Microsoft ProcMon - Maitiro Monitor eLinux

Isaac

6 maminitsi

Mawindo eWindows neLinux, ProcMon

Microsoft vaida kutengesa kuti vane rudo rusina chokwadi rweLinux, kutaura zvazviri, ivo vakabatsira mukusimudzira kernel yekubatanidza, semuenzaniso, yavo HyperV. Zvakare, sekuziva kwako, ivo inhengo dzeLinux Foundation, uye vakatenga yakakurumbira yakavhurika sosi chikuva GitHub. Kune izvi isu tinofanirwa kuwedzera kuti zvimwe zvirongwa zvakaita seEdge, PowerShell, ProcMon, nezvimwe zviri kutakura, yakavhurika FAT, zvakare kushandisa muGNU / Linux kana kuti ivo vakabatanidza Linux subsystem mukati mavo Windows 10 ...

Asi chenjera usavhiringidze rudo nechimbadzo, uye chii chinotyaira Microsoft inofarira chaicho. Kunyangwe zvese zviito zvekuita zvairi, ichiri kambani inotsvaga purofiti, uye ichagara ichizvitsvaga. Kana izvo zvichireva kuswedera padhuze neLinux zvinozoita, uye kana izvo zvichireva kutama zvinobva zvaitikawo. Usazeze.

Background

windows 95 logo

Handizive kana iwe uchiziva kuti Microsoft yanga ichiedza imwe yavo ngano maWindows 95 maficha muWindows 10. Ino yazvino Redmond inoshanda sisitimu yave mhando yekuburitsa kuburitsa iyo yavari kuita kumwe kuyedza senge izvi izvo izvo izvo vashandisi vavo vangangoda zvakanyanya kana zvishoma.

Mamwe a zvirongwa Mahwindo 95 akanunurwa nhasi, sezvo iwo ave kuwana kukosha. Semuenzaniso, Image Resizer, inova inoshanda zvakanyanya kumifananidzo inofanirwa kuiswa pasocial network, nezvimwe. Muchidimbu, iye anoda kuunza akateedzana ake PowerToys kune yayo yazvino system ine kumwe kuvandudzwa uye kuchinjika kune iyo nyowani nguva.

Pakati pe PowerToy Zvishandiso ndivo:

  • FancyZones
  • Image Resizer
  • Dhijitari maneja
  • PowerRename
  • etc.

Zvakanaka, kunze kweizvozvo, kune zvimwewo open source maturusi iyo Microsoft ine paGitHub, uye mimwe yacho zvakare yeGNU / Linux.

ProcMon kana Maitiro Monitor

Maitiro Monitor Windows

Chimwe chishandiso chakaburitswa neMicrosoft kodhi yekodhi uye iwe unayo paGitHub iri Maitiro Monitor kana ProcMon. Chishandiso chemazuva ano cheWindows chinoshandiswa kuongorora nekuratidzira chiitiko cheMicrosoft Windows inoshanda sisitimu munguva chaiyo, kunyanya kuverenga chiitiko kubva kuRegistry yeWindows.

Kunyanya inonakidza kune sysadmins, forensics uye debugging. Zvemabasa anogona kubva pane kungoziva iko kuita kwesystem, kutadza kuwana kuyedza (kuverenga / kunyora) mune registry makiyi ekuona matambudziko, kusefa nemakiyi, maitiro, ID, kana chaiwo hunhu kuti uwane izvo zvauri kutsvaga , ziva kushandiswa kwemasimba emaraibhurari eDLL anoshandiswa nema software software, kuona FS kana faira system zvikanganiso, nezvimwe.

Ichi chinoshandiswa chaive icho mhedzisiro yekubatanidza maviri eakare maturusi iyo Microsoft yakamboshandisa uye inonzi:

  • Filemon- Yakagadzirwa naMark Russinovich naBryce Cogswell, vaviri vashandi veNuMega Technologies. Izvi zvakazove SysInternals uye zvakatengwa neMicrosoft muna 2006. Zita rayo chibvumirano cheFaira + Monitor, uye sezita rayo zvarinoratidza kuti rakazvipira kuongorora faira system chiitiko.
  • RegMon: munin'ina wake mapatya anogoverana mabviro akafanana. Mune ino kesi, yaive yakanangana neongororo yekuongorora uchishandisa data kubva kuRejista yeWindows. Zita rayo rinouya kubva pakuratidzika kweRegistry + Monitor.

Mushure mekubatanidzwa mune imwe, ProcMon yaizoburitswa yeWindows 2000 kekutanga uyezve yeWindows XP SP2, kupedzisa kugadzirisirwa vhezheni dzinotevera. Asi kunyangwe yaive freeware, yakanga isiri open source kusvikira zvino.

ProcMon yeLinux

Unogona kufunga kuti nei ndiri kukuudza zvese izvi, uye kuti hazvinei neLinux kunyangwe yakavhurwa. Asi chokwadi ndechekuti izvi hazvisizvo, nekuti pane vhezheni ye ProcMon inowanikwawo neLinux. Naizvozvo, kana iwe uchida uye uchida kuyedza chishandiso ichi zvakare pane yako GNU / Linux distro, kubva ikozvino zvichienda iwe unogona.

