a windows registry monitor

J

justme

hi

i am trying to code a small perl program to monitor the windows
registry. The idea is to create a baseline on some keys like
LOCAL_MACHINE or USERS, ( the whole registry would be too big ), where
the RUN and RUNONCE keys are located.
Then i would poll these registry locations and see if there are
suspicious keys added by comparing it against the baseline. The script
will be scheduled to check every once in a while. I have checked CPAN
for Win32::Registry. I wonder if it is the right tool to help me in
this purpose...?
thanks
 
M

Malcolm Dew-Jones

justme ([email protected]) wrote:
: hi

: i am trying to code a small perl program to monitor the windows
: registry. The idea is to create a baseline on some keys like
: LOCAL_MACHINE or USERS, ( the whole registry would be too big ), where
: the RUN and RUNONCE keys are located.
: Then i would poll these registry locations and see if there are
: suspicious keys added by comparing it against the baseline. The script
: will be scheduled to check every once in a while. I have checked CPAN
: for Win32::Registry. I wonder if it is the right tool to help me in
: this purpose...?
: thanks

Actually, regedit can provide a text dump, .ini file style, of the
registry, and possibly portions of it. You might try just diff'ing one
dump with a previous. The output would be easy to archive, is self
documenting, and is in the required format to restore the original
settings.

(Of course that doesn't use perl except to glue the parts together.)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top