-
Notifications
You must be signed in to change notification settings - Fork 497
Process Inspection
Rohitab API Monitor allows you to select function categories you want to monitor. It supports breakpoints, has a memory editor and many features. It also supports monitoring functions from a user-specified DLL.
Monitor the filesystem for newly created files and optionally copy them to a specified destination. Useful when malware temporarily creates files such as encryption keys or settings in the filesystem or when it has self-deletion capabilities.
Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
This tools is like strace
but for Windows PE32 files (yeah, 32-bit only for now).
PE-sieve is a tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches. It detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc. Open a Command Prompt and type:
pe-sieve /help
Pavel Yosifovich's process monitor.
Excellent process monitor formerly known as Process Hacker.
Detailed view of system structures for Windows processes.