Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-09-2023, 17:46
Eugen Eugen is offline
Friend
 
Join Date: Aug 2002
Posts: 17
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 6
Thanks Rcvd at 1 Time in 1 Post
Eugen Reputation: 0
What tool for Monitoring Application

Hello,
Please indicate a tool that can monitor an application at installation or when running, respectively, what files or registers access and/or create.
Thanks,
Reply With Quote
  #2  
Old 01-09-2023, 19:39
DARKER DARKER is offline
VIP
 
Join Date: Jul 2004
Location: Somewhere Over the Rainbow
Posts: 454
Rept. Given: 15
Rept. Rcvd 119 Times in 51 Posts
Thanks Given: 11
Thanks Rcvd at 734 Times in 194 Posts
DARKER Reputation: 100-199 DARKER Reputation: 100-199
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such as session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Home/Download:
Code:
https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
Reply With Quote
The Following User Says Thank You to DARKER For This Useful Post:
niculaita (01-10-2023)
  #3  
Old 01-10-2023, 02:33
Zeokat Zeokat is offline
Friend
 
Join Date: Dec 2017
Posts: 81
Rept. Given: 0
Rept. Rcvd 14 Times in 10 Posts
Thanks Given: 378
Thanks Rcvd at 227 Times in 56 Posts
Zeokat Reputation: 14
Maybe PRIMO (Program Installation Monitor) can help (i never tested it):

Code:
https://members.tripod.com/randy_hall/download.htm
Reply With Quote
The Following User Says Thank You to Zeokat For This Useful Post:
niculaita (01-10-2023)
  #4  
Old 01-10-2023, 03:10
Eugen Eugen is offline
Friend
 
Join Date: Aug 2002
Posts: 17
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 6
Thanks Rcvd at 1 Time in 1 Post
Eugen Reputation: 0
Thanks for the suggestions, I will try both.
Reply With Quote
  #5  
Old 01-10-2023, 05:15
uranus64 uranus64 is offline
VIP
 
Join Date: Mar 2011
Location: EE
Posts: 315
Rept. Given: 595
Rept. Rcvd 462 Times in 140 Posts
Thanks Given: 480
Thanks Rcvd at 241 Times in 82 Posts
uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499 uranus64 Reputation: 400-499
Try also SysTracer.

Info here:
Quote:
https://www.blueproject.ro/systracer
Download here:
Quote:
http://www.blueproject.ro/systracer/download
Reply With Quote
The Following 2 Users Say Thank You to uranus64 For This Useful Post:
alekine322 (01-13-2023), niculaita (01-10-2023)
  #6  
Old 01-11-2023, 00:20
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 614
Rept. Given: 111
Rept. Rcvd 14 Times in 13 Posts
Thanks Given: 217
Thanks Rcvd at 238 Times in 152 Posts
bolo2002 Reputation: 14
Quote:
Originally Posted by uranus64 View Post
Try also SysTracer.

Info here:


Download here:
Oh it's still alive since time?i remember of this,it were a good one.
__________________
I like this forum!
Reply With Quote
The Following User Says Thank You to bolo2002 For This Useful Post:
uranus64 (01-11-2023)
  #7  
Old 01-11-2023, 02:47
Artic Artic is offline
Friend
 
Join Date: Jul 2014
Location: target folder
Posts: 110
Rept. Given: 48
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 178
Thanks Rcvd at 42 Times in 24 Posts
Artic Reputation: 15
DiskPulse might also be an option for monitoring any files written to disk.

the free version is more than enough!

Code:
https://www.diskpulse.com/downloads.html
Reply With Quote
The Following 2 Users Say Thank You to Artic For This Useful Post:
alekine322 (01-13-2023), niculaita (01-11-2023)
  #8  
Old 01-11-2023, 03:48
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 1,342
Rept. Given: 947
Rept. Rcvd 89 Times in 61 Posts
Thanks Given: 4,299
Thanks Rcvd at 479 Times in 338 Posts
niculaita Reputation: 89
What about an app that catch insections made by a loader or a dll into an other exe ?
__________________
Decode and Conquer
Reply With Quote
  #9  
Old 01-11-2023, 07:47
TQN TQN is online now
VIP
 
