From Collaborative RCE Tool Library

Jump to: navigation, search

Process Monitoring Tools


Tool name: Process Explorer
Rating: 5.0 (2 votes)
Author: Mark Russinovich                        
Website: http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx
Current version: 11.33
Last updated: February 4, 2009
Direct D/L link: http://download.sysinternals.com/Files/ProcessExplorer.zip
License type: Free
Description: The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Process Hacker
Rating: 5.0 (1 vote)
Author: wj32                        
Website: http://processhacker.sourceforge.net
Current version: 2.33
Last updated: December 27, 2013
Direct D/L link: http://processhacker.googlecode.com/files/processhacker-2.33-bin.zip
License type: Open Source (GNU General Public License V3)
Description: Process Hacker is a feature-packed tool for manipulating processes and services on your computer.

Key features of Process Hacker:
- A simple, customizable tree view with highlighting showing you the processes running on your computer.

- Detailed performance graphs.

- A complete list of services and full control over them (start, stop, pause, resume and delete).

- A list of network connections.

- Comprehensive information for all processes: full process performance history, thread listing and stacks with dbghelp symbols, token information, module and mapped file information, virtual memory map, environment variables, handles, ...

- Full control over all processes, even processes protected by rootkits or security software. Its kernel-mode driver has unique abilities which allows it to terminate, suspend and resume all processes and threads, including software like IceSword, avast! anti-virus, AVG Antivirus, COMODO Internet Security, etc. (just to name a few).

- Find hidden processes and terminate them. Process Hacker detects processes hidden by simple rootkits such as Hacker Defender and FU.

- Easy DLL injection and unloading - simply right-click a process and select "Inject DLL" to inject and right-click a module and select "Unload" to unload!

- Many more features...
Also listed in: Malware Analysis Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: MALM: Malware Monitor
Rating: 0.0 (0 votes)
Author: Geoff McDonald                        
Website: http://www.split-code.com/
Current version: v1.2
Last updated: December 16, 2012
Direct D/L link: http://www.split-code.com/files/malm-v1_2.zip
License type: Freeware
Description: MALM is a 32 and 64bit Windows OS command-prompt tool for monitoring malware. It monitors:
- New processes
- New modules in existing processes
- New executable heaps in existing processes.

As it notices changes, MALM will output observations to the console. When MALM is terminated by CTRL-C, it will generate a final report of it's findings.

This tool is particularly useful for monitoring where the malware resides after execution, since malware often injects itself into other processes.
Also listed in: Malware Analysis Tools, Memory Data Tracing Tools, Monitoring Tools, System Diff Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Malcode Analysis Pack
Rating: 0.0 (0 votes)
Author: David Zimmer (iDefense Labs)                        
Website: http://sandsprite.com/blogs/index.php?uid=7&pid=185
Current version:
Last updated: May 5, 2012
Direct D/L link: http://sandsprite.com/CodeStuff/map_setup.exe
License type: GPL2
Description: Update: This is no longer available through the iDefense website. An updated package has been made available by the author.

The Malcode Analyst Pack contains a series of utilities that were found to be necessary tools while doing rapid malcode analysis.

Included in this package are:

• ShellExt - 5 explorer shell extensions
• socketTool - manual TCP Client for probing functionality.
• MailPot - mail server capture pot
• fakeDNS - spoofs dns responses to controlled ip's
• sniff_hit - HTTP, IRC, and DNS sniffer
• sclog - Shellcode research and analysis application
• IDCDumpFix - aids in quick RE of packed applications
• Shellcode2Exe - embeds multiple shellcode formats in exe husk
• GdiProcs - detect hidden processes
• finddll - scan processes for loaded dll by name
• Virustotal - virus reports for single and bulk hash lookups. Explorer integration
Also listed in: API Monitoring Tools, Import Editors, Malware Analysis Tools, Network Sniffers, Network Tools, Reverse Engineering Frameworks, TCP Proxy Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Process Lasso
Rating: 0.0 (0 votes)
Author: Jeremy Collake                        
Website: http://www.bitsum.com/prolasso.php
Current version: 3.62
Last updated: July 18, 2009
Direct D/L link: http://www.bitsum.com/files/prolasso.zip
License type: Free
Description: Process Lasso is a unique new technology intended to automatically adjust the allocation of CPU cycles so that system responsiveness is improved in high-load situations. It does this by dynamically temporarily lowering the priorities of processes that are consuming too many CPU cycles, there-by giving other processes a chance to run if they are in need. This is useful for both single and multi-core processors. No longer will a single process be able to bring your system to a virtual stall.

In addition, Process Lasso offers capabilities such as default process priorities, termination of disallowed processes, and logging of processes executed.
Supporting users are able to download all past and future builds of Process Lasso and have are given a specially labelled version of Process Lasso
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Process Monitor
Rating: 0.0 (0 votes)
Author: Mark Russinovich and Bryce Cogswell                        
Website: http://www.microsoft.com/technet/sysinternals/FileAndDisk/processmonitor.mspx
Current version: 2.7
Last updated: September 18, 2009
Direct D/L link: http://download.sysinternals.com/Files/ProcessMonitor.zip
License type: Free
Description: Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
Also listed in: File Monitoring Tools, Registry Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (20)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (22)
   Needs New Category  (3)