What is the best practice for writing Registry calls/File Sytem calls/Process creation filter for WinXP, Vista?
https://stackoverflow.com/questions/54504
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
We needed to monitor all processes Registry calls/File Sytem calls/Process creations in the system (for the antivirus hips module) .
Also time by time it will be needed to delay some calls or decline them.
Solution
The supported method of doing this is RegNotifyChangeKeyValue
Most virus checkers likely perform some sort of API hooking instead of using this function. There's lots of information out there about API hooking, like http://www.codeproject.com/KB/system/hooksys.aspx, http://www.codeguru.com/cpp/w-p/system/misc/article.php/c5667
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
