Process Monitor 2.02
This major update to Process Monitor adds real-time TCP and UDPmonitoring to its existing process, thread, DLL, file system andregistry monitoring.
Process Monitor v2.02By Mark Russinovich and Bryce CogswellPublished: October 30, 2008
IntroductionProcess Monitoris an advanced monitoring tool for Windows that shows real-time filesystem, Registry and process/thread activity. It combines the featuresof two legacy Sysinternals utilities, Filemon and Regmon,and adds an extensive list of enhancements including rich andnon-destructive filtering, comprehensive event properties such sessionIDs and user names, reliable process information, full thread stackswith integrated symbol support for each operation, simultaneous loggingto a file, and much more. Its uniquely powerful features will makeProcess Monitor a core utility in your system troubleshooting andmalware hunting toolkit.
Process Monitor Enhancements over Filemon and RegmonProcess Monitor's user interface and options are similar to those of Filemon and Regmon, but it was written from the ground up and includes numerous significant enhancements, such as:
- Monitoring of process and thread startup and exit, including exit status codes
- Monitoring of image (DLL and kernel-mode device driver) loads
- More data captured for operation input and output parameters
- Non-destructive filters allow you to set filters without losing data
- Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation
- Reliable capture of process details, including image path, command line, user and session ID
- Configurable and moveable columns for any event property
- Filters can be set for any data field, including fields not configured as columns
- Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data
- Process tree tool shows relationship of all processes referenced in a trace
- Native log format preserves all data for loading in a different Process Monitor instance
- Process tooltip for easy viewing of process image information
- Detail tooltip allows convenient access to formatted data that doesn't fit in the column
- Cancellable search
- Boot time logging of all operations
Thebest way to become familiar with Process Monitor's features is to readthrough the help file and then visit each of its menu items and optionson a live system.
Screenshots
Download Process Monitor (1.2 MB)
Autoruns 9.35
ThisAutoruns update adds additional autostart locations, includinglsastart, s0initialization, savedumpstart, and servicecontrollerstart,and fixes several bugs.
AutoRuns for Windows v9.35By Mark Russinovich and Bryce CogswellPublished: October 16, 2008
IntroductionThisutility, which has the most comprehensive knowledge of auto-startinglocations of any startup monitor, shows you what programs areconfigured to run during system bootup or login, and shows you theentries in the order Windows processes them. These programs includeones in your startup folder, Run, RunOnce, and other Registry keys. Youcan configure Autoruns to show other locations, includingExplorer shell extensions, toolbars, browser helper objects, Winlogonnotifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.
Autoruns' Hide Signed Microsoft Entriesoption helps you to zoom in on third-party auto-starting images thathave been added to your system and it has support for looking at theauto-starting images configured for other accounts configured on asystem. Also included in the download package is a command-lineequivalent that can output in CSV format, Autorunsc.
You'll probably be surprised at how many executables are launched automatically!
Autoruns works on Windows 2000 SP4 Rollup 1 or above.
Screenshot
UsageSee the November 2004 issue of Windows IT Pro Magazine for Mark's article that covers advanced usage of Autoruns . If you have questions or problems, visit the Sysinternals Autoruns Forum.
Simply run Autorunsand it shows you the currently configured auto-start applications aswell as the full list of Registry and file system locations availablefor auto-start configuration. Autostart locations displayed by Autorunsinclude logon entries, Explorer add-ons, Internet Explorer add-onsincluding Browser Helper Objects (BHOs), Appinit DLLs, image hijacks,boot execute images, Winlogon notification DLLs, Windows Services andWinsock Layered Service Providers. Switch tabs to view autostarts fromdifferent categories.
To view the properties of an executable configured to run automatically, select it and use the Properties menu item or toolbar button. If Process Explorer is running and there is an active process executing the selected executable then the Process Explorer menu item in the Entry menu will open the process properties dialog box for the process executing the selected image.
Navigateto the Registry or file system location displayed or the configurationof an auto-start item by selecting the item and using the Jump menu item or toolbar button.
To disable an auto-start entry uncheck its check box. To delete an auto-start configuration entry use the Delete menu item or toolbar button.
Select entries in the User menu to view auto-starting images for different user accounts.
More information on display options and additional information is available in the on-line help.
Autorunsc UsageAutorunsc is the command-line version of Autoruns. Its usage syntax is:
Usage: autorunsc [-a] | [-c] [-b] [-d] [-e] [-g] [-h] [-i] [-l] [-m] [-n] [-p] [-r] [-s] [-v] [-w] [-x] [user]
| -a | Show all entries. | | -b | Boot execute. | | -c | Print output as CSV. | | -d | Appinit DLLs. | | -e | Explorer addons. | | -g | Sidebar gadgets (Vista and higher). | | -h | Image hijacks. | | -i | Internet Explorer addons. | | -l | Logon startups (this is the default). | | -m | Hide signed Microsoft entries. | | -n | Winsock protocol and network providers. | | -p | Printer monitor drivers. | | -r | LSA providers. | | -s | Autostart services and non-disabled drivers. | | -t | Scheduled tasks. | | -v | Verify digital signatures. | | -w | Winlogon entries. | | -x | Print output as XML. | | user | Specifies the name of the user account for which autorun items will be shown. |
Download Autoruns and Autorunsc
(562 KB) |
发表于 2008-11-14 15:22:24
发表于 2008-11-14 22:32:54
楼主
