Hi!

I use an add-on for Visual Studio 2005 and would like to only log registry access done by the add-on itself (which resides in a dll).

If I use Regmon, the add-on's activity is logged using the parent process, devenv.exe - which is a problem, since the log contains thousands of other entries (from other add-ons and VS itself as well).

Luckily, I could find a sequence of entries that belong to the add-on and track down the one that was causing trouble.

However, is there a way to log only the access done by the add-on's DLL itself?

Use an API-logger that displays calling-addresses, target the registry access APIs, and then filter out all the calls that originate in the address space that the DLL was loaded/relocated into during this exact session of the program (might be different addresses between different runs of the program).

Regmon can do it, AFAIK.

The "Other" tab in the regmon result listbox displays the name and path of the MODULE that made the registry call.
You could copy the log data to a spreadsheet or some other text processing app and delete everything that was not originated from your add-in .dll.

Also, play around with the filter/highlight features of regmon. I think the utility is more powerful than it seems. . .

Good idea. Will do.

Unfortunately it displays the result of the registry query (key values) in the "Other" tab and not the name and path of the module.

Do you know a registry monitor that displays the module?

Ummhh. I have the last version. 7.04

Here is a screen shot of my RegMon session:

Perhaps playing with Regmon Settings?

Naides, please take a look in your registry at what the "(Default)" value of the key referenced in your regedit session is... Now, try to figure out what the secret connection is between "the result of a query operation" of that value, that value, and what is written in your "other" column... The quotes should have awoken your suspicion dude...

I did think I would have remembered such a feature in regmon...

Sorry, my Deep fucking fault, nanobyte, delta is right.

I tested a couple of apps and it seemed that the calling module was listed at "other".

Now, slash me. . .

I guess you have to go straight to your room without supper! No wait, that's probably where your computer is.

Regards,