![]() ![]() ![]() Although most of BlockBlock's code and logic works great on El Capitan, one component is completely broken.thanks to Apple's changes to their latest OS.īlockBlock monitors file I/O events in order to detect "persistence attempts." When it detects such an event, it alerts the user. First up? - updating BlockBlock for El Capitan compatibility. Having recently returned from presenting at VirusBulletin and EkoParty, I finally have some free time to catchup on my todo list. Findings will be included in part II of this blog posting :) While I wait for a kext signing certificate from Apple I'll going to check this out, as KAuth interface appears more stable than the prototype of the MAC policy function. fixed issue resolving kernel symbols introduced with 1.Update: Several people have reached out to me (mahalo!) to mention that the KAuth API can also be used to monitor process creation from a kext.added rpc view listing all rpc endpoints on the system.added “Original Impersonation Token” menu command to inspect the impersonation token of sandboxed thread.added option to freeze and unfreeze entire jobs.added sandboxie tab with a lot of sandboxie related details.So Instead being a panel of the main window, or additionally, the system info panels can be opened in an own window using the appropriate toolbar button. The System info panel can be collapsed completely providing more space for the Task info panels. The performance panels for CPU, Memory, Disk I/O, Network and GPU provide large graphs showing the usage of system resources in a detailed manner. The system info panels show All Open Files in the system, All Open Sockets by programs, and the services Panel allows viewing and controlling all system services including drives. The toolbar provides decently sized graphs providing not just CPU usage but also usage of Objects, handles, network and IO/disk access. The system monitor aspect of the application is also well developed. By double clicking on a process, the Task Info panels can be opened in a separate window enabling the viewing of properties of multiple processes simultaneously. And many more panels like Token, Environment, Windows, GDI. The Modules Panel shows all loaded dll’s and memory mapped files, allowing to unload them as well as to inject a dll. That is every destination endpoint for UDP packets will be shown as an own entry in the sockets panel allowing to monitor with whom a program is communicating. The Socket Panel shows all open connections/sockets per process providing also data rate information, in the settings one can enable the display of pseudo UDP connections created from ETW data. In the Handles Panel all open handles are shown, with useful information’s like file name the current file position and size, these allow to see what a program is actually working on right now disk wise. The processes memory can be viewed and edited from the Memory Panel, which provides an advanced memory editor and string search capability. This is also very useful to debug deadlocks or performance issues. The Thread Panel contains a stack trace for the selected thread giving even more insight in wat the selected application is doing right now. And most data are refreshed continuously, as seeing the dynamic of values often grants additional insight. Allowing to browse the detailed information’s using arrow keys. Relevant data are provided in easy to access (as less clicks as possible) panels, with no need to open windows or windows of sub windows, instead additional information’s for selected entries are shown in the lower half of the panel. The UI focuses on expedience and getting real time data of what the processes are doing at any given moment. Task Explorer Portable is an advanced Task Manager tool with emphasis on, not just monitoring what applications are running, but on finding out what applications are doing.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |