如何检测访问指定注册表的进程名称,如进程监视器
How to detect process name which access to designated registry like process monitor
如何检测访问指定注册表的进程名称,如进程监视器?
较早的 regmon 使用 SSDT Hooking 执行此操作,但在 windows 10 中,我们无法进行 hook
使用它的注册表。SSDT Hooking seem to be legacy technology。
SSDT Hooking 有替代品吗?
您应该实施适当的 registry filtering driver。
A registry filtering driver is any kernel-mode driver that filters registry calls, such as the driver component of an antivirus software package. The configuration manager, which implements the registry, allows registry filtering drivers to filter any thread's calls to registry functions.
如何检测访问指定注册表的进程名称,如进程监视器?
较早的 regmon 使用 SSDT Hooking 执行此操作,但在 windows 10 中,我们无法进行 hook 使用它的注册表。SSDT Hooking seem to be legacy technology。
SSDT Hooking 有替代品吗?
您应该实施适当的 registry filtering driver。
A registry filtering driver is any kernel-mode driver that filters registry calls, such as the driver component of an antivirus software package. The configuration manager, which implements the registry, allows registry filtering drivers to filter any thread's calls to registry functions.