FileMonitor


FileMon, shown in Figure A-3, is a real-time file system activity monitor. FileMon displays the time of every open, read, write, or delete file system event, the process that initiated the event, the type of event, the full path to the system file, and the status outcome for each file system event. In addition, FileMon contains an “Other” column that can display file size, file attributes, and other event-specific information.

image from book
Figure A-3

Simply execute the File Monitor program file (filemon.exe) and FileMon will immediately begin capturing file system events. You can specify fixed drives, removable drives, read-write drives, network drives, mail slots, and even named pipes. Once you’ve selected the volume type(s) of interest, you can further filter the output for content.

FileMon is very similar to RegMon. Like RegMon, menu items and toolbar buttons can be used to toggle on and off monitoring, disable or filter event capturing, control the scrolling of the main window, and save the contents of the main window to an ASCII file.

FileMon also has RegMon’s capability to go to a specific event location. Simply double-click the event (or use the Explorer Jump toolbar button or the Edit image from book Explorer Jump menu option) and FileMon will open an Explorer window to the file referenced in the event.

Also like RegMon, if you stop scrolling, select an entry from the process of interest, right-click the entry, and select Include Process, then FileMon will only show file system events initiated by that process. Again, this is a great way to determine what your process, or a process under investigation, is doing.




Professional Rootkits
Professional Rootkits (Programmer to Programmer)
ISBN: 0470101547
EAN: 2147483647
Year: 2007
Pages: 229
Authors: Ric Vieler

Similar book on Amazon
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
A Guide to Kernel Exploitation: Attacking the Core
A Guide to Kernel Exploitation: Attacking the Core
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net