Windows service for monitoring registry changes,process and drive mounting detection.
A windows service is an application which runs in the background. In this project, a windows service will be built to monitor key events: registry changes, process monitoring, and drive mounting detection.This can eventually become a program to provide alerts for malicious activity.
The first version of the service aims to detect near run-time changes in windows registry for different processes Steps:
- Build the basic outline for the service which performs simple functions (as proof of build)
- Add drive mount/unmount detection capability
- Add detection for number of children of processes
- Add registry key change detection functionality
- Add functionality to detect subkey changes as well
- Registry Windows Registry
- Windows process Process
The author(s) and organization do not bear any responsibility for any damage caused by the use of this service. It is being built as a simple logging service inside windows which can detect certain changes. Any modifications which account to malicious use are prohibited, and the author(s) and organization cannot be held liable for use of such modified software.
To be decided.