![]() WinObj is a 32-bit Windows NT application that utilizes the native Windows NT API (provided by NTDLL.DLL) to access and display information from the NT Object Manager’s name space: ![]() These could be viewed using the WinObj tool from Sysinternals. It is also essential to comprehend the various kernel objects provided by the Microsoft Windows operating system. In the main window, the processes are displayed in a tree format, and on the right, the CPU and memory used by each process, as well as the process ID, are displayed: It could be used for system troubleshooting, memory leak detection, and investigations. Process explorer can also be used to monitor which DLLs and handles are opened by a process. Is a sophisticated task manager that can be utilized to learn more about active processes. We will be using Sysinternals extensively throughout Windows Internals, Malware Analysis and Vulnerability Research articles consequently, we recommend reading Mark Russinovich’s blog entries for more information and examples of how they assisted with trojans, ransomware, and even APTs.Īnother useful resource is the book “Troubleshooting with the Windows Sysinternals Tools”, which details the in-depth use of the tools: These programs are useful not just for managing, diagnosing, troubleshooting, and monitoring a Microsoft Windows environment, but also for Malware Analysts and Threat Hunters. ![]() Sysinternals is a suite of free products that was founded by Bryce Cogswell and Mark Russinovich in 1996 and later acquired by Microsoft.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |