes no sense to confuse the computer...

[leinad31]

If they persevere they can always compare the registry entries before and after install/run. Just encrypt the registry values.

[abazabam]

No, I'm mostly talking about reading keys/values, not writing.

[schoolbusdriver]

There are at least 2 ways in which a registry valuename/value can be written that are effectively hidden from the average user - at least users of RegEdit or any other software that does not entirely use the Native APIs. I don't know about all the editors and monitors out there. The different methods use either the Native or Normal APIs. I think I've mentioned this to you once in a PM - I hope you've deleted it. I won't post any code on this, as the operating system still recognises the entries as valid - values put in ....\Current Version\Run WILL be executed... It can be used for malicious purposes.

Before you even think of doing anything other than simply writing encrypted values, consider the case against Sony (google "sony rootkit court"), who used rootkits to prevent the OS from seeing what their music copyright software was doing. Because they couldn't possibly know all the hardware/software variations out there, thousands of PCs ended up with disabled hardware. Inevitably, they were caught out. The last time I bothered to look they were facing a number of class actions in the courts. Honesty is usually the best policy .

Also, there's nothing to stop someone just using System Restore.....

[abazabam]

No, I'm trying to stop people from seeing the programs inner workings so people can't see what values/keys it's reading (not really writing).

[leinad31]

So your sniffing around and don't want to get caught doing so. Real nice plan you goit there.

[abazabam]

The program's supposed to be like a really watered down version of Armadillo/ASProtect/Themida except written in VB. I'M NOT TRYING TO CREATE A MALICIOUS PROGRAM!!!