I know how to hook API. but I don't know what API is called when Registry is newly created.
I want to detect Registry Create Time and I want to know that Key, Data.
Is there any API available for hooking related to registry ?
And How to know that API is best?
I solve that.
Through msdn and procmon.exe, ZwCreateKey is called when create registry. so i hook this API. And get Data!
but still I don't know exactly correct about ZwCreateKey is best.