What tool for Monitoring Application
 

Hello,
Please indicate a tool that can monitor an application at installation or when running, respectively, what files or registers access and/or create.
Thanks,

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such as session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Home/Download:

Maybe PRIMO (Program Installation Monitor) can help (i never tested it):

Thanks for the suggestions, I will try both.

Try also SysTracer.

Info here:
Download here:

Oh it's still alive since time?i remember of this,it were a good one.

DiskPulse might also be an option for monitoring any files written to disk.

the free version is more than enough!

What about an app that catch insections made by a loader or a dll into an other exe ?

Hi niculaita
You can use hollow_hunter or pe-sieve of hasherezade
https://github.com/hasherezade/hollows_hunter

i remember there was some tools in Megasecurity [.org] Rat/Malware collection website.

it was like -->
1-run the main program , its collect all info
2-add your malware/exe/setup file
3-run into that app
4-after all setup/run finish
5-give you report what files are made ? what changes happen in to system or registry.

p.s : i was collector for some month in megasecurity and MasterRat666 use this app for provide information on infection and all changes happen to system.

p.s2 : maybe Archive.org help you in finding the name of that app ( i got over 100 Error try to remember that name in my mind :P )

Buster Sandbox Analyzer

https://www.wilderssecurity.com/threads/buster-sandbox-analyzer.428538/

I would like to add that the new sandboxie builds can log all syscalls of boxed processes.

I suggest WinAPIOverride:
http://jacquelin.potier.free.fr/winapioverride32/

Windows system can use process monitor, filemon
https://learn.microsoft.com/en-us/sysinternals/downloads/procmon

Additionally to those tools (especially Procmon64.exe), I use Martau TotalUninstall on my workstations to monitor my installed apps and to properly uninstall them. Does a system and registry snapshot before installation, and compares the differences, even if the installer requires a reboot (kernel drivers etc). I know it isn't foolproof for everything, but it gives me a first level of trust on my apps when I want to trace what they install. And when I want to deep further, procmon, sandboxie and VMs help a lot.