Do you like SpyStudio

  • Yes

    Votes: 9 64.3%
  • No

    Votes: 5 35.7%
  • Total voters
    14
  • Poll closed .

AtlBo

Level 27
Verified
Content Creator
Found SpyStudio recently and this app looks like it could be very good for analyzing the processor activities of an individual process, like process forensics. Maybe there is a better application I am not aware of out there, but this is something I have been hoping to find for a long time, so I was very happy to see how well this application actually works.

Really simple to use. Just highlight a running process (or any number of them), right click, and select Hook. To stop the capture look for the Analysis menu item->Stop all. Captures can be saved. Probably won't use SS much, but it's one thing I have been looking for, so I plan on keeping it in the toolbox.

Please try the app and post your impressions:

https://www.nektra.com/products/spystudio-api-monitor/download/
 
Last edited:

AtlBo

Level 27
Verified
Content Creator
This makes malware analysis a lot easier. Thanks for sharing @AtlBo
No problem. Hope it really helps.

I didn't know if it would be detailed enough etc., but I see there are alot of parameters that can be selected. BTW, I noticed that Process Lasso has a "Suspend Process" option. I guess it would be great if SpyStudio had a way of adding child processes automatically to a capture, but I don't see that. So maybe right clicking on a process in Process Lasso->Less common actions->Suspend process could help when a new process starts off of an original malware process.

Don't have any experience testing so I don't know. I suppose if the child process' activity were paused (suspended in PL) quickly when it started and then hooked in the same data sequence with the parent in SpyStudio, then the cap could be restarted for both in the same data sequence (child then unsuspended)...that kind of thing. Kind of tricky choreograpghy to get it all in one capture if that is necessary. Haven't had time to test it yet very much. Maybe it already automatically auto adds child processes.

My plan for now is to look over commonly accepted clean software whenever I feel like it might be doing things in a sketchy way or slightly sketchy I kind of dig around to see how closely devs stick to solid practices when I have time :)

Looking forward to some test results. Pass em on...:D
 
Last edited: