I'm attempting to create a small utility to watch for the creation (or modification) of a specific registry key, and to kill the process responsible for causing that registry modification.

I have had success in watching the changes to the registry via a class called 'RegistryMonitor', however it does not give you any information on what process initiated the registry call, through some googling I found that a library called 'EasyHook' should be able to do what I want, but all the documentation states that its designed for a per-application hook.

The program itself is a temporary security patch, until our vendors come out with an official security update.

As best I can tell there isn't a way to do exactly what I want to accomplish from C#, which is the only language I can comfortable write, test and execute software in.

Any help on this would be appreciated

I'm considering watching the registry changes via the program I already have, then if the change is discovered (the pc is already infected) running RKill and locking down the PC to prevent the issue from getting any worse