1
votes

How can you detect when the registry is changed? Furthermore, how can you prevent changes to the system registry?

I want to create a security tool, but can't seem to find this anywhere.

This is in vb.net.

I know the registry is stored as files on your computer somewhere, but I have no clue where it is stored, though I could probably use a FileSystemWatcher component to check it.

Then, for prevention, would simply duplicating the registry files and rolling back the changes work?

Would this be picked up as being "bad" by anti-virus software?

1

1 Answers

0
votes

I suspect you need to hook into the Windows APIs to do that. Process Explorer provides the "picture" of how that might work. And, yes, it does seem likely that anti-virus software might take a bad view of such behavior.

Not knowing what your goal is, it seems it might just be better to use Windows permissions to protect it. For example, this article discusses a bit on how to set permissions to allow/disallow edits.