IMicrosoft ProcMon-Inkqubo yokujonga ilinux

Isaac

Imizuzu ye6

Iimpawu zeWindows kunye neLinux, iProcMon

Microsoft Bafuna ukuthengisa ukuba banothando olungaqinisekanga lweLinux, enyanisweni, banegalelo kuphuhliso lwekernel ukudibanisa, umzekelo, iHyperV yabo. Kananjalo, njengoko usazi kakuhle, bangamalungu eLinux Foundation, kwaye bathenga iqonga lomthombo elidumileyo elidumileyo iGitHub. Kule nto kufuneka songeze ukuba ezinye iinkqubo ezinje ngeEdge, iPowerShell, iProcMon, njl.njl zithwele, iFAT evulekileyo, ikwasetyenziselwa i-GNU / Linux okanye ukuba badibanise inkqubo esezantsi yeLinux kuyo Windows 10 ...

Kodwa lumka sukuphambanisa uthando nomdla, kwaye yintoni eqhuba iMicrosoft ngumdla omsulwa. Ngaphandle kwayo yonke le miqondiso iyenzileyo, iseyinkampani efuna inzuzo, kwaye iya kuhlala ibafuna. Ukuba oko kuthetha ukusondela kufutshane neLinux, kwaye ukuba oko kuthetha ukufuduka nako kuya kuba njalo. Sukuthalalisa.

Imvelaphi

Windows 95 ilogo

Andazi ukuba uyazi ukuba iMicrosoft ibivavanya ezinye zazo Iimpawu zeWindows 95 zentsomi KwiWindows 10. Inkqubo yokusebenza yeRedmond yamva nje ibe luhlobo lokukhululwa apho benza ezinye iimvavanyo ezinje ngabasebenzisi babo abanokuzithanda ngaphezulu okanye ngaphantsi.

Abanye be iinkqubo IiWindows 95 zihlangulwe namhlanje, njengoko ngoku zibalulekile. Umzekelo, i-Image Resizer, eya kusebenza kakhulu kwimifanekiso eya kuthunyelwa kwinethiwekhi yoluntu, njl. Ngamafutshane, uzimisele ukuzisa uthotho lwezakhe I-PowerToys kwinkqubo yayo yale mihla kunye nokuphuculwa okuthile kunye nohlengahlengiso kumaxesha amatsha.

Phakathi Izixhobo zePowerToy zi:

  • IifontiZones
  • Isisombululo somfanekiso
  • Umphathi weKhibhodi
  • I-PowerRename
  • njalo

Ewe, ngaphandle koko, kukho ezinye izixhobo zomthombo ovulekileyo iMicrosoft inayo kwi-GitHub, kwaye ezinye zazo ikwayi-GNU / Linux.

I-ProcMon okanye iNkqubo yokuHlola

Inkqubo yokujonga iiWindows

Esinye isixhobo apho iMicrosoft ikhuphe khona ikhowudi yemvelaphi kwaye unayo kwiGitHub Inkqubo yokuHlola okanye iProcMon. Into eluncedo kakhulu yanamhlanje yeWindows esetyenziselwa ukubeka esweni kunye nokubonisa umsebenzi wenkqubo yokusebenza yeWindows yeWindows ngexesha lokwenyani, ngakumbi umsebenzi wokufunda kwirejista yeWindows.

Ngokukodwa inomdla kwii-sysadmins, forensics kunye nokulungisa ingxaki. Imisebenzi enokuthi ivele ngokwazi nje umsebenzi wenkqubo, ukusilela ukufikelela kwimizamo (funda / bhala) kwizitshixo zobhaliso ukufumana iingxaki, isihluzo ngamaqhosha, iinkqubo, i-ID, okanye amaxabiso athile ukufumana into oyifunayo , Yazi ukusetyenziswa kweelayibrari ezinamandla zeDLL ezisetyenziswa zizicelo zesoftware, ukubona iFS okanye iimpazamo zenkqubo yefayile, njl.

Esi sixhobo yayiyi Iziphumo zokudibanisa izixhobo ezimbini ezindala eyayisetyenziswa nguMicrosoft ngaphambili kwaye ibizwa ngokuba:

  • IfayileMon-Yenziwe nguMark Russinovich kunye noBryce Cogswell, abasebenzi ababini beNuMega Technologies. Oku kamva kwaguqulwa kwaba yi-SysInternals kwaye kwathengwa yiMicrosoft ngo-2006.
  • RegMon: Iwele lakhe eli labelana ngemvelaphi efanayo. Kule meko, yayijolise kuhlalutyo lwasenkundleni kusetyenziswa idatha evela kubhaliso lweWindows. Igama lalo livela kwisivumelwano seRegistry + Monitor.

Emva kokudityaniswa, iProcMon izakukhutshelwa iWindows 2000 okokuqala kwaye emva koko iWindows XP SP2, iphele ngokuhlaziywa kwiinguqulelo ezilandelayo. Kodwa nangona yayiyi-freeware, yayingekho umthombo ovulekileyo kude kube ngoku.

IProcMon yeLinux

Unokucinga ukuba kutheni ndikuxelela yonke le nto, kwaye ayinanto yakwenza neLinux nangona ivuliwe. Kodwa inyani kukuba oku akunjalo, kuba kukho ingxelo ye I-ProcMon ikwafumaneka kwiLinux. Ke ngoko, ukuba uyathanda kwaye ufuna ukuzama esi sixhobo nakwi-GNU / Linux distro yakho, ukusukela ngoku unakho.

