This is interesting. If I got the message correctly, you actually meant that every registry key (such as HKLM/SYSTEM/CurrentControlSet/Control/PriorityControl) has a timestamp (for last write), not just each registry hive (such as HKLM or HKCU). How can we find out this "last write time" of each registry key value? Are there any programs for this purpose? Or which system calls can be used? Thanks. Frank Heyne wrote: > > On 30 May 2001, at 6:27, VanMeter, John wrote: > > > What subkeys under HKLM and HKCU contains this gold mine of information? > > Similiar to every file, *every* Registry key has a time stamp as well. The > difference is that a Registry key only contains one time stamp (last write). > So you only can read the time when the *last* value under any key was > changed, nothing more. It does work only under Win NTx, not Win9x > > Frank Heyne -- Tan Sze Yan | Computer Security Lab Research Engineer | DSO National Laboratories Tel: (65)7727379 | 20 Science Park Drive Fax: (65)7755943 | Singapore 118230
This archive was generated by hypermail 2b30 : Thu May 31 2001 - 12:21:59 PDT