Determine process using reg key with CLI?

General (Technical, Procedural, Software, Hardware etc.)

Last Post by Jaysp 15 years ago

3 Posts

2 Users

0 Reactions

445 Views

RSS

Jaysp

(@jaysp)

Active Member

Joined: 15 years ago

Posts: 13

Topic starter 04/08/2010 12:06 pm

Is there a CLI tool that can determine what program is accessing or modifying a known bad registry key on a remote machine? I know procmon can do this on a local box, but I need something that isn't GUI based so it isn't intrusive to a remote user…

Quote

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

04/08/2010 4:27 pm

Handle.exe

ReplyQuote

Jaysp

(@jaysp)

Active Member

Joined: 15 years ago

Posts: 13

Topic starter 05/08/2010 5:44 am

How can I get handle to give me the process name?

handle -a | findstr BADKEY
Will only tell me that the key is being accessed, not by which program. Handle also doesn't monitor, which would be nice.

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
224 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed