DotNetShoutout

Welcome!

DotNetShoutout is a place where you can find the latest Microsoft .NET stories to increase your skills and share your opinions.

Enjoy participating in this community and see which other people in our industry are getting Shoutouts.

faq »

3
Shouts

Shout it

Get managed call-stacks in .NET for Registry access using ETW

published 1091 days, 19 hours, 47 minutes ago posted by

reshmi 1092 days, 12 hours, 59 minutes ago

I was recently debugging managed code which was accessing system registry implicitly because of an external dependent library. So the first thing I asked was a Procmon log for of registry access. And then I also wanted look at the call-stacks for registry access, which Procmon does provide. Here is a sample call-stack from Procmon for registry access. I am using linqpad as an example in this ntoskrnl.exe CmpCallCallBacks + 0x1c0 0xfffff80002c870d0

ntoskrnl.exe ?? ::NNGAKEGL::`string’ + 0x4...

category: Architecture | clicked: 3 | | source: naveensrinivasan.com | show counter code

tags: ETW, dotnet

Border color:

Shout it Backcolor:

Shout it Forecolor:

Count Backcolor:

Count Forecolor:

Preview

update reset

DotNetShoutout

Welcome!

Get managed call-stacks in .NET for Registry access using ETW

No comments yet, be the first one to post comment.

Open ID Login

Standard Login

Forgot Password?

Sign up