How can I use API to detect registry or file changes, file opening, or app execution?

Printable View

July 24th, 2010, 04:11 AM
vbhunter

How can I use API to detect registry or file changes, file opening, or app execution?

Hi guys!

I am trying to write my own code to monitor and detect any registry or file changes. I would also like to detect when a file is being open or when an application is going to be executed.

I am using VB language.

Can anyone give me a hand here?

Regards,

Frank
July 24th, 2010, 04:54 AM
VictorN

Re: How can I use API to detect registry or file changes, file opening, or app execut

Files/Directories:
FindFirstChangeNotification/FindNextChangeNotification/FindCloseChangeNotification
or ReadDirectoryChangesW
Regisry:

RegNotifyChangeKeyValue
July 24th, 2010, 01:13 PM
Igor Vartanov

Re: How can I use API to detect registry or file changes, file opening, or app execut

Quote:

I would also like to detect when a file is being open or when an application is going to be executed.

There's no API for spying like that, and the task requires for above-average programming skills, sorry, and you must be aware of kernel mode programming as well. The idea could be borrowed from Russinovich's FileMon.

All times are GMT -5. The time now is 12:21 PM.