Project 7: Registry Profiler

A command-line tool that monitors a specified registry key for any changes. When a value is added, modified, or deleted under that key, your tool will print a notification to the console.

Quick Reference

Attribute Value
Primary Language C++
Alternative Languages C
Difficulty Level 2: Intermediate
Time Estimate 1-2 weeks
Knowledge Area Win32 API / Registry
Tooling Win32 API
Prerequisites Project 2, understanding of HANDLE objects.

What You Will Build

A command-line tool that monitors a specified registry key for any changes. When a value is added, modified, or deleted under that key, your tool will print a notification to the console.

Why It Matters

This project builds core skills that appear repeatedly in real-world systems and tooling.

Core Challenges

  • Opening registry keys with RegOpenKeyExW → maps to understanding registry hives (HKLM, HKCU) and access rights
  • Setting up notifications with RegNotifyChangeKeyValue → maps to asynchronous programming in Win32 using event handles
  • Waiting on kernel objects with WaitForSingleObject → maps to the core mechanism for waiting for events without burning CPU cycles
  • Interpreting what changed → maps to the realization that RegNotifyChangeKeyValue tells you *that something changed, but not *what**

Key Concepts

  • Registry Overview: Microsoft Docs - Registry
  • Asynchronous I/O with Events: “Windows System Programming, 4th Edition” - Chapter 9
  • Registry Functions: Microsoft Docs - Using the Registry

Real-World Outcome

> ./reg_profiler.exe "HKCU\Software\MyTestApp"
Monitoring registry key: HKCU\Software\MyTestApp
Press Ctrl+C to stop.

[CHANGE DETECTED] A value or subkey has changed.
[CHANGE DETECTED] A value or subkey has changed.
...

Implementation Guide

  1. Reproduce the simplest happy-path scenario.
  2. Build the smallest working version of the core feature.
  3. Add input validation and error handling.
  4. Add instrumentation/logging to confirm behavior.
  5. Refactor into clean modules with tests.

Milestones

  • Milestone 1: Minimal working program that runs end-to-end.
  • Milestone 2: Correct outputs for typical inputs.
  • Milestone 3: Robust handling of edge cases.
  • Milestone 4: Clean structure and documented usage.

Validation Checklist

  • Output matches the real-world outcome example
  • Handles invalid inputs safely
  • Provides clear errors and exit codes
  • Repeatable results across runs

References

  • Main guide: LEARN_WINDOWS_SYSTEMS_PROGRAMMING_CPP.md
  • “Windows Internals, Part 1, 7th Edition” by Russinovich, Solomon, and Ionescu