What tool for Monitoring Application

[Eugen]

Hello,
Please indicate a tool that can monitor an application at installation or when running, respectively, what files or registers access and/or create.
Thanks,

[DARKER]

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such as session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Home/Download:

Code:

https://learn.microsoft.com/en-us/sysinternals/downloads/procmon

[Zeokat]

Maybe PRIMO (Program Installation Monitor) can help (i never tested it):

Code:

https://members.tripod.com/randy_hall/download.htm

[Eugen]

Thanks for the suggestions, I will try both.

[uranus64]

Try also SysTracer.

Info here:

Quote:

https://www.blueproject.ro/systracer

Download here:

Quote:

http://www.blueproject.ro/systracer/download

[bolo2002]

Quote:

Originally Posted by uranus64

Try also SysTracer.

Info here:


Download here:

Oh it's still alive since time?i remember of this,it were a good one.

[Artic]

DiskPulse might also be an option for monitoring any files written to disk.

the free version is more than enough!

Code:

https://www.diskpulse.com/downloads.html

[niculaita]

What about an app that catch insections made by a loader or a dll into an other exe ?

[TQN]

Hi niculaita
You can use hollow_hunter or pe-sieve of hasherezade
https://github.com/hasherezade/hollows_hunter

[tK!]

i remember there was some tools in Megasecurity [.org] Rat/Malware collection website.

it was like -->
1-run the main program , its collect all info
2-add your malware/exe/setup file
3-run into that app
4-after all setup/run finish
5-give you report what files are made ? what changes happen in to system or registry.

p.s : i was collector for some month in megasecurity and MasterRat666 use this app for provide information on infection and all changes happen to system.

p.s2 : maybe Archive.org help you in finding the name of that app ( i got over 100 Error try to remember that name in my mind :P )

[JeRRy]

Buster Sandbox Analyzer

https://www.wilderssecurity.com/threads/buster-sandbox-analyzer.428538/

[DavidXanatos]

Quote:

Originally Posted by JeRRy

Buster Sandbox Analyzer

https://www.wilderssecurity.com/threads/buster-sandbox-analyzer.428538/

I would like to add that the new sandboxie builds can log all syscalls of boxed processes.

[BlackWhite]

I suggest WinAPIOverride:
http://jacquelin.potier.free.fr/winapioverride32/

[fqjp]

Windows system can use process monitor, filemon
https://learn.microsoft.com/en-us/sysinternals/downloads/procmon

[kerouanton]

Additionally to those tools (especially Procmon64.exe), I use Martau TotalUninstall on my workstations to monitor my installed apps and to properly uninstall them. Does a system and registry snapshot before installation, and compares the differences, even if the installer requires a reboot (kernel drivers etc). I know it isn't foolproof for everything, but it gives me a first level of trust on my apps when I want to trace what they install. And when I want to deep further, procmon, sandboxie and VMs help a lot.