1

有没有办法记录进程读取/写入的所有注册表值,类似于 Process Monitor 所做的?

4

1 回答 1

0

来自codeproject.com

在 .NET 中处理 WMI 事件 --- 为了在 .NET 中处理 WMI 事件,我们可以使用 System.Management 命名空间中的类。例如,这是由 WMI Code Creator 生成的一段代码:

using System;
using System.Management;
using System.Windows.Forms;

namespace WMISample
{
  public class WMIReceiveEvent
  {
    public static void Main()
    {
      try
      {
        //Construct the query. Keypath specifies the key in the registry to watch.
        //Note the KeyPath should be must have backslashes escaped. Otherwise 
        //you will get ManagementException.
        WqlEventQuery query = new WqlEventQuery(
                  "SELECT * FROM RegistryKeyChangeEvent WHERE " +
                  "Hive = 'HKEY_LOCAL_MACHINE'" +
                 @"AND KeyPath = 'SOFTWARE\\Microsoft\\.NETFramework'");

         ManagementEventWatcher watcher = new ManagementEventWatcher(query);
         Console.WriteLine("Waiting for an event...");

         ManagementBaseObject eventObj = watcher.WaitForNextEvent();

         Console.WriteLine("{0} event occurred.", eventObj["__CLASS"]);

         // Cancel the event subscription
         watcher.Stop();
         return;
      }
      catch(ManagementException err)
      {
          MessageBox.Show("An error occurred while trying to receive an event: " + 
        err.Message);
      }
    }
  }
}
于 2012-09-06T06:30:19.803 回答