Collaborative RCE Tool Library - Process Monitoring Tools (including sub-categories)

Tool Updated: Process Monitor

2009-09-19T12:30:27Z

Listed in categories: File Monitoring Tools, Process Monitoring Tools, Registry Monitoring Tools

Most recent version:
2.7

Most recent release date:
September 18, 2009

Description:
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Tool Updated: Process Hacker

2009-08-22T13:51:09Z

Listed in categories: Malware Analysis Tools, Process Monitoring Tools

Most recent version:
1.4

Most recent release date:
August 22, 2009

Description:
Process Hacker is a feature-packed tool for manipulating processes and services on your computer.

Key features of Process Hacker:
- A simple, customizable tree view with highlighting showing you the processes running on your computer.

- Detailed performance graphs.

- A complete list of services and full control over them (start, stop, pause, resume and delete).

- A list of network connections.

- Comprehensive information for all processes: full process performance history, thread listing and stacks with dbghelp symbols, token information, module and mapped file information, virtual memory map, environment variables, handles, ...

- Full control over all processes, even processes protected by rootkits or security software. Its kernel-mode driver has unique abilities which allows it to terminate, suspend and resume all processes and threads, including software like IceSword, avast! anti-virus, AVG Antivirus, COMODO Internet Security, etc. (just to name a few).

- Find hidden processes and terminate them. Process Hacker detects processes hidden by simple rootkits such as Hacker Defender and FU.

- Easy DLL injection and unloading - simply right-click a process and select "Inject DLL" to inject and right-click a module and select "Unload" to unload!

- Many more features...

Tool Updated: Process Lasso

2009-07-19T05:11:12Z

Listed in categories: Process Monitoring Tools

Most recent version:
3.62

Most recent release date:
July 18, 2009

Description:
Process Lasso is a unique new technology intended to automatically adjust the allocation of CPU cycles so that system responsiveness is improved in high-load situations. It does this by dynamically temporarily lowering the priorities of processes that are consuming too many CPU cycles, there-by giving other processes a chance to run if they are in need. This is useful for both single and multi-core processors. No longer will a single process be able to bring your system to a virtual stall.

In addition, Process Lasso offers capabilities such as default process priorities, termination of disallowed processes, and logging of processes executed.
Supporting users are able to download all past and future builds of Process Lasso and have are given a specially labelled version of Process Lasso

Tool Updated: Process Explorer

2009-07-18T23:10:58Z

Listed in categories: Process Monitoring Tools

Most recent version:
11.33

Most recent release date:
February 4, 2009

Description:
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

Tool Updated: Malcode Analysis Pack

2007-12-26T17:48:34Z

Listed in categories: API Monitoring Tools, Import Editors, Malware Analysis Tools, Network Sniffers, Network Tools, Process Monitoring Tools, Reverse Engineering Frameworks, TCP Proxy Tools

Most recent version:

Most recent release date:
November 13, 2006

Description:
The Malcode Analyst Pack contains a series of utilities that were found to be necessary tools while doing rapid malcode analysis.

Included in this package are:

• ShellExt - 4 explorer shell extensions
• socketTool - manual TCP Client for probing functionality.
• MailPot - mail server capture pot
• fakeDNS - spoofs dns responses to controlled ip's
• sniff_hit - HTTP, IRC, and DNS sniffer
• sclog - Shellcode research and analysis application
• IDCDumpFix - aids in quick RE of packed applications
• Shellcode2Exe - embeds multiple shellcode formats in exe husk
• GdiProcs - detect hidden processes