Syscall Monitor

Introduction

This is a process monitoring tool (like Sysinternal's Process Monitor) implemented with Intel VT-X/EPT for Windows 7+.

Develop Environment

Visual Studio 2015 update 3
Windows SDK 10
Windows Driver Kit 10
QT5.7 for MSVC

Deployment

QT GUI project: SyscallMonQT/SyscallMonQT.pro
Windows kernel driver project: ddimon/DdiMon/DdiMon.vcxproj
Remember to modify the shadow build path to /build32 or /build64 when configure the QT project
Remember to modify the windeploy.exe path in deploy32/deploy64.bat, run deploy32/64.bat to deploy x86/x64 binary files to bin32/bin64
Remember to sign the x64 kernel driver file

Platform

x86 and x64 Windows 7, 8.1 and 10
CPU with Intel VT-x and EPT technology support

Reference & Thanks

BOOST http://www.boost.org/
QT https://www.qt.io/
HyperPlatform https://github.com/tandasat/HyperPlatform
Capstone http://www.capstone-engine.org/

TODO

1.Optimize the memory usage issue.

Screenshots

About

Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+

MIT License

Languages

Language:PHP 40.2%Language:C++ 35.3%Language:C 15.9%Language:Smalltalk 2.9%Language:Java 1.8%Language:Python 1.5%Language:OCaml 1.0%Language:C# 1.0%Language:Makefile 0.2%Language:Assembly 0.1%Language:CMake 0.1%Language:Shell 0.0%Language:Objective-C 0.0%Language:QMake 0.0%Language:Tcl 0.0%Language:Ruby 0.0%Language:Batchfile 0.0%