kailasa108
2007-01-13, 02:01
Do you have or know where I can get a tool that shows which registry keys/dll files/other files a program is reading as it starts and executes?
Thanks!!! :spider:
md usa spybot fan
2007-01-13, 08:36
You could try some of the former Sysinternals Utilities such as Regmon and Filemon. I personally have not re-download these utilities since Microsoft acquired Sysinternals in July 2006. Look here:
Windows Sysinternals
http://www.microsoft.com/technet/sysinternals/default.mspx
The two utilities that I mentioned are Regmon (http://www.microsoft.com/technet/sysinternals/SystemInformation/Regmon.mspx) and Filemon (http://www.microsoft.com/technet/sysinternals/FileAndDisk/Filemon.mspx). Both programs have filters so that you can limit the output to a single program.
To find what Dynamic Link Libraries (dlls) are being use by a program, go into Spybot > Mode > Advanced mode > Tools > Process list. Select (left click) the program you are interested in and then click on the "Loaded modules" tab at the bottom of the Process list screen.
kailasa108
2007-01-14, 08:18
Thanks a lot MD. I like your signature! :bigthumb:
kailasa108
2007-01-14, 09:27
Hey MD - you might want to check out SysInternals again. They have a new program that supersedes RegMon and FileMon - Here's an overview:
Process Monitor v1.01
By Mark Russinovich and Bryce Cogswell
Published: November 9, 2006
Introduction
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 SP1 and Windows Vista.
Direct link is:
(http://www.microsoft.com/technet/sysinternals/processesandthreads/processmonitor.mspx)
Thanks again for your help!
:spider: