View contents of whats in memory
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: View contents of whats in memory

  1. #1
    Member
    Join Date
    Nov 2003
    Posts
    30

    View contents of whats in memory

    Can anyone suggest a program that will allow me to view the contents of what in memory. I would like to view what a program may be doing or be able to find programs I am not aware about that are running... I.e. Key loggers and so on. thanks

    Critter

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    A good start is:

    http://www.merijn.org/downloads.html

    "Hijack This" and "Startuplist"

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Senior Member
    Join Date
    May 2003
    Posts
    407
    Umm, maybe a little obvious but Ctrl + Alt + Delete show a lot of memory processes, a lot of basic keyloggers are visible on that list. Like i said, a little obvious, but whatever....



    slick
    \"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller

  4. #4
    Member
    Join Date
    Nov 2003
    Posts
    30
    Thanks slick, but i'm look for more detail. The keyloggers i'm worried about don't show up there. I have seen in the past a program that basically would show you the hex of whats in memory. I have forgotten the name of the program since then. I read one time an article of how someone could crack software serials by looking in memory at certain locations. Thats not what i'm looking to do now but that gives you an idea along the lines of what i need to see.

    Critter

  5. #5
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    IMHO "Hijack This" is about as good as you will get without paying...............are you prepared to pay?........are you a commercial customer?...........that is a whole new ball game, so to speak.

    I tend only to mention freeware, or free to private users, because I know that a lot of people on this site are students, and have a budget

    The other one tells you what will startup with your computer, so is complimentary.

    IMHO you do not need to look at HEX............that is a bit old fashioned?, we have nice GUI interfaces now..............sit back and enjoy?


    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #6
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    A debugger will allow you to edit any processes which are yours (or have debug rights too) you can use something like tlist.exe (Win Resource Kit) to view processes(and whats inside) to find the process and and atttach a debugger to it (I use Numega SoftICE on Windows, linux has free ones )

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  7. #7
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    You could try WinTasks 4 . It's a free trial download that will show you every process that is running on the machine, even "stealthed" processes. It will also give you details on the process, like the program name, alias, purpose, know bugs, known vulnerabilities, how to remove, etc. It updates via the web like a virus scanner to get new process signatures, too.

  8. #8
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    I second SoftIce. If you want to pay for a debugger, then SoftIce is your best bet. A little complex true, but an amazing piece of software. Also, what OS are you using? I have yet to see a process that doesn't show up in the Win2K/XP list. The only way to do that would be to write it as a driver. A little too complex, and unless you were r00ted you would have to install it.
    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  9. #9
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    A very handy program, although most people forget about this function of it, is HackMan Hex Editor from http://www.technologismiki.com/en/index-h.html. It is an extremely handy little program, beyond opening files to be hex edited, you can also open your RAM and view it and everything contained in it. Definately a very handy app to have around.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  10. #10
    Member
    Join Date
    Nov 2003
    Posts
    30
    thanks for all the suggestions everyone, escpecially HTRegz. that is very close to what i'm looking for. I found another one called Winhex which is pretty good. Still not the exact one i was looking for but pretty darn close. I knew someone on this site would know. thanks

    Critter

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides