Menu
I'm a newbie to WMI and I need to implement RegistryValueChangeEvent in a C# service.
I need an event handler that gets triggered each time any one of a set of registry values is changed. I want behavior similar to the FileSystemWatcher class's Changed event, but for registry values.
If there's some other technique I could use to accomplish the same task, I'd appreciate that as well. My minimum requirement is that it be a better solution than what I have now: polling every 20 seconds and comparing the registry value with the last result.
Please provide example code in your answer. If I can get an example for watching just one registry value, that would be fine.
I need a solution in .Net 2.0
Thanks.
383
Notifies the caller about changes to the attributes or contents of a specified registry key.
The Importance of Registry Integrity MonitoringThe registry contains the configuration information for the hardware and software and may also contain information about recently used programs and files. Footprints of an adversary having installed a program or application may also be found in the registry.
The Windows Registry is a hierarchical database that comprises of a collection of Keys, Sub Keys, Predefined Keys, Hives, and Value Entries and can be used to store system specific or application specific data.
WMI can sometimes be interesting to work with...I think I understand your question, so take a look at the code snippet below and let me know if it's what you're looking for.
// --------------------------------------------------------------------------------------------------------------------- // <copyright file="Program.cs" company=""> // // </copyright> // <summary> // Defines the WmiChangeEventTester type. // </summary> // --------------------------------------------------------------------------------------------------------------------- namespace WmiExample { using System; using System.Management; /// <summary> /// </summary> public class WmiChangeEventTester { /// <summary> /// Initializes a new instance of the <see cref="WmiChangeEventTester"/> class. /// </summary> public WmiChangeEventTester() { try { // Your query goes below; "KeyPath" is the key in the registry that you // want to monitor for changes. Make sure you escape the \ character. WqlEventQuery query = new WqlEventQuery( "SELECT * FROM RegistryValueChangeEvent WHERE " + "Hive = 'HKEY_LOCAL_MACHINE'" + @"AND KeyPath = 'SOFTWARE\\Microsoft\\.NETFramework' AND ValueName='InstallRoot'"); ManagementEventWatcher watcher = new ManagementEventWatcher(query); Console.WriteLine("Waiting for an event..."); // Set up the delegate that will handle the change event. watcher.EventArrived += new EventArrivedEventHandler(HandleEvent); // Start listening for events. watcher.Start(); // Do something while waiting for events. In your application, // this would just be continuing business as usual. System.Threading.Thread.Sleep(100000000); // Stop listening for events. watcher.Stop(); } catch (ManagementException managementException) { Console.WriteLine("An error occurred: " + managementException.Message); } } /// <summary> /// </summary> /// <param name="sender"> /// The sender. /// </param> /// <param name="e"> /// The e. /// </param> private void HandleEvent(object sender, EventArrivedEventArgs e) { Console.WriteLine("Received an event."); // RegistryKeyChangeEvent occurs here; do something. } /// <summary> /// </summary> public static void Main() { // Just calls the class above to check for events... WmiChangeEventTester receiveEvent = new WmiChangeEventTester(); } } } Are you limited to WMI? If not you can use RegNotifyChangeKeyValue wrappers like RegistryMonitor
34
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
