Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page What tool for Monitoring Application
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-09-2023, 17:46
Eugen Eugen is offline
Friend
  
Join Date: Aug 2002
Posts: 17
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 6
Thanks Rcvd at 1 Time in 1 Post
Eugen Reputation: 0
What tool for Monitoring Application
Hello,
Please indicate a tool that can monitor an application at installation or when running, respectively, what files or registers access and/or create.
Thanks,
Reply With Quote
  #2  
Old 01-09-2023, 19:39
DARKER DARKER is offline
VIP
  
Join Date: Jul 2004
Location: Somewhere Over the Rainbow
Posts: 410
Rept. Given: 14
Rept. Rcvd 111 Times in 46 Posts
Thanks Given: 10
Thanks Rcvd at 585 Times in 159 Posts
DARKER Reputation: 100-199 DARKER Reputation: 100-199
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such as session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Home/Download:
Code:
https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
Reply With Quote
The Following User Says Thank You to DARKER For This Useful Post:
niculaita (01-10-2023)
  #3  
Old 01-10-2023, 02:33
Zeokat Zeokat is offline
Friend
  
Join Date: Dec 2017
Posts: 71
Rept. Given: 0
Rept. Rcvd 11 Times in 8 Posts
Thanks Given: 308
Thanks Rcvd at 189 Times in 47 Posts
Zeokat Reputation: 11
Maybe PRIMO (Program Installation Monitor) can help (i never tested it):

Code:
https://members.tripod.com/randy_hall/download.htm
Reply With Quote
The Following User Says Thank You to Zeokat For This Useful Post:
niculaita (01-10-2023)
  #4  
Old 01-10-2023, 03:10
Eugen Eugen is offline
Friend
  
Join Date: Aug 2002
Posts: 17
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 6
Thanks Rcvd at 1 Time in 1 Post
Eugen Reputation: 0
Thanks for the suggestions, I will try both.
Reply With Quote
  #5  
Old 01-10-2023, 05:15
uranus64 uranus64 is offline
VIP
  
Join Date: Mar 2011
Location: EE
Posts: 309
Rept. Given: 591
Rept. Rcvd 462 Times in 140 Posts
Thanks Given: 417
Thanks Rcvd at 225 Times in 75 Posts
uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499
Try also SysTracer.

Info here:
Quote:
https://www.blueproject.ro/systracer
Download here:
Quote:
http://www.blueproject.ro/systracer/download
Reply With Quote
The Following 2 Users Say Thank You to uranus64 For This Useful Post:
alekine322 (01-13-2023), niculaita (01-10-2023)
  #6  
Old 01-11-2023, 00:20
bolo2002 bolo2002 is offline
VIP
  
Join Date: Apr 2002
Posts: 584
Rept. Given: 107
Rept. Rcvd 14 Times in 13 Posts
Thanks Given: 189
Thanks Rcvd at 225 Times in 146 Posts
bolo2002 Reputation: 14
Quote:
Originally Posted by uranus64 View Post
Try also SysTracer.

Info here:


Download here:
Oh it's still alive since time?i remember of this,it were a good one.
__________________
I like this forum!
Reply With Quote
The Following User Says Thank You to bolo2002 For This Useful Post:
uranus64 (01-11-2023)
  #7  
Old 01-11-2023, 02:47
Artic Artic is offline
Friend
  
Join Date: Jul 2014
Location: target folder
Posts: 109
Rept. Given: 53
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 162
Thanks Rcvd at 42 Times in 24 Posts
Artic Reputation: 15
DiskPulse might also be an option for monitoring any files written to disk.

the free version is more than enough!

