Registry Monitor is a Python script designed to monitor changes in specific Windows registry keys. It logs these changes to a timestamped log file for auditing and debugging purposes.
- Monitors a predefined list of registry paths for changes.
- Logs changes with timestamps to a log file.
- Ensures the script runs with administrative privileges.
- Clean exit with proper handling of resources.
- Python 3.x
pywin32library
-
Clone the Repository:
git clone https://github.com/yourusername/RegistryMonitor.git cd RegistryMonitor -
Install Dependencies:
pip install pywin32
-
Run the Script:
python src/main.py
-
Monitor Changes:
- The script will automatically log changes detected in the specified registry keys.
- Logs are saved in the
logsdirectory with a timestamped filename.
The script monitors the following registry paths:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PoliciesHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows(AppInit_DLLs)HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinlogonHKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution OptionsHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\UninstallHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell FoldersHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell FoldersHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend(Start)HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc(Start)HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv(Start)
you can simply add your own registry paths if desired.