======================================================================== RegMonEx 1.3.0.87 Read Me 23rd dec 97 ======================================================================== (c) 1997 by Jan Sultan (jsultan@tecs.de) See the RegMonEx homepage at: http://stud.fh-wedel.de/~ii6059 Disclaimer: RegMonEx is freeware and provided "as is". You use it on your own risk! The author does not take any responsibilites for any damage caused by the use of the software or any of its components. RegMonEx was written by Jan Sultan. This program is based on RegMon created by Mark Russinovich and Bryce Cogswell. For more HARDCORE Tools visit their webpage at: http://www.ntinternals.com Thanks to all the users of RegMonEx who provided feedback. I've tried to implement as much of the suggestions as I could. Since RegMonEx is not commercial I can do no extensive testing or QA. If you find any bugs please notify me with an email. Comments and critics on RegMonEx are very welcome. Share knowledge, Support creativity! Have fun and happy hacking! Jan What is RegMonEx? ======================================================================== RegMonEx is a registry monitoring tool. Once running it captures all calls to any registry releated API function and displays them in the RegMonEx-window. Installing RegMonEx ======================================================================== For Windows 95 copy RegMonEx.exe and Regvxd.vxd into a local directory on your harddisk. For Windows NT copy RegMonExNT.exe and RegMon.sys into a local directory on you harddisk. Thats all! Start RegMonEx by running RegMonEx.exe/RegMonExNT.exe How to use RegMonEx (quick start) ======================================================================== When RegMonEx is running "Capture" should be enabled by default. If somehow the driver could not be loaded "Capture" may be disabled. In this case make sure the driver is in the same directory as the executable and you use the appropriate version matching you OS. Once "Capture" is enabled RegMonEx captures all accesses to the registry and lists them in the window. With "Events" "Filter" you can define a filter, so not all regitry accesses will be captured. With "View" "Filter" you can define a view filter, so only selected items will be displayed. Known Problems/Issues ======================================================================== Under Windows 95 be aware that heavy registry access may let the driver crash. For example if you run RegMon and RegEdit and perform a search with no match (this means the whole registry will be read) the driver may crash (it does on my machine). This will cause the program accessing the registry to crash. If there is heavy registry access RegMonEx will pump up its own priority to process all the information. This may slow down other programs running. If registry access gets back to normal and RegMon has read all data from the driver it will set its priority back to normal. In the case mentioned above RegMonEx sometime seems to hang. But this is normal since the program is very busy reading all data from the driver. So if the window is not repainted properly wait some time before killing the process. The printing routines are not bulletproof yet. So you may expierence problems when you have extreme long paths in your document. See RelNotes.txt for further information. Sourcecode ======================================================================== Sourcecode for v1.2 is available on demand (send me an email). Please understand that I can't answer any questions concerning the sourcecode. The sources are provided like the program "as is". Please do not send me mails asking how to do this or that. You should check the newsgroups and the ms newsserver for that. You may use the sourcecode of this program in any way you like. As long as you do not use it comercially! If you decide to use it, please notify me with an email and mention the the original authors. Building RegMonEx ======================================================================== -RegMonEx was created using Visual C++ 4.2/5.0 and MFC 4.2/4.21. I've included the workspaces for VC5.0 with the sources -Before you build RegMonEx you must define either WINNT or WIN95. -Make sure depending on WINNT/Win95 to include the correct IOCTLCMD.H. -Rember to copy the driver into the build directory and set the working directory right when running it from debugger. -See RelNotes.txt for further information.