1. Computing
About.com
Delphi
Monitoring Registry Changes
Page 1: About Registry monitoring and the RegNotifyChangeKeyValue API function
 More of this Feature
• Page 2: TRegMonitorThread
• Page 3: Sample project
• Page 4: Source CODE

Printer friendly versionPrinter friendly version
 Join the Discussion
"Post your views, comments, questions and doubts to this article."
Discuss!
 Related Resources
• Working with the Registry
• Threading in Delphi
• Message handling
• Writing components

• "Big Brother" - Part 1
• "Big Brother" - Part 2
• "Big Brother" - Part 3

So, you want to be a spy? Secret agent, code name 'ADP', interested in monitoring a user computer in every way? OK, after three episodes of the "Big Brother Delphi code toolkit", we are ready for the next stage!

Need to get notified about changes to the attributes or contents of a specified Registry key? Then you are ready for: Part 4 of your 'Big Brother' Delphi code toolkit.

How to monitor Registry?
It's *simple*, the Windows API function RegNotifyChangeKeyValue is capable of notifying the caller (your "Delphi code") about changes to the attributes or contents of a specified registry key. It even knows how to notify about changes that happened in the specified (Registry) key and all of its subkeys.

This is, in general, how the RegNotifyChangeKeyValue function operates, and how to make it work in the way you want it to:

  • You supply the function with an open Registry key handle and a Windows event object, plus some other attributes,
  • The function then uses the event to signal when a change occurs in the specified key,
  • The process of waiting for events needs to be handled in a (separate) thread, so that the main program is not blocked during the wait,
  • When a change occurs, you send a message to the window (form) that initiated registry monitoring,
  • Monitoring continues (thread runs) until you tell it to stop.

    RegNotifyChangeKeyValue
    First, let's look "into" the RegNotifyChangeKeyValue function. As with the most API functions, Delphi enables you to call it directly since it is declared in the Windows unit.

    Here's the declaration: 

    function RegNotifyChangeKeyValue(
    hKey : HKEY, // handle of key to watch 
    // flag for subkey notification 
    bWatchSubtree : LongBool, 
    // changes to be reported 
    dwNotifyFilter : Cardinal, 
    // handle of signaled event 
    hEvent : Cardinal,	
    // flag for asynchronous reporting  
    fAsynchronous : LongBool 
   ) : integer;

    A short description of the parameters:

  • hKey - Specifies an open key in which to look for changes. For example 'HKEY_LOCAL_MACHINE/Software/ADP'
  • bWatchSubtree - Specifies whether to watch for the changes in all the subkeys of the hKey parameter
  • dwNotifyFilter - Specifies a set of flags that control which changes should be reported. The value of this parameter can be a combination of the following values
      REG_NOTIFY_CHANGE_NAME - subkey is added or deleted
      REG_NOTIFY_CHANGE_ATTRIBUTES - attributes of the key are changed
      REG_NOTIFY_CHANGE_LAST_SET - value of a key is changed, added or deleted
      REG_NOTIFY_CHANGE_SECURITY - key security descriptor is changed
  • hEvent - handle to the event that gets fired
  • fAsynchronous - how to signal the event.

    OK, all set. Now we proceed to building a thread object with the main function of monitoring the Registry.
    But first, a note. If you have ever tried creating such a project yourself and were constantly having problems like: "it does not work on subkeys" or "it fires only once" or similar, ... read on ... all the problems are solved on the next page!

    Next page > Registry monitoring in a thread > Page 1, 2, 3

    ~ Zarko Gajic

    • ©2013 About.com. All rights reserved.