From Collaborative RCE Tool Library

Jump to: navigation, search

Regmon and Filemon Log Duplicate Remover

Tool name: Regmon and Filemon Log Duplicate Remover
Rating: 4.0 (1 vote)
Author: Kayaker                        
Website: N/A
Current version: 1.0
Last updated: November 11, 2002
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Designed to remove duplicate entries (at a designated filtering level) in Regmon and Filemon logs so it becomes humanly possible to scan large multi-thousand line logs for unique occurrences of a registry or file path being accessed.

The application parses the "Path" string of each entry and cuts it off at a subdirectory (\) level set by the user (Filter Level). A CRC32 value is then calculated on the remaining string. Any further occurrences of the same CRC32 value are considered "duplicates" and are discarded.

The string the CRC32 value is calculated on is actually a combination of the Process, plus the filtered Path string, and optionally the Request (CreateKey, OpenKey, QueryValueEx, etc.). Entries with one or more CLSID {} values can be handled separately so unique values are preserved irregardless of the Filter Level chosen.

Of course only the first occurrence is kept and is really only the "root" of the Path entry (unless you choose a Filter Level setting of 0), but by selecting a series of Filter Level settings you can choose the degree of detail you want to reveal.

Full MASM source is included.
Related URLs: No related URLs have been submitted for this tool yet

RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!

If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)

Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (20)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (22)
   Needs New Category  (3)