Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

Monitoring Windows Registry Changes

by Eustaquio (Novice)
on Aug 03, 2001 at 17:18 UTC ( #101966=perlquestion: print w/replies, xml ) Need Help??
Eustaquio has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks: I'm in charge in Security Project that needs monitoring Windows Registry changes. How can I do it in perl? Thanks in Advance. Eustaquio -

Replies are listed 'Best First'.
Re: Monitoring Windows Registry Changes
by joefission (Monk) on Aug 03, 2001 at 17:39 UTC
    Depends on what depth you need to monitor. Do you need to know if there was a change? Do you need to know what the change was?

    I'd play with Win32::TieRegistry, especially the

    $key->RegNotifyChangeKeyValue( $bWatchSubtree, $iNotifyFilter, $hEvent, $bAsync );


    You could also turn Auditing on the registry and montitor the Event Logs, hopefully leveraging any existing Event Log Security monitoring you may have (using Win32::EventLog, of course :)

    c-era has good suggestions. The only thing I can add is you could run the monitor via mstask (scheduler).

Re: Monitoring Windows Registry Changes
by c-era (Curate) on Aug 03, 2001 at 17:21 UTC
    I would create a windows service that on boot would make a copy of the registy (keys and values). Then every hour (or what ever resolution you need), I would have it scan the registry and look for differences, and have the script e-mail a report. Take a look at the Win32::Registry and Win32::Daemon from Roth Consulting (which appears to be down right now).
Re: Monitoring Windows Registry Changes
by tachyon (Chancellor) on Aug 03, 2001 at 18:01 UTC

    Hi this is not a perl solution but a program called Regmon works very well. You can find the site here Sorry they do charge but the do have a free demo and, well you know.

    Why reinvent this wheel, then again why not :-)




      Yep, it's good software. The free version is available at Sysinternals. Lots of other good software there too, and a lot of it comes with source code. included.

      Error: Keyboard not attached. Press F1 to continue.

      Update: corrected grammar!

        Top link $code or die nice explanation of the behind the scenes workings of this program.




Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://101966]
Approved by root
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (5)
As of 2016-12-03 00:46 GMT
Find Nodes?
    Voting Booth?
    On a regular basis, I'm most likely to spy upon:

    Results (51 votes). Check out past polls.