WMI:monitor registry change
Question
In my project ,i want to monitor sofeware installation and unstallation in my system, so i use WMI event mechanism,but now i encounter a problem and have a question.
problem:
i want to monitor HKLM'SOFTWARE\\Microsoft\\Windows\\currentversion\\unistall',but code[1] works error(ExecNotificationQueryAnsync failed with =0x80041058).while code[2] works ok,what's wrong?
[1]
hres = pSvc->ExecNotificationQueryAsync(
_bstr_t("WQL"),
_bstr_t("SELECT * FROM RegistryTreeChangeEvent WITHIN 1 " "WHERE Hive='HKEY_LOCAL_MACHINE'" "AND RootPath='software\\Microsoft\\Windows\\currentversion\\unistall'"
),
WBEM_FLAG_SEND_STATUS,
NULL,
pStubSink);
[2]
hres = pSvc->ExecNotificationQueryAsync(
_bstr_t("WQL"),
_bstr_t("SELECT * FROM RegistryTreeChangeEvent WITHIN 1 " "WHERE Hive='HKEY_LOCAL_MACHINE'" "AND RootPath='software'"
),
WBEM_FLAG_SEND_STATUS,
NULL,
pStubSink);
question:in My event consumer ,i want to get the software's name ,how can i do ?
thanks!!
1 answers
solution1
0 2014-08-14 05:46:00
只需使用
SELECT * FROM RegistryTreeChangeEvent WITHIN 1 " "WHERE Hive='HKEY_LOCAL_MACHINE'" "AND RootPath='software\\\\Microsoft\\\\Windows\\\\currentversion\\\\unistall'"
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Monitor kernel registry changes
Using WMI to monitor process creation event
Change Brightness using WMI
Monitor registry using C++
From where WMI getting the installed software list in windows? (either from registry or any other location)
C++ variable change monitor
How to add/change registry in qt?
Registry and file system change identification
BHO cannot change registry values
c++ change hardware-IDs via WMI
Related Tags