Confused about registry activity

Roby Van Hoye deroby "at" mail.dma.be
Thu, 13 Jan 2000 09:48:57 +0000 

Hi there, 

I installed regmon (www.sysinternals.com) and found out the registry is
quite a busy place to be :)
Most of the activity can be traced back to "usefull" or "standard MS
behavior" (two very distinct categories :) but I also note vnc does some
things I wouldn't expect : 

(I've CSV'd the relevant output, using ';' as separator)

OpenKey;HKLM\SYSTEM\CurrentControlSet\Control\ServiceProvider\ServiceTypes;N
OTFOUND;
OpenKey;HKLM\SYSTEM\CurrentControlSet\Control\ServiceProvider\ServiceTypes;N
OTFOUND;
OpenKey;HKLM\System\CurrentControlSet\Services\VxD\MSTCP;SUCCESS;hKey:
0xC1216BFC
QueryValueEx;HKLM\System\CurrentControlSet\Services\VxD\MSTCP\HostName;SUCCE
SS;ROBYVH
CloseKey;HKLM\System\CurrentControlSet\Services\VxD\MSTCP;SUCCESS;
OpenKey;HKLM\System\CurrentControlSet\Services\VxD\MSTCP;SUCCESS;hKey:
0xC1216BFC
QueryValueEx;HKLM\System\CurrentControlSet\Services\VxD\MSTCP\Domain;SUCCESS;
CloseKey;HKLM\System\CurrentControlSet\Services\VxD\MSTCP;SUCCESS;
OpenKey;HKLM\System\CurrentControlSet\Control\CommAlias;NOTFOUND;
QueryValueEx;0xC1190F80\PORTNAME;SUCCESS;COM1
QueryValueEx;0xC1190F80\FRIENDLYNAME;SUCCESS;Communications Port (COM1)
QueryValueEx;0xC1183A2C\PORTNAME;SUCCESS;LPT1
QueryValueEx;0xC1183A2C\FRIENDLYNAME;SUCCESS;Printer Port (LPT1)
QueryValueEx;0xC122D2E4\PORTNAME;SUCCESS;COM2
QueryValueEx;0xC122D2E4\FRIENDLYNAME;SUCCESS;Generic Ir Serial Port (COM2)
OpenKey;HKLM\System\CurrentControlSet\Control\SessionManager\KnownVxDs;NOTFO
UND;
OpenKey;HKCU\RemoteAccess\Addresses;SUCCESS;hKey: 0xC1216BFC
QueryKey;HKCU\RemoteAccess\Addresses;SUCCESS;
QueryValueEx;HKCU\RemoteAccess\Addresses\Direct Cable Connection Host
Logon;NOTFOUND;
CloseKey;HKCU\RemoteAccess\Addresses;SUCCESS;
OpenKey;HKCU\RemoteAccess\Addresses;SUCCESS;hKey: 0xC1216BFC
QueryKey;HKCU\RemoteAccess\Addresses;SUCCESS;
QueryValueEx;HKCU\RemoteAccess\Addresses\Direct Cable Connection Host
Logon;NOTFOUND;
EnumValue;HKCU\RemoteAccess\Addresses;SUCCESS;
EnumValue;HKCU\RemoteAccess\Addresses;NOMORE;
CloseKey;HKCU\RemoteAccess\Addresses;SUCCESS;
QueryValueEx;0xC20A93A0\EnableAutodial;SUCCESS;0 0 0 0 

what's the use of scanning/reading all these values ? Normally I'd just
ignore but some little voice inside started dreaming about generic/direct
connections using the lpt port and stuff without the TCP protocol installed...

Probably just whishfull thinking, but who doesn't ask, never learns :)


Cu
Roby.


---------------------------------------------------------------------
The VNC mailing list - see http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------