AutoHotkey Community
It is currently May 26th, 2012, 9:36 am

View unanswered posts | View active topics


Board index » AutoHotkey » Scripts

All times are UTC [ DST ]



Post new topic Reply to topic  Page 1 of 1
  [ 15 posts ] 
  Print view | E-mail friend Previous topic | Next topic 
Author Message
Tertius
PostPosted: July 31st, 2008, 9:18 am 
Offline

Joined: June 5th, 2008, 10:08 am
Posts: 61
RegWatcher: Be notified when Registry keys and or values are changed/added/modified.

Inspired by SKAN's excellent concept of file/folder spying using FolderSpy, I decided to look into making a sort of registry spy. Basically, if you've ever wanted to be notified immediately of changes in the registry, this script is for you.

This script will work on Windows 2000, XP, 2003, Vista, ... basically every OS in the NT family except for NT itself. One limitation with no known work around is that one cannot check for registry modifications in keys that the current user does not have at least read access to. Also, the method used to be notified of registry changes does not return what exactly changed (e.g. a value within a key, or if specified, within subkeys of the specified key, was changed); therefore further logic, not provided but easily added, is necessary to decipher the reason for the notification (msgbox).

I have predefined, somewhat at random, three registry keys to watch for changes: HKCU/Control Panel/Mouse, HKCU/Control Panel/Keyboard, and HKCU/Software/Microsoft/Windows/CurrentVersion/Run. One can change, remove or add more keys, but one MUST add an additional callback and register that callback for every key added beyond the fifth (total) - again, something easily done. I have already provided two additional callbacks that are unused but by adding to the variables these can be used. Essentially all the callbacks are the same with only two differences: the callback name itself and a label within it. All other logic is the same. This enables one to easily add more callbacks by just copying this and changing the two aforementionied names.

The reason for all the callbacks is that each callback is run in a seperate thread making the ahk process have multiple threads. Note, the maximum limit for number of callbacks in this script is 19. This is because AHK scripts are limited to 20 threads maximum, with main automatically accounting for one.


Download: RegWatcher.ahk

_________________
- Tertius


Last edited by Tertius on August 3rd, 2008, 12:15 am, edited 1 time in total.

Report this post
Top
 Profile  
Reply with quote  
Smiley
 Post subject:
PostPosted: July 31st, 2008, 11:26 pm 
Thanks for the script. I tested it and it runs as expected.

I hope I don't sound harsh, but I just wanted to let you know why your script may not generate a lot of buzz. Unfortunately for you, most people now a days have security software that takes care of this. If this script had come around say, oh, three or four years ago, there would probably be a stronger interest in it.

Anyway, congrats on a job well done, and please don't be discouraged by my comments. In fact, I will likely be incorporating part of this into some software to detect registry changes. Thanks again.


Report this post
Top
  
Reply with quote  
Tertius
 Post subject:
PostPosted: August 3rd, 2008, 12:38 am 
Offline

Joined: June 5th, 2008, 10:08 am
Posts: 61
An updated version posted for better multiple thread handling.

Quote:
I hope I don't sound harsh, but I just wanted to let you know why your script may not generate a lot of buzz. Unfortunately for you, most people now a days have security software that takes care of this. If this script had come around say, oh, three or four years ago, there would probably be a stronger interest in it.

Smiley, thanks for taking an interest in the script. I realize that software exists which can perform similarly to this script, however this is more a proof of concept: namely multiple threads (although not "simultaneously"), and a registry watcher. As far as I am aware SKAN is the only one who has posted a script that uses a secondary thread that was created by force using the createthread call. Also, I have not seen a registry watcher of this type posted in the forums.

Quote:
Anyway, congrats on a job well done, and please don't be discouraged by my comments. In fact, I will likely be incorporating part of this into some software to detect registry changes. Thanks again.
I am glad to hear that you have found this to be useful. Best of wishes with the software project. Please let me know of any other suggestions/comments/bugs you find/have.

_________________
- Tertius


Report this post
Top
 Profile  
Reply with quote  
lilalurl.T32
 Post subject:
PostPosted: August 4th, 2008, 3:28 pm 
Offline

Joined: May 17th, 2007, 6:03 pm
Posts: 391
Location: Titan
Error : Line 346: criticals
I supposed it is the S at the end that is the problem. Removed it so as to go back to Critical status after the Critical, Off a few lines before.

Still, through several tries it had a weird behaviour. Sometimes I only got two OK buttons. Other times I was DrWatsoned.
Also had the message for Invalid Key or Insufficient Rights for Opening Key HKCU\CP\Mouse (which seems strange since I can check it with regedit while that error message is displayed).
Twice I did get a something has changed message though.

This script is a bit out of my league so I can't provide much help. However, I suppose all that has to do either with my CPU having HyperThreading (maybe it has a problem with multiple threads) or with WinXP rights (Pro version, the account I use has admin status).

I may not be online for a few days (or not long enough for messing up with AHK stuff) so I may not have the opportunity to try a fix if you think of something until later (nor to try the new version of your numpad script).
________
Juggalos


Last edited by lilalurl.T32 on February 11th, 2011, 9:39 pm, edited 1 time in total.

Report this post
Top
 Profile  
Reply with quote  
Tertius
 Post subject:
PostPosted: August 4th, 2008, 6:52 pm 
Offline

Joined: June 5th, 2008, 10:08 am
Posts: 61
Hi there again ,

It's good to hear from you.

The "Criticals" problem has been fixed. As you found it was only in the fifth callback. I just removed the "s". Since all I did was use one callback as a template then just changed two parts I am not sure how that s got in there when I posted it.

As for the Dr Watson problems, scripts on my end exhibit similar behavior when I set the api call RegOpenKeyEx to unicode (instead of ANSI). If I remember right French is your system language so it may help if you replaced all instances of RegOpenKeyExA with RegOpenKeyExW within the script.

Another issue is that on systems with multiple cores(or in your case a simulated secondary core), creating a thread using createthread is problematic for AutoHotkey scripts. I will remedy this with a call to SetProcessAffinityMask.

_________________
- Tertius


Report this post
Top
 Profile  
Reply with quote  
Tertius
 Post subject:
PostPosted: August 4th, 2008, 7:53 pm 
Offline

Joined: June 5th, 2008, 10:08 am
Posts: 61
New Version Posted Fixing Multcore Issues with CreateThread. Please let me know of any other issues.

_________________
- Tertius


Report this post
Top
 Profile  
Reply with quote  
JumboRick
 Post subject:
PostPosted: August 5th, 2008, 12:03 am 
It now works for me. I guess Tertius doesn't regularly use newer compewters. Dual Core and beyond is truly the future. Anyway, thanks for the "hack" to get multiple threads running and allow us interested in monitoring the reg.

JumboRick


Report this post
Top
  
Reply with quote  
lilalurl.T32
 Post subject:
PostPosted: August 5th, 2008, 6:02 am 
Offline

Joined: May 17th, 2007, 6:03 pm
Posts: 391
Location: Titan
Had a quick try and it worked correctly (a change in mouse settings), so I guess the main issue was with multi threading.

Quote:
I guess Tertius doesn't regularly use newer compewters. Dual Core and beyond is truly the future.


Probably. That's an old debate, but in my opinion if a program works on 'normal' com[b]Pep?Le[b]ters, more recent processors should have it work correctly, not create new problems.
Of course, some programming techniques may or may not create 'compatibility' issues (cf. lots of ECS Amiga games not being compatible with AGA Amigas because they used a lot of assembler tricks, or games like Alley Cat (1983!!!!) still being playable on today computers).
________
LINCOLN MARK LT SPECIFICATIONS


Last edited by lilalurl.T32 on February 11th, 2011, 9:39 pm, edited 1 time in total.

Report this post
Top
 Profile  
Reply with quote  
Guest
 Post subject:
PostPosted: August 10th, 2008, 1:04 am 
Works fine, but to make it a step up in usefulness probably add the ability to watch more than just 19/20 registry keys (not including subkeys of such keys) and indication of changes from before to after.

Smiley wrote:
Thanks for the script. I tested it and it runs as expected.

I hope I don't sound harsh, but I just wanted to let you know why your script may not generate a lot of buzz. Unfortunately for you, most people now a days have security software that takes care of this. If this script had come around say, oh, three or four years ago, there would probably be a stronger interest in it.


I have to disagree. Although such security software is more powerful, the various hooking techniques used slow down systems to a crawl. That is why you will be hard pressed to find such software on machines in most businesses, even home users who are serious about performance: gamers, computer graphicists, etc. A registry watcher like this and a folder monitor like folderspy are light weight and can do nearly what most admins do through NT's auditing and event management.


Report this post
Top
  
Reply with quote  
Joy2DWorld
 Post subject:
PostPosted: August 12th, 2008, 4:39 am 
Offline

Joined: December 4th, 2006, 10:35 am
Posts: 561
Location: Galil, Israel
cool.

Code:
#NoEnv
#Persistent
OnExit, ExitRout

SetBatchLines, -1
DetectHiddenWindows, On
WinMinimize, %A_ScriptFullPath% - AutoHotkey v
WinHide, %A_ScriptFullPath% - AutoHotkey v
DetectHiddenWindows, Off

If( A_OSType = "WIN32_NT" && A_OSVersion != "WIN_NT4" ) {
HKEY_CLASSES_ROOT = 0x80000000
HKEY_CURRENT_USER = 0x80000001
HKEY_LOCAL_MACHINE = 0x80000002
HKEY_USERS = 0x80000003
HKEY_CURRENT_CONFIG = 0x80000005

KEY_NOTIFY = 0x0010 ; Required to request change notifications for a registry key or for subkeys of a registry key.

REG_NOTIFY_CHANGE_NAME = 0x00000001 ; Notify the caller if a subkey is added or deleted.
REG_NOTIFY_CHANGE_ATTRIBUTES = 0x00000002 ; Notify the caller of changes to the attributes of the key, such as the security descriptor information.
REG_NOTIFY_CHANGE_LAST_SET = 0x00000004 ; Notify the caller of changes to a value of the key. This can include adding or deleting a value, or changing an existing value.
REG_NOTIFY_CHANGE_SECURITY = 0x00000008 ; Notify the caller of changes to the security descriptor of the key.
THREAD_PRIORITY_ABOVE_NORMAL = 1 ; Priority 1 point above the priority class.
THREAD_PRIORITY_BELOW_NORMAL = -1 ; Priority 1 point below the priority class.
THREAD_PRIORITY_HIGHEST = 2 ; Priority 2 points above the priority class.
THREAD_PRIORITY_IDLE = -15 ; Base priority of 1 for IDLE_PRIORITY_CLASS, BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS, ABOVE_NORMAL_PRIORITY_CLASS, or HIGH_PRIORITY_CLASS processes, and a base priority of 16 for REALTIME_PRIORITY_CLASS processes.
THREAD_PRIORITY_LOWEST = -2 ; Priority 2 points below the priority class.
THREAD_PRIORITY_NORMAL = 0 ; Normal priority for the priority class.
THREAD_PRIORITY_TIME_CRITICAL = 15 ; Base priority of 15 for IDLE_PRIORITY_CLASS, BELOW_NORMAL_PRIORITY_CLASS, NORMAL_PRIORITY_CLASS, ABOVE_NORMAL_PRIORITY_CLASS, or HIGH_PRIORITY_CLASS processes, and a base priority of 31 for REALTIME_PRIORITY_CLASS processes.

   RegRoot:= HKEY_CURRENT_USER . "|" . HKEY_CURRENT_USER . "|" . HKEY_CURRENT_USER
;   Only Registry Keys can be specified, NOT values
   regsubkeystring=Control Panel\Mouse|Control Panel\KeyBoard|Software\Microsoft\Windows\CurrentVersion\Run
   bWatchSubtree=%FALSE%|%FALSE%|%FALSE% ; FALSE means don't watch subkeys, TRUE means watch subkeys as well
   ; dwNotifyFilter can be a one or more of the following REG_NOTIFY_CHANGE_NAME, REG_NOTIFY_CHANGE_ATTRIBUTES, REG_NOTIFY_CHANGE_LAST_SET, REG_NOTIFY_CHANGE_SECURITY
   ; to combine use the | "OR" operator, so for example to be notified for key name and value changes use REG_NOTIFY_CHANGE_NAME | REG_NOTIFY_CHANGE_LAST_SET
   dwNotifyFilter:= REG_NOTIFY_CHANGE_LAST_SET . "|" . REG_NOTIFY_CHANGE_LAST_SET . "|" . REG_NOTIFY_CHANGE_LAST_SET
   ThreadPriority=%THREAD_PRIORITY_ABOVE_NORMAL%|%THREAD_PRIORITY_ABOVE_NORMAL%|%THREAD_PRIORITY_ABOVE_NORMAL%
   StringSplit, RegRoot, RegRoot, |
   StringSplit, regsubkeystring, regsubkeystring, |
   StringSplit, bWatchSubtree, bWatchSubtree, |
   StringSplit, dwNotifyFilter, dwNotifyFilter, |
   StringSplit, ThreadPriority, ThreadPriority, |
   SetTimer, SeperThread, -100
}

Return


ExitRout:

If( A_OSType = "WIN32_NT" && A_OSVersion != "WIN_NT4" ) {
   If HProcess
      DllCall("CloseHandle", Int, HProcess)
   Loop, %regsubkeystring0%
   {
      If hkey%A_Index%
         DllCall("Advapi32.dll\RegCloseKey", UINT, hkey%A_Index%, "UINT")
      If hModule%A_Index%
         DllCall("FreeLibrary", "UInt", hModule%A_Index%)
      If HndThread%A_Index%
      {
         DllCall("TerminateThread", UInt, HndThread%A_Index%, UInt, 0)
         DllCall("CloseHandle", UInt, HndThread%A_Index%)
      }
      If RegWatchAddress%A_Index%
         DllCall("GlobalFree", UInt, RegWatchAddress%A_Index%)
   }
}   


ExitApp


SeperThread:

CPU=1
PROCESS_SET_INFORMATION=0x200
PROCESS_QUERY_INFORMATION=0x400
Process, Exist
If!(CPID := ErrorLevel) {
   MsgBox, Error Getting PID of Current AutoHotkey Process.  Script Will Abort.
   ExitApp
}
If!(HProcess := DllCall("OpenProcess", Int, PROCESS_SET_INFORMATION | PROCESS_QUERY_INFORMATION, Int, 0, Int, CPID)) {
   MsgBox, Unable to Retrieve Handle for Current AutoHotkey Process.  Aborting Script.
   ExitApp
}
If!(DllCall("SetProcessAffinityMask", Int, HProcess, Int, CPU)) {
   MsgBox, Unable to Set Affinity for Current AutoHotkey Process.  Aborting Script.
   ExitApp
}

