Skip to content

Process Inspection

merces edited this page May 30, 2023 · 1 revision

Rohitab API Monitor allows you to select function categories you want to monitor. It supports breakpoints, has a memory editor and many features. It also supports monitoring functions from a user-specified DLL.

Monitor the filesystem for newly created files and optionally copy them to a specified destination. Useful when malware temporarily creates files such as encryption keys or settings in the filesystem or when it has self-deletion capabilities.

Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).

This tools is like strace but for Windows PE32 files (yeah, 32-bit only for now).

PE-sieve is a tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches. It detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc. Open a Command Prompt and type:

pe-sieve /help

Pavel Yosifovich's process monitor.

Excellent process monitor formerly known as Process Hacker.

Detailed view of system structures for Windows processes.

Clone this wiki locally