Join Date: Apr 2003
Location: Vietnam
Posts: 342
Rept. Given: 142
Rept. Rcvd 20 Times in 12 Posts
Thanks Given: 166
Thanks Rcvd at 129 Times in 42 Posts
TQN Reputation: 20
Hi niculaita
You can use hollow_hunter or pe-sieve of hasherezade
https://github.com/hasherezade/hollows_hunter
Reply With Quote
The Following 4 Users Say Thank You to TQN For This Useful Post:
alekine322 (01-13-2023), MarcElBichon (01-11-2023), niculaita (01-11-2023), wilson bibe (02-07-2023)
  #10  
Old 02-01-2023, 23:15
tK! tK! is offline
Family
 
Join Date: Jan 2013
Posts: 171
Rept. Given: 7
Rept. Rcvd 121 Times in 34 Posts
Thanks Given: 31
Thanks Rcvd at 76 Times in 44 Posts
tK! Reputation: 100-199 tK! Reputation: 100-199
i remember there was some tools in Megasecurity [.org] Rat/Malware collection website.

it was like -->
1-run the main program , its collect all info
2-add your malware/exe/setup file
3-run into that app
4-after all setup/run finish
5-give you report what files are made ? what changes happen in to system or registry.

p.s : i was collector for some month in megasecurity and MasterRat666 use this app for provide information on infection and all changes happen to system.

p.s2 : maybe Archive.org help you in finding the name of that app ( i got over 100 Error try to remember that name in my mind :P )
Reply With Quote
The Following User Says Thank You to tK! For This Useful Post:
niculaita (02-02-2023)
  #11  
Old 02-06-2023, 11:12
JeRRy's Avatar
JeRRy JeRRy is offline
VIP
 
Join Date: Oct 2010
Posts: 121
Rept. Given: 89
Rept. Rcvd 205 Times in 72 Posts
Thanks Given: 14
Thanks Rcvd at 26 Times in 12 Posts
JeRRy Reputation: 200-299 JeRRy Reputation: 200-299 JeRRy Reputation: 200-299
Buster Sandbox Analyzer

https://www.wilderssecurity.com/threads/buster-sandbox-analyzer.428538/
__________________
SnD
Reply With Quote
The Following User Says Thank You to JeRRy For This Useful Post:
DavidXanatos (02-07-2023)
  #12  
Old 02-07-2023, 04:22
DavidXanatos DavidXanatos is offline
Family
 
Join Date: Jun 2018
Posts: 179
Rept. Given: 2
Rept. Rcvd 46 Times in 32 Posts
Thanks Given: 58
Thanks Rcvd at 350 Times in 116 Posts
DavidXanatos Reputation: 46
Quote:
Originally Posted by JeRRy View Post
Buster Sandbox Analyzer

https://www.wilderssecurity.com/threads/buster-sandbox-analyzer.428538/
I would like to add that the new sandboxie builds can log all syscalls of boxed processes.
Reply With Quote
The Following 2 Users Say Thank You to DavidXanatos For This Useful Post:
Max (02-09-2023), Stingered (02-07-2023)
  #13  
Old 02-20-2023, 11:27
BlackWhite BlackWhite is offline
Friend
 
Join Date: Apr 2013
Posts: 80
Rept. Given: 4
Rept. Rcvd 14 Times in 6 Posts
Thanks Given: 12
Thanks Rcvd at 48 Times in 21 Posts
BlackWhite Reputation: 14
I suggest WinAPIOverride:
http://jacquelin.potier.free.fr/winapioverride32/
Reply With Quote
  #14  
Old 07-14-2023, 10:02
fqjp fqjp is offline
Friend
 
Join Date: Apr 2011
Posts: 43
Rept. Given: 1
Rept. Rcvd 2 Times in 1 Post
Thanks Given: 2
Thanks Rcvd at 34 Times in 18 Posts
fqjp Reputation: 2
Windows system can use process monitor, filemon
https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
Reply With Quote
  #15  
Old 10-01-2023, 22:05
kerouanton kerouanton is offline
Guest
 
Join Date: Sep 2023
Posts: 2
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
kerouanton Reputation: 0
Additionally to those tools (especially Procmon64.exe), I use Martau TotalUninstall on my workstations to monitor my installed apps and to properly uninstall them. Does a system and registry snapshot before installation, and compares the differences, even if the installer requires a reboot (kernel drivers etc). I know it isn't foolproof for everything, but it gives me a first level of trust on my apps when I want to trace what they install. And when I want to deep further, procmon, sandboxie and VMs help a lot.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 16:21.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )