Skip to content

Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+

License

Notifications You must be signed in to change notification settings

trapframe/Syscall-Monitor

 
 

Repository files navigation

Syscall Monitor

Introduction

This is a process monitoring tool (like Sysinternal's Process Monitor) implemented with Intel VT-X/EPT for Windows 7+.

Develop Environment

  • Visual Studio 2015 update 3
  • Windows SDK 10
  • Windows Driver Kit 10
  • QT5.7 for MSVC

Deployment

  • QT GUI project: SyscallMonQT/SyscallMonQT.pro
  • Windows kernel driver project: ddimon/DdiMon/DdiMon.vcxproj
  • Remember to modify the shadow build path to /build32 or /build64 when configure the QT project
  • Remember to modify the windeploy.exe path in deploy32/deploy64.bat, run deploy32/64.bat to deploy x86/x64 binary files to bin32/bin64
  • Remember to sign the x64 kernel driver file

Platform

  • x86 and x64 Windows 7, 8.1 and 10
  • CPU with Intel VT-x and EPT technology support

Reference & Thanks

TODO

1.Optimize the memory usage issue.

Screenshots

load symbol main frame process view event info event filter filtered filterable attributes process info

About

Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PHP 40.2%
  • C++ 35.3%
  • C 15.9%
  • Smalltalk 2.2%
  • Java 1.8%
  • C# 1.7%
  • Other 2.9%