监视注册表的某一个位置的值的变化

  • 主题发起人 主题发起人 import
  • 开始时间 开始时间
I

import

Unregistered / Unconfirmed
GUEST, unregistred user!
SHELL32.DLL:
RegNotifyChangeKeyValue
SHChangeNotifyDeregister
HANDLE WINAPI SHChangeNotifyRegister(HWND hWnd,DWORD dwFlags,LONG wEventMask,UINT uMsg,DWORD cItems, LPCNOTIFYREGISTER lpItems); index 2;
 
BOOL WINAPI SHChangeNotifyDeregister(HANDLE hNotify);index 4; //hNotify Come form SHChangeNotifyRegister
HANDLE WINAPI SHChangeNotification_Lock(HANDLE hMemoryMap,DWORD dwProcessId,LPCITEMIDLIST **lppidls,LPLONG lpwEventId); index 644;
 
BOOL WINAPI SHChangeNotification_Unlock(HANDLE hLock); index 645;
Ex:
LPCITEMIDLIST *pidls;
LONG wEventId;
if (bRunningWindowsNT) {
HANDLE hLock;
hLock = SHChangeNotification_Lock(
(HANDLE)wParam, (DWORD)lParam,
&pidls, &wEventId);
if (hLock) {
ProcessEvent(wEventId,
pidls[0], pidls[1]);
SHChangeNotification_Unlock(hLock);
}
}
else {
pidls = (LPCITEMIDLIST*)wParam;
wEventId = (LONG)lParam;
ProcessEvent(wEventId,
pidls[0], pidls[1]);
}
我曾经做过一测试的程序,不过有点问题,我把全部代码贴出来吧:
unit reg1;
interface
uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,registry,
StdCtrls;
const
machine_rootkey=HKEY_LOCAL_MACHINE;
user_rootkey=HKEY_CURRENT_USER;
defaultuser_rootkey=HKEY_USERS;
subkey1='SOFTWARE';
subkey2='SOFTWARE';
function regmonitor(hkeys:hkey;keys:string):boolean;
type
TForm1 = class(TForm)
Button1: TButton;
Button2: TButton;
Memo1: TMemo;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.DFM}
function regmonitor(hkeys:hkey;keys:string):boolean;
var
reg1:tregistry;
begin
reg1:=tregistry.Create;
reg1.RootKey:=hkeys;
try
reg1.OpenKey(keys,false);
//我的问题是在这下面的几句,当我执行时,如果注册表里我指定的键没被改变过,程序
//好像失去响应一样,你试试就知道了,也许要用多线程才行,不过我后来没去试了
application.ProcessMessages;
if RegNotifyChangeKeyValue(reg1.CurrentKey,false,REG_NOTIFY_CHANGE_NAME+REG_NOTIFY_CHANGE_LAST_SET,0,false)=ERROR_SUCCESS then
result:=true
else
result:=false;
finally
reg1.CloseKey;
reg1.Free;
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
memo1.Lines.Clear;
if regmonitor(machine_rootkey,subkey1) then
memo1.Lines.Add('registry is monitored')
else
memo1.Lines.Add('registry monitors fail');
end;
end.
 
 
后退
顶部