Menu
I am planning to write a basic windows registry filter in C. The purpose of the filter is to hook all (user and kernel privileged) registry calls so that I can use them in my program. I am basically copying regmon/process monitor by Mark Rusinovich but more basic.
My question is, once the filter is written in C, how do you get the system to implement the custom behaviour and to not implement the original intended behaviour of the registry calls?
I am using windows 7
EDIT: I am trying to do this as part of a hobby c++ project which can hook all registry calls.
983
In the search box on the taskbar, enter device manager, then select Device Manager. Right-click (or press and hold) the name of the device, and then select Uninstall. Restart your PC. Windows will attempt to reinstall the driver.
Manual Driver Install through Device ManagerRight-click the Start Menu and select Device Manager. Find the device that requires a driver update and right-click it, then select Update Driver. If you need details on the current driver, select Properties instead. From there, you can also update the driver.
You can add drivers to Windows Setup by using an answer file that specifies the path to the driver files. To do this in new installations, you add the Microsoft-Windows-PnpCustomizationWinPE component during the windowsPE configuration pass, add the driver paths, and then specify the answer file.
There are special functions for that. See CmRegisterCallback(), CmRegisterCallbackEx() and Filtering Registry Calls on MSDN.
As for just installing a kernel mode driver, you may use the Service Controller (sc.exe). Use sc create [service name] binPath= [path to your .sys file] type= kernel to create a kernel-mode service and sc start [service name] to start it. Don't forget to sc stop and sc delete it before making changes to the driver.
81
Basically drivers are considered as Services as such you can utilize the Service COntrol manager Using the aforementioned APIs what you basically achieve is the appropriate entries in the registry under the Services key. For a sample of how to achieve this check this article, scroll to the bottom to the section named "Dynamically Loading and Unloading the Driver". Furthermore if you want to achieve easy debugging/development and are using VS2k10 I'd suggest you use the free VisualDDK I believe this should be enough to get you going.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
