NTREGMON
--------
Copyright (C) 1996 Mark Russinovich and Bryce Cogswell
You have the right to use this source in whatever way you wish.

Running NTRegmon
----------------
Go to the GUI\RELEASE directory and type "ntregmon." Or copy the REGMON.EXE and REGSYS.SYS
files to another directory and run it from there. NTRegmon has been tested on NT 3.51
and all versions of NT 4.0 up to build 1381. This includes NT 4.0 beta 1, beta 2, RC 1
and the final release.

Building NTRegmon
-----------------

REGSYS.SYS	The device driver was built with the MS VC++ 4.1 compiler and the 
		NT 4.0 Beta 2 DDK. Build it with the standard NT DDK build tools.

REGMON.EXE	The gui was built with MS VC++ 4.1 and the NT 4.0 SDK.

Note
----

After the article was printed we discovered that the service table can be located by
referencing an exported NTOSKRNL variable called, KeServiceDescriptorTable. This
means that there is no need to know the offset into the TEB where the pointer this
table is located. This removes one of the platform specific ties of NTRegmon.


Contact Us
----------
Mark can be reached at mark@osr.com
Bryce can be reached at cogswell@cs.uoregon.edu
