From Collaborative RCE Tool Library

Jump to: navigation, search

Regmon Extensions


Tool name: Regmon and Filemon Log Duplicate Remover
Rating: 4.0 (1 vote)
Author: Kayaker                        
Website: N/A
Current version: 1.0
Last updated: November 11, 2002
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Designed to remove duplicate entries (at a designated filtering level) in Regmon and Filemon logs so it becomes humanly possible to scan large multi-thousand line logs for unique occurrences of a registry or file path being accessed.

The application parses the "Path" string of each entry and cuts it off at a subdirectory (\) level set by the user (Filter Level). A CRC32 value is then calculated on the remaining string. Any further occurrences of the same CRC32 value are considered "duplicates" and are discarded.

The string the CRC32 value is calculated on is actually a combination of the Process, plus the filtered Path string, and optionally the Request (CreateKey, OpenKey, QueryValueEx, etc.). Entries with one or more CLSID {} values can be handled separately so unique values are preserved irregardless of the Filter Level chosen.

Of course only the first occurrence is kept and is really only the "root" of the Path entry (unless you choose a Filter Level setting of 0), but by selecting a series of Filter Level settings you can choose the degree of detail you want to reveal.

Full MASM source is included.
Also listed in: Filemon Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (19)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (20)
   Needs New Category  (3)