If(DllCall("CloseHandle", Int, HProcess))
   HProcess=
Loop, %regsubkeystring0%
{
   If !(RegWatchAddress%A_Index% := RegisterCallback("RegWatch" . A_Index))
      Continue
   If !(DllCall("VirtualProtect", UInt, RegWatchAddress%A_Index%, UInt, 22, UInt, 0x40, UIntP, 0)) {
      ; On DEP Enabled Systems that don't have the executeable responsible for running this DEP Exception enabled this failed attempt will result in the program crashing
      RegWatchAddress%A_Index% := DllCall("GlobalFree", UInt, RegWatchAddress%A_Index%)
      Continue
   }
   If !(VarSetCapacity(Num%A_Index%, 4, 0)) {
      RegWatchAddress%A_Index% := DllCall("GlobalFree", UInt, RegWatchAddress%A_Index%)
      Continue
   }
   NumPut(A_Index, Num%A_Index%, 0, "UInt")
   HandThreadID%A_Index%=0
   If (HndThread%A_Index% := dllCall("CreateThread", UInt, 0, UInt, 0, UInt, RegWatchAddress%A_Index%, UInt, &Num%A_Index%, UInt, 0, UIntP, HandThreadID%A_Index%)) {
      ; Note setting thread priority is relative to the processes priority unless critical is specified
      ; The below works, however only those who KNOW they NEED the following should uncomment this because without changing the main thread's priority to at least equal to or greater than this thread's one will hang the app when attempting to exit it
      ;If !(dllcall("SetThreadPriority", UINT, HndThread%A_Index%, INT, ThreadPriority%A_Index%))
      ;   MsgBox, % "Error Changing Thread Priority for Thread with Registry Key " . (RegRoot%A_Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%A_Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%A_Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%A_Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%A_Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG") . (regsubkeystring%A_Index% ? "\" . regsubkeystring%A_Index% : "")
      
   }
   Else {
      RegWatchAddress%A_Index% := DllCall("GlobalFree", UInt, RegWatchAddress%A_Index%)
      Continue
   }
}

Return


RegWatch1(Index) {
Local   ReturnValue
   Critical
   Index := NumGet(Index+0, 0, "UINT")
   If !(VarSetCapacity(hkey%Index%, 4, 0)) {
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "No Such Variable hkey" . Index
      Return
   }
   If !(hModule%Index% := DllCall("LoadLibrary", "str", "Advapi32.dll")) {
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "Unable to Load Dll Advapi32 for Registry Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG") . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "")
      Return
   }
   If(dllcall("Advapi32.dll\RegOpenKeyExA", UINT, RegRoot%Index%, Str, regsubkeystring%Index%, UINT, 0, UINT, KEY_NOTIFY, UINTP, hKey%Index%)) {
      If(DllCall("FreeLibrary", "UInt", hModule%Index%))
         hModule%Index%=
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "Invalid Key or Insufficient Rights for Opening Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG") . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "")
      Return
   }
   Critical, Off
   ReturnValue := dllcall("Advapi32.dll\RegNotifyChangeKeyValue", UINT, hKey%Index%, INT, bWatchSubtree%Index%, UINT, dwNotifyFilter%Index%, UINT, 0, INT, 0, "UINT")
   Critical
Begin_RegWatch1:
   If !ReturnValue
   {
      MsgBox, % "Something Has Changed in/with Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG")   . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "") . (bWatchSubtree%Index% = TRUE ? " or One of its Subkeys" : "")
      ; Your Code Goes Here
      Critical, Off
      ReturnValue := dllcall("Advapi32.dll\RegNotifyChangeKeyValue", UINT, hKey%Index%, INT, bWatchSubtree%Index%, UINT, dwNotifyFilter%Index%, UINT, 0, INT, 0, "UINT")
      Critical
      GoTo Begin_RegWatch%Index%
   }
   Else {
      hkey%Index% := DllCall("Advapi32.dll\RegCloseKey", UINT, hkey%Index%, "UINT")
      If(DllCall("FreeLibrary", "UInt", hModule%Index%))
         hModule%Index%=
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "Unable to Register for Registry Notification Events for Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG") . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "")
      Return
   }
}


