Determine process using reg key with CLI?

General (Technical, Procedural, Software, Hardware etc.)

Last Post by Jaysp 16 years ago

3 Posts

2 Users

0 Reactions

610 Views

RSS

Jaysp

(@jaysp)

Active Member

Joined: 16 years ago

Posts: 13

Topic starter 04/08/2010 12:06 pm [#6245]

Is there a CLI tool that can determine what program is accessing or modifying a known bad registry key on a remote machine? I know procmon can do this on a local box, but I need something that isn't GUI based so it isn't intrusive to a remote user…

Quote

keydet89

(@keydet89)

Famed Member

Joined: 22 years ago

Posts: 3568

04/08/2010 4:27 pm

Handle.exe

ReplyQuote

Jaysp

(@jaysp)

Active Member

Joined: 16 years ago

Posts: 13

Topic starter 05/08/2010 5:44 am

How can I get handle to give me the process name?

handle -a | findstr BADKEY
Will only tell me that the key is being accessed, not by which program. Handle also doesn't monitor, which would be nice.

ReplyQuote

Video Timing In Amped FIVE

Video timing can make or break forensic interpretation ...

By Zoe , 11 hours ago
Interview: Andreas Antonsen, Founder, STNDRDS AB

Andreas Antonsen, founder of STNDRDS AB, explains why S...

By Zoe , 1 day ago
Interview: Andreas Antonsen, Founder, STNDRDS AB

Andreas Antonsen, founder of STNDRDS AB, explains why S...

By Zoe , 1 day ago

8 Forums
15.8 K Topics
92.4 K Posts
26 Online
41.7 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed