如题.
Process Monitor
Monitor file system, Registry, process, thread and DLL activity in real-time.
https://docs.microsoft.com/zh-cn/sysinternals/downloads/procmon
https://learn.microsoft.com/en-us/sysinternals/downloads/process-utilities
Process Monitor,Ensure you download it from the official Microsoft Sysinternals website.
download:https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
or
https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
文件和注册表监视工具一般用process monitor,以前是用Filemon监视文件,Regmon监视注册表,现在process monitor可以监视两种操作。其实这些工具都是同一个人写的,现在两个工具合并成一个了。说句题外话,这个作者就是写《深入解析windows操作系统》的作者,这本书的权威性对搞windows内核开发的可以说无人不晓,做逆向的话也很有必要好好读读这本书。
https://technet.microsoft.com/en-us/sysinternals/bb896645 download url 用Process Monitor查看一个http请求都读取了哪些文件的例子。 打开Process Monitor,点击“Filter”,然后添加以下几个过滤条件“Include Process Name is Apache.exe”(我用的Web Server是apache),"Include Operation is ReadFile", "Include Event Class is File System" 点击OK。
UltraEdit
https://www.ultraedit.com/downloads/ultraedit-download/
Hex Editor
HexEditor(16进制编辑器\十六进制编辑器)