RegWatch2(Index) {
Local   ReturnValue
   Critical
   Index := NumGet(Index+0, 0, "UINT")
   If !(VarSetCapacity(hkey%Index%, 4, 0)) {
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "No Such Variable hkey" . Index
      Return
   }
   If !(hModule%Index% := DllCall("LoadLibrary", "str", "Advapi32.dll")) {
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "Unable to Load Dll Advapi32 for Registry Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG") . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "")
      Return
   }
   If(dllcall("Advapi32.dll\RegOpenKeyExA", UINT, RegRoot%Index%, Str, regsubkeystring%Index%, UINT, 0, UINT, KEY_NOTIFY, UINTP, hKey%Index%)) {
      If(DllCall("FreeLibrary", "UInt", hModule%Index%))
         hModule%Index%=
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "Invalid Key or Insufficient Rights for Opening Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG") . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "")
      Return
   }
   Critical, Off
   ReturnValue := dllcall("Advapi32.dll\RegNotifyChangeKeyValue", UINT, hKey%Index%, INT, bWatchSubtree%Index%, UINT, dwNotifyFilter%Index%, UINT, 0, INT, 0, "UINT")
   Critical
Begin_RegWatch2:
   If !ReturnValue
   {
      MsgBox, % "Something Has Changed in/with Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG")   . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "") . (bWatchSubtree%Index% = TRUE ? " or One of its Subkeys" : "")
      ; Your Code Goes Here
      Critical, Off
      ReturnValue := dllcall("Advapi32.dll\RegNotifyChangeKeyValue", UINT, hKey%Index%, INT, bWatchSubtree%Index%, UINT, dwNotifyFilter%Index%, UINT, 0, INT, 0, "UINT")
      Critical
      GoTo Begin_RegWatch%Index%
   }
   Else {
      hkey%Index% := DllCall("Advapi32.dll\RegCloseKey", UINT, hkey%Index%, "UINT")
      If(DllCall("FreeLibrary", "UInt", hModule%Index%))
         hModule%Index%=
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "Unable to Register for Registry Notification Events for Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG") . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "")
      Return
   }
}


RegWatch3(Index) {
Local   ReturnValue
   Critical
   Index := NumGet(Index+0, 0, "UINT")
   If !(VarSetCapacity(hkey%Index%, 4, 0)) {
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "No Such Variable hkey" . Index
      Return
   }
   If !(hModule%Index% := DllCall("LoadLibrary", "str", "Advapi32.dll")) {
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "Unable to Load Dll Advapi32 for Registry Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG") . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "")
      Return
   }
   If(dllcall("Advapi32.dll\RegOpenKeyExA", UINT, RegRoot%Index%, Str, regsubkeystring%Index%, UINT, 0, UINT, KEY_NOTIFY, UINTP, hKey%Index%)) {
      If(DllCall("FreeLibrary", "UInt", hModule%Index%))
         hModule%Index%=
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "Invalid Key or Insufficient Rights for Opening Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG") . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "")
      Return
   }
   Critical, Off
   ReturnValue := dllcall("Advapi32.dll\RegNotifyChangeKeyValue", UINT, hKey%Index%, INT, bWatchSubtree%Index%, UINT, dwNotifyFilter%Index%, UINT, 0, INT, 0, "UINT")
   Critical
Begin_RegWatch3:
   If !ReturnValue
   {
      MsgBox, % "Something Has Changed in/with Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG")   . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "") . (bWatchSubtree%Index% = TRUE ? " or One of its Subkeys" : "")
      ; Your Code Goes Here
      Critical, Off
      ReturnValue := dllcall("Advapi32.dll\RegNotifyChangeKeyValue", UINT, hKey%Index%, INT, bWatchSubtree%Index%, UINT, dwNotifyFilter%Index%, UINT, 0, INT, 0, "UINT")
      Critical
      GoTo Begin_RegWatch%Index%
   }
   Else {
      hkey%Index% := DllCall("Advapi32.dll\RegCloseKey", UINT, hkey%Index%, "UINT")
      If(DllCall("FreeLibrary", "UInt", hModule%Index%))
         hModule%Index%=
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "Unable to Register for Registry Notification Events for Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG") . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "")
      Return
   }
}


