Read/write real time registry monitor in Windows Mobile 6.5

Question

I've a question.

Is there any way (application, script, etc.) to log, which registry keys my windows mobile application reads during work?

I need to fix an application, which uses third company DLLs (which uses registry keys) without any documentation (except comments in app source code).

The worst is that I don't have DLL's source code :(

Thank You for any response.

Answer 1

If you need to to do forensik analysis of an executable (dll or exe), first start with a strings dump of the dll or exe file. I use sysinternals strings to do so.

Next is to look at the imports and exports of the executable, I use dumpbin or FileAlayzer for that.

There is also a registry monitor available for windows mobile Armv4 devices.

Log file created by RegLogger 1.0 at 07.12.2013

0    QueryVal   HKLM     Signal Strength                \Windows\shell32.exe           Success   
1    QueryVal   HKLM     Status                         \Windows\shell32.exe           Success   
2    QueryVal   HKLM     Extended Status                \Windows\shell32.exe           Success   
3    QueryVal   HKLM     Active Call Count              \Windows\shell32.exe           Success   
4    QueryVal   HKCU     HasKeyboard                    \Windows\shell32.exe           Success   
5    QueryVal   HKLM     PROTOTYPE                      \Windows\shell32.exe           NotFound  
6    QueryVal   HKCU     HasKeyboard                    \Windows\shell32.exe           Success   
7    QueryVal   HKCU     HasKeyboard                    \Windows\shell32.exe           Success   
8    QueryVal   HKCU     Source                         \Windows\shell32.exe           NotFound  
9    QueryVal   040B3A20 39                             \Windows\shell32.exe           NotFound  
10   QueryVal   040B3A20 39                             \Windows\shell32.exe           NotFound  
11   QueryVal   040B3A20 39                             \Windows\shell32.exe           NotFound  
12   QueryVal   040B3A20 39                             \Windows\shell32.exe           NotFound

Monitor reg changes: http://geekswithblogs.net/BruceEitman/archive/2009/08/17/windows-ce-monitor-for-registry-changes.aspx

Use "RegLogger" to find a binary (at xda-developers.com?):

Another great tool for forensik analysis is sk-tools ssnap. You can take snapshots of the device registry and file and database system and then compare these snapshots.

Answer 2

You can use the State and Notification Broker (SNAPI) functions to get a callback whenever a registry key is modified.

MSDN has source examples at the link.