Download EaseFilter Registry Filter Driver SDK Setup File Download EaseFilter Registry Filter Driver SDK Zip File
Registry monitor and protector is a tool which was developed with registry filter driver SDK. A registry filtering driver is any kernel-mode driver that filters registry calls, such as the driver component of an antivirus software package. The configuration manager, which implements the registry, allows registry filtering drivers to filter any thread's calls to registry functions. By registering a RegistryCallback routine in the registry filter driver, it can receive notifications of each registry operation before the configuration manager processes the operation. A set of REG_XXX_KEY_INFORMATION data structures contain information about each registry operation. The RegistryCallback routine can block a registry operation. The callback routine also receives notifications when the configuration manager has finished creating or opening a registry key.
To be notified of registry operations, it needs to register the RegistryCallback routine with REG_NOTIFY_CLASS which specifies the type of registry operation that the configuration manager is passing to a RegistryCallback routine, When the configuration manager calls a driver's RegistryCallback routine, it passes a REG_NOTIFY_CLASS enumeration value to the routine. The configuration manager also passes a notification-specific structure that contains information about the notification. The RegistryCallback routine can inspect the contents of the input and output buffers that are supplied for registry operations.
To track the registry changes, register these
"Reg_Post_Create_Key, Reg_Post_Delete_Key, Reg_Post_Set_Value_Key,
Reg_Post_Restore_Key,Reg_Post_Replace_Key" notification classes. When
the registry key, value or security was modified, the callback
routine will be invoked with a data structure that contains
information that is specific to the type of registry operation.
To block the registry changes, register these "Reg_Pre_Create_Key, Reg_Pre_Delete_Key, Reg_Pre_Set_Value_Key, Reg_Pre_Delete_Value_Key, Reg_Pre_SetInformation_Key, Reg_Pre_Rename_Key, Reg_Pre_Create_KeyEx, Reg_Pre_Restore_Key, Reg_Pre_Replace_Key" notification classes. When the registry key, value or security is going to be modified, the callback routine will be invoked with a data structure that contains information that is specific to the type of registry operation, If a RegistryCallback routine returns a status value "STATUS_ACCESS_DENIED" for a pre-notification, this registry operation will be blocked and the error code will be returned.
modify a registry operation's output parameters or return value. Additionally,
to handle the virtual registry key or value, the RegistryCallback routine
can return your own customized
data instead of allowing the registry to handle the operation.
EaseFilter Inc. is a company who specializes in windows file system filter driver development. It can provide architect, implement and test file system filter drivers for a wide range of functionalities. It also can offer several levels of assistance to meet your specific needs: Provide consulting service for your existing file system filter driver; Customize the SDK to meet your requirement; Create your own filter driver with SDK source code.