RegWatch4(Index) {
Local   ReturnValue
   Critical
   Index := NumGet(Index+0, 0, "UINT")
   If !(VarSetCapacity(hkey%Index%, 4, 0)) {
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "No Such Variable hkey" . Index
      Return
   }
   If !(hModule%Index% := DllCall("LoadLibrary", "str", "Advapi32.dll")) {
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "Unable to Load Dll Advapi32 for Registry Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG") . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "")
      Return
   }
   If(dllcall("Advapi32.dll\RegOpenKeyExA", UINT, RegRoot%Index%, Str, regsubkeystring%Index%, UINT, 0, UINT, KEY_NOTIFY, UINTP, hKey%Index%)) {
      If(DllCall("FreeLibrary", "UInt", hModule%Index%))
         hModule%Index%=
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "Invalid Key or Insufficient Rights for Opening Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG") . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "")
      Return
   }
   Critical, Off
   ReturnValue := dllcall("Advapi32.dll\RegNotifyChangeKeyValue", UINT, hKey%Index%, INT, bWatchSubtree%Index%, UINT, dwNotifyFilter%Index%, UINT, 0, INT, 0, "UINT")
   Critical
Begin_RegWatch4:
   If !ReturnValue
   {
      MsgBox, % "Something Has Changed in/with Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG")   . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "") . (bWatchSubtree%Index% = TRUE ? " or One of its Subkeys" : "")
      ; Your Code Goes Here
      Critical, Off
      ReturnValue := dllcall("Advapi32.dll\RegNotifyChangeKeyValue", UINT, hKey%Index%, INT, bWatchSubtree%Index%, UINT, dwNotifyFilter%Index%, UINT, 0, INT, 0, "UINT")
      Critical
      GoTo Begin_RegWatch%Index%
   }
   Else {
      hkey%Index% := DllCall("Advapi32.dll\RegCloseKey", UINT, hkey%Index%, "UINT")
      If(DllCall("FreeLibrary", "UInt", hModule%Index%))
         hModule%Index%=
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "Unable to Register for Registry Notification Events for Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG") . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "")
      Return
   }
}


RegWatch5(Index) {
Local   ReturnValue
   Critical
   Index := NumGet(Index+0, 0, "UINT")
   If !(VarSetCapacity(hkey%Index%, 4, 0)) {
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "No Such Variable hkey" . Index
      Return
   }
   If !(hModule%Index% := DllCall("LoadLibrary", "str", "Advapi32.dll")) {
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "Unable to Load Dll Advapi32 for Registry Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG") . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "")
      Return
   }
   If(dllcall("Advapi32.dll\RegOpenKeyExA", UINT, RegRoot%Index%, Str, regsubkeystring%Index%, UINT, 0, UINT, KEY_NOTIFY, UINTP, hKey%Index%)) {
      If(DllCall("FreeLibrary", "UInt", hModule%Index%))
         hModule%Index%=
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "Invalid Key or Insufficient Rights for Opening Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG") . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "")
      Return
   }
   Critical, Off
   ReturnValue := dllcall("Advapi32.dll\RegNotifyChangeKeyValue", UINT, hKey%Index%, INT, bWatchSubtree%Index%, UINT, dwNotifyFilter%Index%, UINT, 0, INT, 0, "UINT")
   Critical
Begin_RegWatch5:
   If !ReturnValue
   {
      MsgBox, % "Something Has Changed in/with Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG")   . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "") . (bWatchSubtree%Index% = TRUE ? " or One of its Subkeys" : "")
      ; Your Code Goes Here
      Critical, Off
      ReturnValue := dllcall("Advapi32.dll\RegNotifyChangeKeyValue", UINT, hKey%Index%, INT, bWatchSubtree%Index%, UINT, dwNotifyFilter%Index%, UINT, 0, INT, 0, "UINT")
      Critical
      GoTo Begin_RegWatch%Index%
   }
   Else {
      hkey%Index% := DllCall("Advapi32.dll\RegCloseKey", UINT, hkey%Index%, "UINT")
      If(DllCall("FreeLibrary", "UInt", hModule%Index%))
         hModule%Index%=
      RegWatchAddress%Index% := DllCall("GlobalFree", UInt, RegWatchAddress%Index%)
      If(DllCall("CloseHandle", UInt, HndThread%Index%))
         HndThread%Index%=
      MsgBox, % "Unable to Register for Registry Notification Events for Key " . (RegRoot%Index% = HKEY_CLASSES_ROOT ? "HKEY_CLASSES_ROOT" : RegRoot%Index% = HKEY_CURRENT_USER ? "HKEY_CURRENT_USER" : RegRoot%Index% = HKEY_LOCAL_MACHINE ? "HKEY_LOCAL_MACHINE" : RegRoot%Index% = HKEY_USERS ? "HKEY_USERS" : RegRoot%Index% = HKEY_CURRENT_CONFIG ? "HKEY_CURRENT_CONFIG") . (regsubkeystring%Index% ? "\" . regsubkeystring%Index% : "")
      Return
   }
}


