Can anyone suggest a program that will allow me to view the contents of what in memory. I would like to view what a program may be doing or be able to find programs I am not aware about that are running... I.e. Key loggers and so on. thanks
Critter
Printable View
Can anyone suggest a program that will allow me to view the contents of what in memory. I would like to view what a program may be doing or be able to find programs I am not aware about that are running... I.e. Key loggers and so on. thanks
Critter
A good start is:
http://www.merijn.org/downloads.html
"Hijack This" and "Startuplist"
Cheers
Umm, maybe a little obvious but Ctrl + Alt + Delete show a lot of memory processes, a lot of basic keyloggers are visible on that list. Like i said, a little obvious, but whatever....
slick
Thanks slick, but i'm look for more detail. The keyloggers i'm worried about don't show up there. I have seen in the past a program that basically would show you the hex of whats in memory. I have forgotten the name of the program since then. I read one time an article of how someone could crack software serials by looking in memory at certain locations. Thats not what i'm looking to do now but that gives you an idea along the lines of what i need to see.
Critter
IMHO "Hijack This" is about as good as you will get without paying...............are you prepared to pay?........are you a commercial customer?...........that is a whole new ball game, so to speak.
I tend only to mention freeware, or free to private users, because I know that a lot of people on this site are students, and have a budget :(
The other one tells you what will startup with your computer, so is complimentary.
IMHO you do not need to look at HEX............that is a bit old fashioned?, we have nice GUI interfaces now..............sit back and enjoy?
Cheers
A debugger will allow you to edit any processes which are yours (or have debug rights too) you can use something like tlist.exe (Win Resource Kit) to view processes(and whats inside) to find the process and and atttach a debugger to it (I use Numega SoftICE on Windows, linux has free ones :) )
-Maestr0
You could try WinTasks 4 . It's a free trial download that will show you every process that is running on the machine, even "stealthed" processes. It will also give you details on the process, like the program name, alias, purpose, know bugs, known vulnerabilities, how to remove, etc. It updates via the web like a virus scanner to get new process signatures, too.
I second SoftIce. If you want to pay for a debugger, then SoftIce is your best bet. A little complex true, but an amazing piece of software. Also, what OS are you using? I have yet to see a process that doesn't show up in the Win2K/XP list. The only way to do that would be to write it as a driver. A little too complex, and unless you were r00ted you would have to install it.
Cheers,
cgkanchi
A very handy program, although most people forget about this function of it, is HackMan Hex Editor from http://www.technologismiki.com/en/index-h.html. It is an extremely handy little program, beyond opening files to be hex edited, you can also open your RAM and view it and everything contained in it. Definately a very handy app to have around.
thanks for all the suggestions everyone, escpecially HTRegz. that is very close to what i'm looking for. I found another one called Winhex which is pretty good. Still not the exact one i was looking for but pretty darn close. I knew someone on this site would know. thanks
Critter
Yeah,
Winhex is what I was thinking of, but you have to pay for it?
I would not be happy if software serial numbers were stored in RAM, there is no reason for them to be. The only time I would expect it to happen would be when you first installed the software? It would be a waste of resource?
I believe that by far the most vulnerable part of memory is the swap or page file.........all sorts of stuff lives in there, including passwords!
Cheers