1996-02-02 - Re: Active processes monitoring?

Header Data

From: Jeremy Mineweaser <Jeremym@area1s220.residence.gatech.edu>
To: Ray Arachelian <sunder@dorsai.dorsai.org>
Message Hash: 49aac728ac0057922124669af11a5dc7cc62837fefb43dd4d521293eb33ec543
Message ID: <2.2.32.19960202210108.00ec2df4@area1s220.residence.gatech.edu>
Reply To: N/A
UTC Datetime: 1996-02-02 22:26:29 UTC
Raw Date: Sat, 3 Feb 1996 06:26:29 +0800

Raw message

From: Jeremy Mineweaser <Jeremym@area1s220.residence.gatech.edu>
Date: Sat, 3 Feb 1996 06:26:29 +0800
To: Ray Arachelian <sunder@dorsai.dorsai.org>
Subject: Re: Active processes monitoring?
Message-ID: <2.2.32.19960202210108.00ec2df4@area1s220.residence.gatech.edu>
MIME-Version: 1.0
Content-Type: text/plain


At 01:59 PM 2/2/96 -0500, you wrote:
>
>> Are there others applications like MEM that are not as universal?
>> (here, I guess that such stealth behaviour have to rely on identifying the
>> program being loaded, thus, a less common program has less chance of 
>> being fooled)
>
>Mem /C doesn't do squat under 95... don't know about 3.11.... since each 
>DOS box runs in its own space, MEM /C cannot see what processes are 
>running in Windoze.

There are a number of process viewing applications available for Win95/NT.
I use two of them: one is called pstat.exe and the other is ps.exe.  Both of
them
show most of the visible processes running.  ps does not show running services,
but pstat does.  Both of them are available at

ftp://csa.gt.ed.net


Jeremy
---
   Jeremy Mineweaser     | GCS/E d->-- s:- a--- C++(+++)$ ULC++(++++)>$ P+>++$
 j.mineweaser@ieee.org   | L+>++ E-(---)  W++ N+  !o-- K+>++  w+(++++) O-  M--
                         | V-(--) PS+(--) PE++ Y++>$ PGP++>+++$ t+() 5 X+ R+()
    *ai*vr*vx*crypto*    | tv(+)  b++>+++ DI+(++)  D+  G++ e>+++  h-() r-@ !y-






Thread