Search notes:

Registry filtering driver

A registry filtering driver is notified of any WinAPI call to registry functions.
Such a driver runs in Kernel mode.
A registry filtering driver might be implemented by Antivirus Software.
A callback for filtering is created with CmRegisterCallbackEx and ended with CmUnRegisterCallback (wdm.h).

Links

https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/filtering-registry-calls

Index