Microsoft has rewritten two popular Windows kernel monitoring tools, Sysmon and Regmon, and pulled them into a new utility called Process Monitor.
The tools were acquired as part of Microsoft's acquisition in July of Winternals Software, which also brought on board kernel guru Mark Russinovich as a technical fellow in Microsoft's platforms and services division.
Russinovich is well known in programming circles, and achieved some fame with the general public for publicising that Sony BMG's anti-copying software used rootkit-like technology.
Regmon and Filemon provide real-time file system, registry and process/thread activity, and are used by researchers to help dig malicious code out of infected systems. Process Monitor, described by Russinovich as "Regmon and Filemon on steroids", combines the features of the two along with a number of other features.
According to Microsoft, these include rich and non-destructive filtering, more event properties such as session IDs and user names, process information, full thread stacks with integrated symbol support for each operation and simultaneous logging to a file.
It runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as 64-bit versions of XP, Server 2003 SP1 and Vista.
The application can be downloaded free of charge from the Sysinternals portal, which was relaunched this week as part of Microsoft's TechNet.
Read David Cartwright's blog on Process Monitor..