Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

Monitoring Windows Registry Changes

by Eustaquio (Novice)
on Aug 03, 2001 at 17:18 UTC ( #101966=perlquestion: print w/ replies, xml ) Need Help??
Eustaquio has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks: I'm in charge in Security Project that needs monitoring Windows Registry changes. How can I do it in perl? Thanks in Advance. Eustaquio -

Comment on Monitoring Windows Registry Changes
Replies are listed 'Best First'.
Re: Monitoring Windows Registry Changes
by joefission (Monk) on Aug 03, 2001 at 17:39 UTC
    Depends on what depth you need to monitor. Do you need to know if there was a change? Do you need to know what the change was?

    I'd play with Win32::TieRegistry, especially the

    $key->RegNotifyChangeKeyValue( $bWatchSubtree, $iNotifyFilter, $hEvent, $bAsync );


    You could also turn Auditing on the registry and montitor the Event Logs, hopefully leveraging any existing Event Log Security monitoring you may have (using Win32::EventLog, of course :)

    c-era has good suggestions. The only thing I can add is you could run the monitor via mstask (scheduler).

Re: Monitoring Windows Registry Changes
by c-era (Curate) on Aug 03, 2001 at 17:21 UTC
    I would create a windows service that on boot would make a copy of the registy (keys and values). Then every hour (or what ever resolution you need), I would have it scan the registry and look for differences, and have the script e-mail a report. Take a look at the Win32::Registry and Win32::Daemon from Roth Consulting (which appears to be down right now).
Re: Monitoring Windows Registry Changes
by tachyon (Chancellor) on Aug 03, 2001 at 18:01 UTC

    Hi this is not a perl solution but a program called Regmon works very well. You can find the site here Sorry they do charge but the do have a free demo and, well you know.

    Why reinvent this wheel, then again why not :-)




      Yep, it's good software. The free version is available at Sysinternals. Lots of other good software there too, and a lot of it comes with source code. included.

      Error: Keyboard not attached. Press F1 to continue.

      Update: corrected grammar!

        Top link $code or die nice explanation of the behind the scenes workings of this program.




Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://101966]
Approved by root
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (3)
As of 2015-11-29 00:15 GMT
Find Nodes?
    Voting Booth?

    What would be the most significant thing to happen if a rope (or wire) tied the Earth and the Moon together?

    Results (746 votes), past polls