开发者

Catch Registry request C++

问答 作者:

I known such tools http://portableapps.com/development/projects/registry_rapper

RegRap.exe can get through param other .exe file and catch requests to registry and save it into .ini

That is good, but I need snippt cod开发者_JAVA百科e to set such hundler inside my C++ program and for given Reg KEY return my value...

RegRap.exe written with NSIS scripts that is why is not helpful for me :(

But may be somebody known other project only with c++?

Thx, and sorry for my bad english.

If you want to track registry access within YOUR program, you can #define away the registry API functions, provide your hooks instead, and track it in your hooks.

//in your stdafx.h, or some other universally included file
#define RegCreateKeyEx MyRegCreateKeyEx


//somewhere else
#undef RegCreateKeyEx

LONG WINAPI MyRegCreateKeyEx(stuff...)
{
  //Track
  //Call the real RegCreateKeyEx
}

That's probably the easiest way of hooking an API. Will not work if you want to track registry usage by your program but outside of your code (i. e. in libraries or DLLs). Then more advanced techniques are in order.

Also, consider Process Monitor by Mark Russinovich: http://technet.microsoft.com/en-us/sysinternals/bb896645

It's not a programmatic hook, but an awesome tool all around, and therefore worth plugging. It monitors registry access by your process(es) and then some.

This post seems to say that there are no hooks for the registry and you can only long poll. Simple way to hook registry access for specific process

If you want to use pure C++, check out the libraries EasyHook and Detours. Both are intended for this sort of function-level hooking. EasyHook works in C++ and C#, 32 and 64-bit, while Detours is somewhat outdated and only for 32-bit C++ (even running it on a 64-bit OS can crash your program).

You need to install the hook within the target process, either by loading your code as a DLL or creating the process (suspended), installing the hooks and then running it.

In EasyHook that goes something like:

LhInstallHook(&RegCreateKeyEx, &MyRegCreateKeyEx, &hookstruct);

You can also hook functions your library is not linked to using the Windows API to get the address.

继续阅读:hookregistrywinapi

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9