I am using EasyHook to build a registry sandbox around an application.
That is: I hook win32 api registry functions as soon as the application is loaded and then I try to redirect all read and write calls to registry to my own shadow registry keys.
So far I have implemented a small monitoring application and I notice that EasyHook is not able to hook all the calls. When I run Sysinternals Process Monitor on the same application. Then the latter create more entries in the log.
Did anyone have a similar experience?
It is especially some of the RegOpenKey calls that are missing. In my monitor it is actually RegOpenKeyEx that show up occasionally.
If you are interested you can find all my registry hooks here: