#1
|
|||
|
|||
What tool for Monitoring Application
Hello,
Please indicate a tool that can monitor an application at installation or when running, respectively, what files or registers access and/or create. Thanks, |
#2
|
|||
|
|||
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such as session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
Home/Download: Code:
https://learn.microsoft.com/en-us/sysinternals/downloads/procmon |
The Following User Says Thank You to DARKER For This Useful Post: | ||
niculaita (01-10-2023) |
#3
|
|||
|
|||
Maybe PRIMO (Program Installation Monitor) can help (i never tested it):
Code:
https://members.tripod.com/randy_hall/download.htm |
The Following User Says Thank You to Zeokat For This Useful Post: | ||
niculaita (01-10-2023) |
#4
|
|||
|
|||
Thanks for the suggestions, I will try both.
|
#5
|
|||
|
|||
Try also SysTracer.
Info here: Quote:
Quote:
|
The Following 2 Users Say Thank You to uranus64 For This Useful Post: | ||
alekine322 (01-13-2023), niculaita (01-10-2023) |
#6
|
|||
|
|||
Oh it's still alive since time?i remember of this,it were a good one.
__________________
I like this forum! |
The Following User Says Thank You to bolo2002 For This Useful Post: | ||
uranus64 (01-11-2023) |
#7
|
|||
|
|||
DiskPulse might also be an option for monitoring any files written to disk.
the free version is more than enough! Code:
https://www.diskpulse.com/downloads.html |
The Following 2 Users Say Thank You to Artic For This Useful Post: | ||
alekine322 (01-13-2023), niculaita (01-11-2023) |
#8
|
||||
|
||||
What about an app that catch insections made by a loader or a dll into an other exe ?
__________________
Decode and Conquer |
#9
|
|||
|
|||
Hi niculaita
You can use hollow_hunter or pe-sieve of hasherezade https://github.com/hasherezade/hollows_hunter |
The Following 4 Users Say Thank You to TQN For This Useful Post: | ||
alekine322 (01-13-2023), MarcElBichon (01-11-2023), niculaita (01-11-2023), wilson bibe (02-07-2023) |
#10
|
|||
|
|||
i remember there was some tools in Megasecurity [.org] Rat/Malware collection website.
it was like --> 1-run the main program , its collect all info 2-add your malware/exe/setup file 3-run into that app 4-after all setup/run finish 5-give you report what files are made ? what changes happen in to system or registry. p.s : i was collector for some month in megasecurity and MasterRat666 use this app for provide information on infection and all changes happen to system. p.s2 : maybe Archive.org help you in finding the name of that app ( i got over 100 Error try to remember that name in my mind :P ) |
The Following User Says Thank You to tK! For This Useful Post: | ||
niculaita (02-02-2023) |
#11
|
||||
|
||||
Buster Sandbox Analyzer
https://www.wilderssecurity.com/threads/buster-sandbox-analyzer.428538/
__________________
SnD |
The Following User Says Thank You to JeRRy For This Useful Post: | ||
DavidXanatos (02-07-2023) |
#12
|
|||
|
|||
I would like to add that the new sandboxie builds can log all syscalls of boxed processes.
|
#13
|
|||
|
|||
I suggest WinAPIOverride:
http://jacquelin.potier.free.fr/winapioverride32/ |
#14
|
|||
|
|||
Windows system can use process monitor, filemon
https://learn.microsoft.com/en-us/sysinternals/downloads/procmon |
#15
|
|||
|
|||
Additionally to those tools (especially Procmon64.exe), I use Martau TotalUninstall on my workstations to monitor my installed apps and to properly uninstall them. Does a system and registry snapshot before installation, and compares the differences, even if the installer requires a reboot (kernel drivers etc). I know it isn't foolproof for everything, but it gives me a first level of trust on my apps when I want to trace what they install. And when I want to deep further, procmon, sandboxie and VMs help a lot.
|
Thread Tools | |
Display Modes | |
|
|