أمن الأجهزةاختراق الاجهزه , تشفير , خداع الضحيه , برامج اختراق , جديد التروجن , قتل الحمايه , احدث البرامج , تجسس , Trojan , برنامج دون لود , Downloader , help,مكتبة برامج هكرز
احط لكم برامج مراقبة البرامج الي شغاله في الجهاز ممكن الاستفاده منها في كشف دمج بعض البرامج
طبعا هذي البرامج من تطوير مايكرو سوفت
Process Monitor v1.37
By Mark Russinovich and Bryce Cogswell
Published: August 8, 2008
Introduction
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 SP1 and Windows Vista.
Process Monitor Enhancements over Filemon and Regmon
Process Monitor's user interface and options are similar to those of Filemon and Regmon, but it was written from the ground up and includes numerous significant enhancements, such as:
Monitoring of process and thread startup and exit, including exit status codes
Monitoring of image (DLL and kernel-mode device driver) loads
More data captured for operation input and output parameters
Non-destructive filters allow you to set filters without losing data
Capture of thread stacks for each operation make it possible in many cases to identify the root cause of an operation
Reliable capture of process details, including image path, command line, user and session ID
Configurable and moveable columns for any event property
Filters can be set for any data field, including fields not configured as columns
Advanced logging architecture scales to tens of millions of captured events and gigabytes of log data
Process tree tool shows relationship of all processes referenced in a trace
Native log format preserves all data for loading in a different Process Monitor instance
Process tooltip for easy viewing of process image information
Detail tooltip allows convenient access to formatted data that doesn't fit in the column
Cancellable search
Boot time logging of all operations
The best way to become familiar with Process Monitor's features is to read through the help file and then visit each of its menu items and options on a live system.
Handle v3.41
By Mark Russinovich
Published: August 8, 2008
Introduction
Ever wondered which program has a particular file or directory open? Now you can find out. Handle is a utility that displays information about open handles for any process in the system. You can use it to see the programs that have a file open, or to see the object types and names of all the handles of a program.
You can also get a GUI-based version of this program, Process Explorer, here at Sysinternals.
Installation
You run Handle by typing "handle". You must have administrative privilege to run Handle.
Handle works on Windows 9x/Me and Windows NT and higher as well as x64 Windows XP and Windows Server 2003 64-bit Editions.
Usage
Handle is targetted at searching for open file references, so if you do not specify any command-line parameters it will list the values of all the handles in the system that refer to open files and the names of the files. It also takes several parameters that modify this behavior.
-a Dump information about all types of handles, not just those that refer to files. Other types include ports, Registry keys, synchronization primitives, threads, and processes.
-c Closes the specified handle (interpreted as a hexadecimal number). You must specify the process by its PID.
WARNING: Closing handles can cause application or system instability.
-l Dump the sizes of pagefile-backed sections.
-y Don't prompt for close handle confirmation.
-s Print count of each type of handle open.
-u Show the owning user name when searching for handles.
-p Instead of examining all the handles in the system, this parameter narrows Handle's scan to those processes that begin with the name process. Thus:
handle -p exp
would dump the open files for all processes that start with "exp", which would include Explorer.
name This parameter is present so that you can direct Handle to search for references to an object with a particular name.
For example, if you wanted to know which process (if any) has "c:\windows\system32" open you could type:
handle windows\system
The name match is case-insensitive and the fragment specified can be anywhere in the paths you are interested in.
Handle Output
When not in search mode (enabled by specifying a name fragment as a parameter), Handle divides its output into sections for each process it is printing handle information for. Dashed lines are used as a separator, immediately below which you will see the process name and its process id (PID). Beneath the process name are listed handle values (in hexadecimal), the type of object the handle is associated with, and the name of the object if it has one.
When in search mode, Handle prints the process names and id's are listed on the left side and the names of the objects that had a match are on the right.
More Information
You can find more information on the Object Manager in Windows Internals, 4th Edition or by browsing the Object Manager name-space with WinObj.
Microsoft Handle KB Articles
The following Microsoft KB articles reference Handle for diagnosing or troubleshooting various problems:
AutoRuns for Windows v9.32
By Mark Russinovich and Bryce Cogswell
Published: July 24, 2008
Introduction
This utility, which has the most comprehensive knowledge of auto-starting ********s of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other ********s, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.
Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system. Also included in the download package is a command-line equivalent that can output in CSV format, Autorunsc.
You'll probably be surprised at how many executables are launched automatically!
Autoruns works on Windows 2000 SP4 Rollup 1 or above.
Screenshot
Usage
See the November 2004 issue of Windows IT Pro Magazine for Mark's article that covers advanced usage of Autoruns . If you have questions or problems, visit the Sysinternals Autoruns Forum.
Simply run Autoruns and it shows you the currently configured auto-start applications as well as the full list of Registry and file system ********s available for auto-start configuration. Autostart ********s displayed by Autoruns include logon entries, Explorer add-ons, Internet Explorer add-ons including Browser Helper Objects (BHOs), Appinit DLLs, image hijacks, boot execute images, Winlogon notification DLLs, Windows Services and Winsock Layered Service Providers. Switch tabs to view autostarts from different categories.
