How do I detect RegOpenKey, RegSetValue, and RegCloseKey events using Java?
Programs that I have tried only allowed me to read the value of key in the registry, delete a key, or create it. I want to detect if any process has made a change to the registry.
One way might be to hook the windows kernel functions such as ZwEnumerateKey and it's cousins.
I don't believe java can do this on it's own, but you might be able to write a module in C/C++ and expose it to java via SWIG.
There is open source software which already does the monitoring you want in C++, so the major challenge would be creating the SWIG interface to java.
A second option might be to have java Runtime.exec a procmon with a /backingfile option (to save output to a log) and then parsing that log from java to extract the information you want.