IProcMon yile ulungelelwaniso olutsha lweProcMon yakudala ISysinternals yoqobo. Oku kukubonelela abaphuhlisi ngendlela efanelekileyo yokujonga okanye ukulandelela umsebenzi weefowuni zenkqubo (ii-syscalls). Kodwa ewe, kwiLinux akukho sitayile seWindows, ke ayisiyo izibuko elilula, yiyo loo nto kufuneka usebenzise iBCC (BPF Umhlanganisi Wengqokelela), oko kukuthi, izixhobo, okanye iqela lezixhobo, ze ukusetyenziswa kunye nokulandelwa kweenkqubo zelinux kernel.

Ukongeza, iMicrosoft ikhuphe ikhowudi kwi GitHub phantsi kwelayisensi yeMIT. Ngendlela, ikhowudi yemvelaphi ebhaliweyo kusetyenziswa ulwimi lweenkqubo zeC ++.

Faka iProcMon

Ukuqala, into yokuqala iya kuba faka iProcMon kwi-distro yakho oyithandayo. Kuya kufuneka uyazi ukuba inothotho lokuxhomekeka ekufuneka unelise kwangaphambili. Kwakhona, nangona iphepha lekhowudi lithetha kuphela nge-Ubuntu, inokusebenza nakwezinye ii-distros.

Into yokuqala yokwenza kukuba yanelisa ukuxhomekeka ezintathu ezisisiseko:

  • I-BCC (ingqokelela ye-BPF yokuhlanganisa)
  • cmake (ukwakha ikhowudi)
  • libsqlite3-dev (Injini yedatha ye-SQL)

Ukwenza oku, unako sebenzisa le miyalelo ilandelayo:

sudo apt-get -y install bison build-essential flex git libedit-dev libllvm6.0 llvm-6.0-dev libclang-6.0-dev python zlib1g-dev libelf-dev


git clone --branch tag_v0.10.0 https://github.com/iovisor/bcc.git
mkdir bcc/build
cd bcc/build
cmake .. -DCMAKE_INSTALL_PREFIX=/usr
make
sudo make install

Ngaloo nto siza kuba nokuxhomekeka, oku kulandelayo kuya kuba kukuya ProcMon ngokwakhe:

git clone https://github.com/Microsoft/Procmon-for-Linux
cd Procmon-for-Linux
mkdir build
cd build
cmake ..
make

Ukuba uyafuna nawe unakho Yakha iphakheji ye-DEB I-ProcMon ku-Ubuntu ngendlela elula:

cd build
cpack ..

Sebenzisa iProcMon

Nje ukuba uyifakile, oku kulandelayo qala ukonwabela esi sixhobo. Ukusetyenziswa kwayo kulula, kuba ayinazixa zininzi zokukhetha. Kuya kufuneka ukhumbule ukuba ifuna amalungelo, ke kuya kufuneka uyiqhube njengengcambu okanye, ngcono, kunye nesudo phambi kwayo.

La Inkqubo ye-ProcMon syntax ukuyisebenzisa ukusuka kwisiphelo sendlela:

procmon [opciones]

Phi [iinketho] ezinye zezi:

  • -ho-nceda: bonisa uncedo lwenkqubo.
  • -p okanye -pids: ukubonisa iinkqubo ezahlulwe nge-comma ofuna ukuzijonga. Ungasebenzisa inye kuphela. Iya kuchazwa nge-ID yayo, oko kukuthi, inani.
  • -eo -events: uluhlu lokwahlula ikhefana lwenkqubo yeefowuni ofuna ukuzijonga. Unokusebenzisa enye kuphela. Kuya kufuneka ubakhankanye ngegama.
  • -co -collect / path / file: start procmon in headless mode. Oko kukuthi, ngaphandle kweempawu zonxibelelwano onokuzibona kwi-GIF yangaphambili. Imowudi efanelekileyo kakhulu yovavanyo oluthile okanye oomatshini ababhaliweyo. Umendo uya kukhankanya ifayile apho yonke imisebenzi yokukhutshwa komyalelo iya kurekhodwa ukuze uyibone kamva.
  • -fo -fayile / indlela / ifayile: sebenzisa iProcMon ukwenza imephu kwifayile ethile.
  • Akukho khetho: emva koko qala iProcMon kwaye iya kubonisa zonke iinkqubo ezisebenzayo kunye neescalls kwinkqubo.
  • Idityanisiwe: iindlela ezininzi zinokudityaniswa ngaphandle kwengxaki.

Ukuba ufuna ezinye imizekelo esebenzayo, uyayibona le mizekelo yokuphumeza:

sudo procmon

sudo procmon -p 44

sudo procmon -p 44,800

sudo procmon -c /home/registro.db

sudo procmon -p 4 -e read,write,open

sudo procmon -f /home/usuario/programas/prueba

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   UFernando sitsho
    yenzayo 4 iminyaka

    Kudala ndiyisebenzisa kwiWindows okoko yaphumayo. Kwaye kule minyaka idlulileyo zazininzi izixhobo ezifanayo.
    Kodwa le yayiyifayile elula ephathekayo, elula nesebenzisekayo ..

    Makhe sibone ukuba iqhubeka njani kwiLinux.

    Phendula uFernando