ProcMon ndeye kuchinjika kutsva kweiyo yakasarudzika yeProcMon Sysinternals yekutanga. Uku ndekwekupa vanogadzira nzira inoshanda yekutarisa kana kuteedzera zvinoitwa nesystem mafoni (syscalls). Asi chokwadi, muLinux hamuna Windows-dhizaini rejista, saka harisi doko rakareruka, ndosaka uchifanira kushandisa BCC (BPF Compiler Unganidzo), ndiko kuti, turusi rekushandisa, kana boka rezvishandiso, kumanikidza uye kutsvaga kwezvirongwa zveLinux kernel.

Pamusoro pezvo, Microsoft yakaburitsa kodhi yacho mu GitHub pasi peMIT rezinesi. Nenzira, kodhi yekodhi yakanyorwa ichishandisa mutauro weC ++.

Isa ProcMon

Kutanga, chinhu chekutanga chichava gadza ProcMon mune yako yaunoda distro. Iwe unofanirwa kuziva kuti ine akateedzana ekutsamira aunofanirwa kugutsa zvisati zvaitika. Zvakare, kunyangwe iyo kodhi kodhi ichingotaura nezveUbuntu, inogona kushanda kune mamwe ma distros futi.

Chinhu chekutanga kuita ndeche gutsa kutsamira izvo zviri zvitatu.

  • BCC (BPF Muunganidzwa Unganidzo)
  • cmake (kuvaka kodhi)
  • libsqlite3-dev (SQL database injini)

Kuti uite izvi, unogona mhanya unotevera mirairo:

sudo apt-get -y install bison build-essential flex git libedit-dev libllvm6.0 llvm-6.0-dev libclang-6.0-dev python zlib1g-dev libelf-dev


git clone --branch tag_v0.10.0 https://github.com/iovisor/bcc.git
mkdir bcc/build
cd bcc/build
cmake .. -DCMAKE_INSTALL_PREFIX=/usr
make
sudo make install

Nezvo isu tinenge tatova neanoenderana, anotevera angave ekuenda ProcMon pachake:

git clone https://github.com/Microsoft/Procmon-for-Linux
cd Procmon-for-Linux
mkdir build
cd build
cmake ..
make

Kana iwe uchida iwe unogona zvakare gadzira iyo DEB package ProcMon muUbuntu nenzira yakapusa:

cd build
cpack ..

Shandisa ProcMon

Paunenge uchinge waisa, zvinotevera ndizvo tanga kunakidzwa neichi chishandiso. Iko kushandiswa kuri nyore, nekuti haina huwandu hwakawanda hwesarudzo. Iwe zvakare unofanirwa kugara uchifunga kuti inoda ropafadzo, saka iwe unofanirwa kuimhanya semidzi kana, zvirinani, ine Sudo pamberi payo.

La ProcMon syntax kuishandisa kubva kumagumo ndeye:

procmon [opciones]

Kupi [sarudzo] zvichava zvimwe zveizvi:

  • -ho-rubatsiro: ratidza rubatsiro rwechirongwa.
  • -p kana -pids: kuratidza ma comma-akaparadzaniswa maitiro aunoda kuongorora. Unogona chete kushandisa imwe. Ichazotsanangurwa neID yayo, ndiko kuti, nhamba.
  • -eo -zviitiko: comma yakaparadzaniswa runyorwa rwehurongwa hwekufona iwe hwaunoda kuongorora. Unogona kushandisa imwe chete. Iwe unofanirwa kuvatsanangudza nemazita.
  • -co -collect / path / file: tanga kuzivisa mune isina musoro modhi. Ndokunge, pasina maficha echimiro chayo chaunogona kuona mune yapfuura GIF. Iyo inoshanda nzira yekumwe bvunzo kana scripted automation. Iyo nzira inojekesa iyo faira uko kwese zviitiko zveyekuraira kuburitsa zvichanyorwa kuitira kuti iwe ugone kuzviona gare gare.
  • -fo -file / nzira / faira: mhanya ProcMon mepu imwe yakatarwa faira.
  • Hapana sarudzo: wobva watanga ProcMon uye icharatidza ese maitiro ekumhanya uye syscalls pane system.
  • Yakabatanidzwa: sarudzo dzinoverengeka dzinogona kusanganiswa pasina dambudziko.

Kana iwe uchida zvimwe mienzaniso inoshanda, unogona kuona iyi mienzaniso yekuuraya:

sudo procmon

sudo procmon -p 44

sudo procmon -p 44,800

sudo procmon -c /home/registro.db

sudo procmon -p 4 -e read,write,open

sudo procmon -f /home/usuario/programas/prueba

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   Fernando akadaro
    inoita 4 makore

    Ndanga ndichiishandisa paWindows kubva payakabuda. Uye makore akapfuura pakanga paine maturusi mazhinji akafanana.
    Asi iyi yaive iri nyore kuitisa faira, yakapusa uye inoshanda ..

    Ngatione kuti zvinoenderera sei paLinux.

    Pindura Fernando