windows 如何知道程序在做什么?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4809134/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to know what a program is doing?
提问by xRobot
Is there a way to know what an executable file has done ( what files have copied, in what folder have copied this files, what key registry have edited, etc ) ?
有没有办法知道一个可执行文件做了什么(复制了哪些文件,在哪个文件夹中复制了这些文件,编辑了哪些注册表项等)?
回答by luben
There are different tools for the different operating systems for sure. For MS Windows the SysInternals package by Mark Russinovich and Bryce Cogswell has a lot of tools for this.
不同的操作系统肯定有不同的工具。对于 MS Windows,Mark Russinovich 和 Bryce Cogswell 的 SysInternals 包为此提供了很多工具。
It has real-time FileMonitor, DiskMonitor, ProcessMonitor, Network monitor and Registry Monitor showing the information in very detailed and understandable way.
它具有实时 FileMonitor、DiskMonitor、ProcessMonitor、网络监视器和注册表监视器,以非常详细和易于理解的方式显示信息。
You should download the whole suite, as these are different programs inside it.
您应该下载整个套件,因为其中包含不同的程序。
回答by T.E.D.
I voted up the procmonanswer. However, I'd like to add that procmonis pretty much just a tool to display and plot Windows' realtime registry key (HKEY_PERFORMANCE_DATA) values. If you want to monitor some of that stuff programatically, you just have to write code to look at and process those same registry values out of HKEY_PERFORMANCE_DATAyourself.
我投票赞成procmon答案。但是,我想补充一点,procmon它几乎只是一个用于显示和绘制 Windows 实时注册表项 ( HKEY_PERFORMANCE_DATA) 值的工具。如果您想以编程方式监视其中的某些内容,您只需要编写代码来查看和处理那些相同的注册表值HKEY_PERFORMANCE_DATA。
回答by Disposer
You can use utilites from sysinternals such as ProcessMonitor. With it you can monitor registry, file system, network access and something more(sorry, i can't remember all features.)
您可以使用来自 sysinternals 的实用程序,例如ProcessMonitor。有了它,您可以监控注册表、文件系统、网络访问等等(抱歉,我不记得所有功能。)
