Sign in to follow this  
Followers 0
LeftclicK

Regwrite/FileWrapper

5 posts in this topic

Hello all, this is my first post - my apologies if my question is to broad. I have only been working with AutoIT for a few months now, before that did VBS... dont even know how to get started with this script.

Is it possible to intercept regwrite events and filewrite events and redirect the location's they are written to?

I'm looking to author a script that will do the following logic

Redirect a processes HKLM RegWrite(s) to HKCU

If that particular key is requested via a RegRead event, redirect it to its new home

Likewise for file modifications of ini's etc, redirecting them from locked down folders to a users home directory.

Is this possible? Can somone give me some direction to get started, I've never done any intercepting like this...

There is a program called "RegSpy" that intercepts regwrites to HKLM /HKCU , but not reads - this is what teased me with the idea. If you want to check it out, the source is in VB and included in the zip Regspy2.zip

Thanks to everyone in advance, I dont usually post on forums, but these ones are pretty active so I'll keep my fingers crossed :whistle:

-LC

Share this post


Link to post
Share on other sites



Volly, I completely understand. Its nothing dark, quite light actually.

I have been working through a list of 240 application's my firm uses and bundling them into MSI's. We button up our folders and registry pretty tight, so I have to with each package make sure that I give full permissions to whatever key's/files the users will need to modify when using each app.

I found the RegSpy application while trying to troubleshoot such issues and then thought "Hey, if I could create a wrapper, I wouldnt need to open permissions on these folders/keys at all" - but also it will allow these customizations to travel with the user to our citrix servers / other machines.

I dont need anyone to write this for me, on the contrary, I would love to learn how to do it myself. Alike examples would be more than enough to get me going here.

Pretty please, any help would be greatly appreciated!

Share this post


Link to post
Share on other sites

some love please

Share this post


Link to post
Share on other sites

Why not use the program regmon? It monitor all registry action.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0