RE: about a free opensource tools to catch the system calls

From: Brian Azzopardi (brian_at_unixpoet.com)
Date: 12/18/04

  • Next message: Tony Torri: "RE: CISCOs new IPS" 
    To: "'Zhuowei Li'" <zhuowei@gmail.com>, <focus-ids@securityfocus.com>
Date: Sat, 18 Dec 2004 23:49:25 +0100

    What you want is a strace for Windows. Bindview have a one, with source,
    available at:
    http://www.bindview.com/Support/RAZOR/Utilities/Windows/strace_readme.cfm

    Regards,
    Brian

    -----Original Message-----
    From: Zhuowei Li [mailto:zhuowei@gmail.com]
    Sent: Thursday, December 16, 2004 10:54 AM
    To: focus-ids@securityfocus.com
    Subject: about a free opensource tools to catch the system calls

    Hello everybody,

    I want to use most of the information in the system calls, such as the
    arguments, for behavior profiling using my own techniques, would you like
    recommend me some open source tools under window platform to catch such
    system calls and their related informations? Thanks. 

    --
Regards!
Sincerely yours,
Li Zhuowei
----------------------------------------------------------------------------
-
Email: zhwei.li@pmail.ntu.edu.sg                           
More: http://www.cais.ntu.edu.sg/~zhuowei
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
  • Next message: Tony Torri: "RE: CISCOs new IPS"

    Relevant Pages

    • Re: Replacing antivirus soft with a real IDS/IPS
      ... Considering the costs of AV for an enterprise, getting rid of it can be quite a substantial savings which can be funding for better overall security support. ... I am going to setup a testing lab with several windows XP virtual ... Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)
    • RE: syslogs for windows
      ... Subject: syslogs for windows ... I'm in need of a syslog server running on Windows, ... with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)
    • Re: free hIDS, or system assessment tools
      ... Nessus does local checks on boxes with SSH :-) And for windows ... > Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. ...
      (Focus-IDS)
    • Re: Replacing antivirus soft with a real IDS/IPS
      ... Like the concept of Core Force but haven't had any success with it. ... > I am going to setup a testing lab with several windows XP virtual ... with real-world attacks from CORE IMPACT. ... The information contained in this electronic message and any attachments to ...
      (Focus-IDS)