I know that I can monitor registry changes using RegNotifyChangeKeyValue. What 开发者_如何学CI am wondering is if its possible to intercept and possibly prevent reading and writing to the registry. I know some virus programs, such as Norton Anti-Virus, will popup a warning, asking if its okay for some program to modify the registry, there for, I can only assume there must be a way to do this.
Preferably, I'd prefer a managed way, using C#, however, if anyone has any idea how to do this, even if its using some WINAPI function, I'll accept that answer too.
Thanks, in advance
Have a look at Easyhook - this is a managed version of an existing Microsoft Research project called Detours. This should do what you want.
A few years ago I did it on Windows XP by writing a driver (sys). On 32-bit version of Windows I found the table with function addresses and I replaced them with my own. Of course, the driver was calling the original registry API functions from the inside.
Don't know how it works on Vista/7 and x64 systems. Perhaps you will have to do some reasearch on that.
If you go this way, don't be surprised if some anti virus software reports your driver as malware.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论