January 16th, 2004, 11:00 PM
View contents of whats in memory
Can anyone suggest a program that will allow me to view the contents of what in memory. I would like to view what a program may be doing or be able to find programs I am not aware about that are running... I.e. Key loggers and so on. thanks
January 16th, 2004, 11:03 PM
A good start is:
"Hijack This" and "Startuplist"
January 16th, 2004, 11:35 PM
Umm, maybe a little obvious but Ctrl + Alt + Delete show a lot of memory processes, a lot of basic keyloggers are visible on that list. Like i said, a little obvious, but whatever....
\"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller
January 16th, 2004, 11:51 PM
Thanks slick, but i'm look for more detail. The keyloggers i'm worried about don't show up there. I have seen in the past a program that basically would show you the hex of whats in memory. I have forgotten the name of the program since then. I read one time an article of how someone could crack software serials by looking in memory at certain locations. Thats not what i'm looking to do now but that gives you an idea along the lines of what i need to see.
January 17th, 2004, 12:00 AM
IMHO "Hijack This" is about as good as you will get without paying...............are you prepared to pay?........are you a commercial customer?...........that is a whole new ball game, so to speak.
I tend only to mention freeware, or free to private users, because I know that a lot of people on this site are students, and have a budget
The other one tells you what will startup with your computer, so is complimentary.
IMHO you do not need to look at HEX............that is a bit old fashioned?, we have nice GUI interfaces now..............sit back and enjoy?
January 17th, 2004, 12:57 AM
A debugger will allow you to edit any processes which are yours (or have debug rights too) you can use something like tlist.exe (Win Resource Kit) to view processes(and whats inside) to find the process and and atttach a debugger to it (I use Numega SoftICE on Windows, linux has free ones )
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
January 17th, 2004, 02:12 AM
You could try WinTasks 4 . It's a free trial download that will show you every process that is running on the machine, even "stealthed" processes. It will also give you details on the process, like the program name, alias, purpose, know bugs, known vulnerabilities, how to remove, etc. It updates via the web like a virus scanner to get new process signatures, too.
January 17th, 2004, 05:47 AM
I second SoftIce. If you want to pay for a debugger, then SoftIce is your best bet. A little complex true, but an amazing piece of software. Also, what OS are you using? I have yet to see a process that doesn't show up in the Win2K/XP list. The only way to do that would be to write it as a driver. A little too complex, and unless you were r00ted you would have to install it.
January 17th, 2004, 06:00 AM
A very handy program, although most people forget about this function of it, is HackMan Hex Editor from http://www.technologismiki.com/en/index-h.html. It is an extremely handy little program, beyond opening files to be hex edited, you can also open your RAM and view it and everything contained in it. Definately a very handy app to have around.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
January 17th, 2004, 06:35 AM
thanks for all the suggestions everyone, escpecially HTRegz. that is very close to what i'm looking for. I found another one called Winhex which is pretty good. Still not the exact one i was looking for but pretty darn close. I knew someone on this site would know. thanks