DonationCoder.com Software > N.A.N.Y. 2019

NANY 2019 - Windows App - Process Watcher

(1/8) > >>

mouser:
Process Watcher - a bare bones minimal utility for watching and logging new and changed processes found running on your pc.


* PORTABLE version: https://www.donationcoder.com/Software/Mouser/ProcessWatcher/downloads/ProcessWatcherPortable.zip
* INSTALLER version: https://www.donationcoder.com/Software/Mouser/ProcessWatcher/downloads/ProcessWatcherSetup.exe

Process Watcher is a tool that lives down in your system tray and logs when it sees a new or changed process running on your system.

This is a very early release of what will hopefully be a more elaborate tool, but as of now it has only one purpose: To log each time it sees a new running process, or sees a new version of a previously seen running process.
When it sees a changed process, it will log what has changed (file timestamps, size, exe properties/comments).

So this utility may be useful for those who are interested in seeing what processes run on their computer in the background, or logging when a program is silently updated, etc.

You can easily view the log from the system tray menu, or simply open it in any text editor.

NOTE: It is currently for 64-bit versions of windows only, though a 32-bit version could be built if desired.

NOTE 2: This version will by default set itself to autostart with windows when you run it.  You can change this by editing the ProcessWatcher.ini file.

wraith808:
Sounds interesting just from the name.  Sometimes I just need to watch processes to see if they spike in CPU usage.  So I'll be watching this entry with interest!

mouser:
Right now I'm mostly refactoring code, and thinking what I could do with it..

The current version I'm working on simply watches all running processes -- and while I have code written to monitor cpu and memory use (code I use in my Process Tamer and Process Piglet apps) -- currently for the new I am working on a different focus.  The new app is just trying to keep a record of all processes it sees, and log each time it sees a new or changed process (application) running.

That is, the first time you run the app, every running process it sees will be "new" to it, and it will write out to it's log every file it has found running, and the information it can collect about it (process name, company, version, filedate, etc.).
So the first time you run it your log will show info on 100-200 processes.

But then it remembers having seen these processes running.. So over the course of the following months/years, it will only be adding to its log when it sees a new process run for the first time, OR an update of one of the existing processes (via changed file properties, or if you wish, a full file contents hash).

When it finds a new or changed process, it will write a report to the log file saying so and listing what has changed.

In this way, you are meant to leave this app running at all times on your pc, or a pc you are trying to troubleshoot or maintain.  And you can check the log at any time to see exactly when some process was updated or run for the first time.

It could be useful for people in identifying when a malware hit them, or what new program someone may have installed on a pc that they shouldn't have, etc.

Whether other people think this might be a useful tool, I'm not sure...




Later I may consider adding more functionality to the app for not just logging the first time it sees a new/changed process, but other things like you mention -- reports when apps use certain amounts of memory or cpu.  Or even a more elaborate process use tracking feature, which keeps track of how much time you have spent running each process (or how much cumulative cpu use processes have used over long times).

I'm focusing on keeping it as lean, fast, and resource friendly as possible, compiled in visual studio c++ with a 64bit build and the resident app having no gui, so it should not use noticable resources.

Ath:
Ha, sounds interesting.
Most difficult part would be to organize the logging in such way that it actually makes sense when looking at it, without being overwhelmed with 'all that data' :o
Maybe the memory/cpu use-log should be separated, possibly a logfile per exe (path+filename, possibly reversed, and : and \ replaced by another character?) and include the pid inside the logfile to be able to filter on. (Hint: the LogStash family of products, no ties)

mouser:
If anyone wants to try a really early alpha:

* http://donationcoder.com/Software/Mouser/ProcessWatcher/downloads/ProcessWatcher_x64_portable.zip
What to know:

* It's portable
* It's 64-bit build only
* There is no GUI, just run it and you'll see any icon in the tray which you can use to exit.
* 2 files will be created in the directory when you run it (ProcessWatcher_HistoryData.dat, and ProcessWatcher_HistoryLog.txt); the former is the data file it will read and write on each run; the latter is the human-readable log file that is the bread-and-butter of the app.  This is the file you will want to look at to see if the program is useful to you.
* You are meant to just leave this app running always.  Restart it on reboot.  The log file will show you every time it sees a new process for the first time, or any time a process has changed (was updated, etc.).
Remember the real value of this app is in logging the first time it sees a new or changed process.  This can be useful if programs launch in the background, and never inform you.

By occasionally checking the ProcessWatcher_HistoryLog.txt you may discover some applications that are occasionally running, performing update checks and similar things in the background.

Navigation

[0] Message Index

[#] Next page