Fibratus – Tool For Exploration And Tracing Of The Windows Kernel

0
6
Fibratus - Tool For Exploration And Tracing Of The Windows Kernel

Fibratus is a software which is ready to capture the a lot of the Windows kernel exercise – course of/thread creation and termination, context switches, file system I/O, registry, community exercise, DLL loading/unloading and way more. The kernel occasions could be simply streamed to numerous output sinks like AMQP message brokers, Elasticsearch clusters or commonplace output stream. You can use filaments (light-weight Python modules) to increase Fibratus with your individual arsenal of instruments and so leverage the facility of the Python’s ecosystem.

Installation
Download the latest release (Windows installer). The changelog and older releases could be discovered here.
Alternatively, you may get fibratus from PyPI.

  1. Install the dependencies
  • Download and set up Python 3.4.
  • Install Visual Studio 2015 (you will solely want the Visual C compiler to construct the kstreamc extension). Make positive to export the VS100COMNTOOLS atmosphere variable so it factors to %VS140COMNTOOLS%.
  • Get Cython: pip set up Cython >=0.23.4.
  1. Install fibratus by way of the pip bundle supervisor:

Documentation
See the wiki.

MoreTip.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.