a windows registry monitor

[justme]

hi

i am trying to code a small perl program to monitor the windows
registry. The idea is to create a baseline on some keys like
LOCAL_MACHINE or USERS, ( the whole registry would be too big ), where
the RUN and RUNONCE keys are located.
Then i would poll these registry locations and see if there are
suspicious keys added by comparing it against the baseline. The script
will be scheduled to check every once in a while. I have checked CPAN
for Win32::Registry. I wonder if it is the right tool to help me in
this purpose...?
thanks

 

[Malcolm Dew-Jones]

justme ([email protected]) wrote:
: hi

: i am trying to code a small perl program to monitor the windows
: registry. The idea is to create a baseline on some keys like
: LOCAL_MACHINE or USERS, ( the whole registry would be too big ), where
: the RUN and RUNONCE keys are located.
: Then i would poll these registry locations and see if there are
: suspicious keys added by comparing it against the baseline. The script
: will be scheduled to check every once in a while. I have checked CPAN
: for Win32::Registry. I wonder if it is the right tool to help me in
: this purpose...?
: thanks

Actually, regedit can provide a text dump, .ini file style, of the
registry, and possibly portions of it. You might try just diff'ing one
dump with a previous. The output would be easy to archive, is self
documenting, and is in the required format to restore the original
settings.

(Of course that doesn't use perl except to glue the parts together.)