Code:
https://www.diskpulse.com/downloads.html
Reply With Quote
The Following 2 Users Say Thank You to Artic For This Useful Post:
alekine322 (01-13-2023), niculaita (01-11-2023)
  #8  
Old 01-11-2023, 03:48
niculaita's Avatar
niculaita niculaita is offline
Family
  
Join Date: Jun 2011
Location: here
Posts: 1,331
Rept. Given: 946
Rept. Rcvd 88 Times in 60 Posts
Thanks Given: 4,104
Thanks Rcvd at 482 Times in 339 Posts
niculaita Reputation: 88
What about an app that catch insections made by a loader or a dll into an other exe ?
__________________
Decode and Conquer
Reply With Quote
  #9  
Old 01-11-2023, 07:47
TQN TQN is online now
VIP
  
Join Date: Apr 2003
Location: Vietnam
Posts: 327
Rept. Given: 137
Rept. Rcvd 11 Times in 9 Posts
Thanks Given: 130
Thanks Rcvd at 81 Times in 35 Posts
TQN Reputation: 12
Hi niculaita
You can use hollow_hunter or pe-sieve of hasherezade
https://github.com/hasherezade/hollows_hunter
Reply With Quote
The Following 4 Users Say Thank You to TQN For This Useful Post:
alekine322 (01-13-2023), MarcElBichon (01-11-2023), niculaita (01-11-2023), wilson bibe (02-07-2023)
  #10  
Old 02-01-2023, 23:15
tK! tK! is offline
Family
  
Join Date: Jan 2013
Posts: 163
Rept. Given: 7
Rept. Rcvd 121 Times in 34 Posts
Thanks Given: 23
Thanks Rcvd at 65 Times in 39 Posts
tK! Reputation: 100-199 tK! Reputation: 100-199
i remember there was some tools in Megasecurity [.org] Rat/Malware collection website.

it was like -->
1-run the main program , its collect all info
2-add your malware/exe/setup file
3-run into that app
4-after all setup/run finish
5-give you report what files are made ? what changes happen in to system or registry.

p.s : i was collector for some month in megasecurity and MasterRat666 use this app for provide information on infection and all changes happen to system.

p.s2 : maybe Archive.org help you in finding the name of that app ( i got over 100 Error try to remember that name in my mind :P )
Reply With Quote
The Following User Says Thank You to tK! For This Useful Post:
niculaita (02-02-2023)
  #11  
Old 02-06-2023, 11:12
JeRRy's Avatar
JeRRy JeRRy is offline
VIP
  
Join Date: Oct 2010
Posts: 120
Rept. Given: 90
Rept. Rcvd 204 Times in 72 Posts
Thanks Given: 14
Thanks Rcvd at 24 Times in 11 Posts
JeRRy Reputation: 200-299 JeRRy Reputation: 200-299 JeRRy Reputation: 200-299
Buster Sandbox Analyzer

https://www.wilderssecurity.com/threads/buster-sandbox-analyzer.428538/
__________________
SnD
Reply With Quote
The Following User Says Thank You to JeRRy For This Useful Post:
DavidXanatos (02-07-2023)
  #12  
Old 02-07-2023, 04:22
DavidXanatos DavidXanatos is offline
Family
  
Join Date: Jun 2018
Posts: 180
Rept. Given: 2
Rept. Rcvd 45 Times in 31 Posts
Thanks Given: 57
Thanks Rcvd at 344 Times in 116 Posts
DavidXanatos Reputation: 45
Quote:
Originally Posted by JeRRy View Post
Buster Sandbox Analyzer

https://www.wilderssecurity.com/threads/buster-sandbox-analyzer.428538/
I would like to add that the new sandboxie builds can log all syscalls of boxed processes.
Reply With Quote
The Following 2 Users Say Thank You to DavidXanatos For This Useful Post:
Max (02-09-2023), Stingered (02-07-2023)
  #13  
Old 02-20-2023, 11:27
BlackWhite BlackWhite is offline
Friend
  
Join Date: Apr 2013
Posts: 73
Rept. Given: 4
Rept. Rcvd 11 Times in 5 Posts
Thanks Given: 11
Thanks Rcvd at 40 Times in 17 Posts
BlackWhite Reputation: 11
I suggest WinAPIOverride:
http://jacquelin.potier.free.fr/winapioverride32/
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 09:44.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2023 )