Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Tool Check - Windows98

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885

    Tool Check - Windows98

    Before I begin, please note that the scope of the request is limited to Windows98 only.

    Anyway,

    I have a very nice set of tools that I use to identify known/unknown malware/bots/spyware/etc.., however, the one thing I lack is a *very* good tool for process exploring on a Win98 host.

    For instance, TCPView on 98 shows you all of the connections but unlike the Win32 version, it will not show you the path to the EXE associated with the process. While this certainly isn't a deal breaker for sr. engineers, many of my juniors sit at the host puzzled on where to go next when they encounter this. My goal is to get a Win98 process explorer that behaves exactly like TCPView does in a Win32 environment. That is, a tool that will provide a path to the EXE associated with a running process.

    Do any of you have experience with a particular tool that meets this criteria? I'm certainly open to try anything that will allow me to produce an all-in-one USB toolkit for my junior staff.

    Thanks in advance as always.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmm,

    Not too sure Hoss, but WinPatrol provides quite a bit of information, also there are some tools here:

    http://www.karenware.com/powertools/powertools.asp

    I am afraid I am not running a Win98 box at the moment, I will try and fire one up over the week-end and get back to you.




  3. #3
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Have not tried this myself, but maybe worth a look,
    here you go: http://www.teamcti.com/pview/
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  4. #4
    Senior Member hesperus's Avatar
    Join Date
    Jan 2005
    Posts
    416
    This works great in XP, says it works in 9X also :

    http://www.sysinternals.com/Utilitie...sExplorer.html

    Shows paths and registry keys as well.

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    [quoteHave not tried this myself, but maybe worth a look,
    here you go: http://www.teamcti.com/pview/[/quote]

    Thanks Jinxy. This is pretty close. It lacks the connection table information which if it had, would be perfect.

    This works great in XP, says it works in 9X also :

    http://www.sysinternals.com/Utiliti...ssExplorer.html

    Shows paths and registry keys as well.
    Yea, I'm VERY familiar with this tool. It doesn't do what I need it to though.

    Thanks.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    this looks like what your asking for

    im not sure i understand what you mean by "connection table info"...ports to app to location? like fport?(which i know is not for 9x)

    they say it works under XP-9x but i dont have any 9x boxen at the moment. here's the download page with a screen shot:

    http://www.pcworld.com/downloads/fil...id,6102,00.asp


    fport and similar tool rely on rpc/dcom to gather information. maybe if you upgraded the dcom component tools like fport might work:

    http://www.microsoft.com/downloads/d...DisplayLang=en

    just a guess and not knowing how many machines your talking about
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    I have roughly 2,000 Win98 hosts scattered over 350 locations. At any moment, one could become infected with a bot. When using TCPView on a Win32 system, I see the local IP address and port, remote IP address and port and I also have the ability to look at the full path to the EXE of the process that is responsible for the connection. Basically, I want a tool for Win98 that behaves precisely the way the TCPView does on Win32.

    Make sense?

    Thanks for the feedback.

    --TH13

    I really hope I don't have to write my own.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi Hoss:

    http://www.sysinternals.com/Utilities/TcpView.html

    If you look down the bottom you will see that they claim that the "Pro" version of TCPView does what you are saying for Win 9x

    No idea if it works, or how much it costs, but it might be worth a look.


  9. #9
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Yeah, it certainly does what I need but they want $1,200 US plus $250 a year maintenance. I was hoping for something free, especially since Win98 will be gone from my environment in 18 months.

    thanks for your efforts.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    http://lists.gpick.com/pages/Port_Tools.htm

    This site has quite a few tools that might do the job. The stuff from DiamondCS, for example?

    I can see your problem, you have one hell a lot of Win98 boxes in a networked environment. Mostly I have only encountered a few laptops (the power management thing).

    The downside seems to be that there is not a lot of network tools that run on Win98, and those that there are, are only free to private users

    How many junior staff do you have? I seem to recall that DiamondCS do "roving licences" maybe that would be an affordable option if it does the job?


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •