Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Monitoring Windows Registry Changes

by Eustaquio (Novice)
on Aug 03, 2001 at 17:18 UTC ( #101966=perlquestion: print w/ replies, xml ) Need Help??
Eustaquio has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks: I'm in charge in Security Project that needs monitoring Windows Registry changes. How can I do it in perl? Thanks in Advance. Eustaquio - jeustaqi@net.em.com.br

Comment on Monitoring Windows Registry Changes
Re: Monitoring Windows Registry Changes
by c-era (Curate) on Aug 03, 2001 at 17:21 UTC
    I would create a windows service that on boot would make a copy of the registy (keys and values). Then every hour (or what ever resolution you need), I would have it scan the registry and look for differences, and have the script e-mail a report. Take a look at the Win32::Registry and Win32::Daemon from Roth Consulting (which appears to be down right now).
Re: Monitoring Windows Registry Changes
by joefission (Monk) on Aug 03, 2001 at 17:39 UTC
    Depends on what depth you need to monitor. Do you need to know if there was a change? Do you need to know what the change was?

    I'd play with Win32::TieRegistry, especially the

    $key->RegNotifyChangeKeyValue( $bWatchSubtree, $iNotifyFilter, $hEvent, $bAsync );

    section.

    You could also turn Auditing on the registry and montitor the Event Logs, hopefully leveraging any existing Event Log Security monitoring you may have (using Win32::EventLog, of course :)

    c-era has good suggestions. The only thing I can add is you could run the monitor via mstask (scheduler).

Re: Monitoring Windows Registry Changes
by tachyon (Chancellor) on Aug 03, 2001 at 18:01 UTC

    Hi this is not a perl solution but a program called Regmon works very well. You can find the site here http://www.winternals.com/products/monitoringtools/monitoringtools.asp Sorry they do charge but the do have a free demo and, well you know.

    Why reinvent this wheel, then again why not :-)

    cheers

    tachyon

    s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

      Yep, it's good software. The free version is available at Sysinternals. Lots of other good software there too, and a lot of it comes with source code. included.

      Error: Keyboard not attached. Press F1 to continue.

      Update: corrected grammar!

        Top link $code or die nice explanation of the behind the scenes workings of this program.

        cheers

        tachyon

        s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://101966]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (8)
As of 2014-10-02 11:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    What is your favourite meta-syntactic variable name?














    Results (56 votes), past polls