A software utility for process-
and file-creation watching
Description
WDog is a software utility that can be useful to monitor the creation
of undesired files and/or processes in the PC.
It can monitor a list of process names and files: as soon as a process
included in the list starts running or a file included in the file
list is created (for example by a virus program), WDog issues a
warning with a pop-up window. The event is recorded in a log-file
as well, along with other useful information.
Why has WDog been developed?
Some time ago, I had to diagnose a strange behavior of a number
of workstations in a LAN (system lockups, resets, and so on). These
problems were due to some software trojan horses, that were installed
and executed on the systems. WDog has been used to help to identify
the parent processes that generated trojans.
Download
This software (and its source code) is freely downloadable and
useable by anyone.
- Download self-extracting installer: (setup.exe - 266 kB)
- Download source code (a C compiler for Windows is needed): (wdogsrc.zip
- 25 kB)
Configuration
Configuration of WDog is straightforward: just double-click on
its icon in the tray area of Windows taskbar. Then, it will be possible
to input the name of files and processes to watch. Moreover, WDog
language can be set to US/English (default) or Italian.
WDog runs on Windows 9x and NT 4.0; it has not been tested on Windows
2000 and Windows ME, but it is supposed to run smoothly on these
OSs too.
PLEASE NOTE: on NT (and probably on W2000 too), process watching
is not reliable unless WDog is run as a system service, by using
SRVANY.EXE utility included in NT Resource Kit. The current version
of WDog can't be installed as a service without this utility (please
see "Improvements" section).
Improvements
As usual, a number of things might be improved. The first one that
comes to my mind is the possibility to self-install as a system
service, in order to get an accurate process watching under Windows
NT or 2000; to achieve this goal, with the current version it's
necessary to use the SRVANY.EXE utility that comes with Windows
NT Resource Kit, a commercial product from Microsoft. Anyway, I'll
be glad to know if there are non-commercial utilities that do the
same thing.
If someone adds new features or improvement to WDog, (s)he may send
me the updated version so I publish it on these pages.
Author
WDog has been written by Aldo Giove.
Some parts (code fragments in EnumProc.C) have been copied from
some code available on Microsoft site.
License
This software is released under the DWYWWIECYWI
(Do Whatever You Want With It Except Claiming You Wrote It) license.
Warranty
This software is a very simple and non-intrusive product, and it
has been tested on a number of different PCs; anyway, it's impossible
to guarantee that it will work properly in all cases. In other words,
this software is supplied as-is, without any warranty of any kind,
implicit or explicit. I will not be responsible for any (and unlikely)
damage that might come from its utilization.
|