/WinService

Windows service for monitoring registry changes , process and drive mounting detection.

MIT LicenseMIT

WinService

Windows service for monitoring registry changes,process and drive mounting detection.

How Does It Work ?

A windows service is an application which runs in the background. In this project, a windows service will be built to monitor key events: registry changes, process monitoring, and drive mounting detection.This can eventually become a program to provide alerts for malicious activity.

Goal for Current Version

The first version of the service aims to detect near run-time changes in windows registry for different processes Steps:

  1. Build the basic outline for the service which performs simple functions (as proof of build)
  2. Add drive mount/unmount detection capability
  3. Add detection for number of children of processes
  4. Add registry key change detection functionality
  5. Add functionality to detect subkey changes as well
# Resources

Disclaimer

The author(s) and organization do not bear any responsibility for any damage caused by the use of this service. It is being built as a simple logging service inside windows which can detect certain changes. Any modifications which account to malicious use are prohibited, and the author(s) and organization cannot be held liable for use of such modified software.

Licensing

To be decided.