posted so your POC for semi-fork shows up in forum search. (ie. was hidden away in a zip).

note: this may not likely in future be most recent vers... just added to show up in search.

_________________
Joyce Jamce


Report this post
Top
 Profile  
Reply with quote  
Antonimo
 Post subject:
PostPosted: September 23rd, 2008, 4:26 pm 
Offline

Joined: April 28th, 2006, 12:12 pm
Posts: 55
I have modified the script to watch this key:

HKEY_CURRENT_USER\Control Panel\Desktop

Some application is stealing focus and I would prefer that it didn't. I have set the registry to not allow this but there is an application that is re-setting the key:

This is an excellent script - Many thanks for sharing


Report this post
Top
 Profile  
Reply with quote  
IsNull
 Post subject:
PostPosted: September 25th, 2008, 2:27 pm 
Offline
User avatar

Joined: May 10th, 2007, 10:54 am
Posts: 649
Location: .switzerland
Tertius, thanks a lot for this Code. I recently searched for that, but I've found nothing - until now.

amazing work. :D

_________________
http://securityvision.ch
AHK 2D GAME ENGINE


Report this post
Top
 Profile  
Reply with quote  
junfan
 Post subject:
PostPosted: October 10th, 2008, 6:34 am 
Offline

Joined: September 22nd, 2008, 7:37 am
Posts: 5
I cannot run the script . What happen to me ?

Please help .
thanks...

error in line 099.

If !(RegWatchAddress%A_Index% := RegisterCallback("RegWatch" . A_Index))


Report this post
Top
 Profile  
Reply with quote  
lilalurl.T32
 Post subject:
PostPosted: October 18th, 2008, 5:42 am 
Offline

Joined: May 17th, 2007, 6:03 pm
Posts: 391
Location: Titan
junfan wrote:
error in line 099.

If !(RegWatchAddress%A_Index% := RegisterCallback("RegWatch" . A_Index))


Do you have the latest version of AHK? If not, please update since RegisterCallback() only works with v1.0.47+.
________
Chevrolet hhr


Last edited by lilalurl.T32 on February 11th, 2011, 9:39 pm, edited 1 time in total.

Report this post
Top
 Profile  
Reply with quote  
Guest
 Post subject:
PostPosted: October 18th, 2008, 5:55 am 
it Works ! thanks a lot~


Report this post
Top
  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 15 posts ] 

Board index » AutoHotkey » Scripts

All times are UTC [ DST ]

Who is online

Users browsing this forum: stevep, Stigg and 13 guests

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Group