To view the properties of an executable configured to run automatically, select it and use the Properties menu item or toolbar button. If Process Explorer is running and there is an active process executing the selected executable then the Process Explorer menu item in the Entry menu will open the process properties dialog box for the process executing the selected image.
Navigate to the Registry or file system ******** displayed or the configuration of an auto-start item by selecting the item and using the Jump menu item or toolbar button.
To disable an auto-start entry uncheck its check box. To delete an auto-start configuration entry use the Delete menu item or toolbar button.
Select entries in the User menu to view auto-starting images for different user accounts.
More information on display options and additional information is available in the on-line help.
Autorunsc Usage
Autorunsc is the command-line version of Autoruns. Its usage syntax is:
-a Show all entries.
-b Boot execute.
-c Print output as CSV.
-d Appinit DLLs.
-e Explorer addons.
-g Sidebar gadgets (Vista and higher).
-h Image hijacks.
-i Internet Explorer addons.
-l Logon startups (this is the default).
-m Hide signed Microsoft entries.
-n Winsock protocol and network providers.
-p Printer monitor drivers.
-r LSA providers.
-s Autostart services and non-disabled drivers.
-t Scheduled tasks.
-v Verify digital signatures.
-w Winlogon entries.
-x Print output as XML.
user Specifies the name of the user account for which autorun items will be shown.
AccessChk v4.2
By Mark Russinovich
Published: July 16, 2008
Introduction
As a part of ensuring that they've created a secure environment Windows administrators often need to know what kind of accesses specific users or groups have to resources including files, directories, Registry keys, global objects and Windows services. AccessChk quickly answers these questions with an intuitive interface and output.
Installation
AccessChk is a console program. Copy AccessChk onto your executable path. Typing "accesschk" displays its usage syntax.
AccessChk works on Windows Vista, Win2K, Windows XP and Server 2003 including x64 versions of Windows.
-a Name is a Windows account right. Specify '*' as the name to show all rights assigned to a user
-c Name is a Windows Service e.g. ssdpsrv. Specify '*' as the name to show all services and 'scmanager' to check the security of the Service Control Manager
-d Only process directories
-e Only show explicitly set Integrity Levels (Windows Vista only)
-k Name is a Registry key e.g. hklm\software
-n Show only objects that have no access
-p Name is a process name or PID e.g. cmd.exe (specify '*' as the name to show all processes)
-q Omit banner
-r Show only objects that have read access
-s Recurse
-t Object type filter e.g. "section"
-u Suppress errors
-v Verbose (includes Windows Vista Integrity Level)
-w Show only objects that have write access
If you specify a user or group name and path AccessChk will report the effective permissions for that account; otherwise it will show the effective access for accounts referenced in the security descriptor.
By default the path name is interpreted as a file system path (use the "\pipe\" prefix to specify a named pipe path). For each object AccessChk prints R if the account has read access, W for write access and nothing if it has neither. The -v switch has AccessChk dump the specific accesses granted to an account.
Examples
The following command reports the accesses that the Power Users account has to files and directories in \Windows\Syste
accesschk "power users" c:\windows\system32
This command shows which Windows services members of the Users group have write access to:
accesschk users -cw *
To see what Registry keys under HKLM\CurrentUser a specific account has no access to:
accesschk -kns austin\mruss hklm\software
To see the security on the HKLM\Software key:
accesschk -k hklm\software
To see all files under \Users\Mark on Vista that have an explicit integrity level:
accesschk -e -s c:\users\mark
To see all global objects that Everyone can modify:
Process Explorer v11.21
By Mark Russinovich
Published: August 8, 2008
Introduction
Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
Process Explorer works on Windows 2000 SP4 Rollup 1 or above.
السلام عليكم
حياك الله اخوية ابو تيلة وربي يبارك فيك اخويعلى البرامج القيمة , ومو بس الهكر يحتاجها بل اي واحد يشك انو ممكن انو مخترق يقدر يراقب كمبيوترة ايضا ويتاكد .
والشغلة الحلوة انها من ماكيرو سوفت نفسها.
تحياتي
اخوكم
صقر العراق
التوقيع
تحية لقناص بغداد
خذ من دمي زيتا نقيا كلما-- يعلو على الترباس كوم رمادِ
عوضاً عن الفرشاة خذ رمشي أنا-- امسح به الترباس ثم زنادِ
ومراود التنظيف لك من اضلعي-- فبنصرة القناص نيل مرادي
لا تاسف على غدر الزمان لطالما رقصت على جثث الاسود كلابالا تحسبن برقصها تعلو على اسيادها تبقى الاسود اسودا و الكلاب كلابا
في عيدكم تذكروا اخوانكم العراقيين ولا تنسوهم من الدعاء
برامج مهمه لمستخدمي برامج الهكرز والتروجن
.gif)
.gif)
.jpg)
