Skip to content

@MartinDrab MartinDrab released this Jun 22, 2019 · 27 commits to master since this release

What is new:

  • Capture file names
  • Log data associated with the requests
    • IRPs only
    • read, write, ioctl, pnp, query/set information...
    • turned off by default since it may be dangerous (turn it on by checking the Data item in the context menu)
    • displayed in the Request Details* form
  • Custom data parsers
    • displays data associated with individual formats in reasonable form
    • are simple DLLs, kind of a plugin interface (i.e. you may write your own)
    • currently only hexadecimal view and security descriptor view are available
  • binary logs
    • as counterpart to the text one
    • can be loaded on different machine (with the same architecture as the original)
    • to save a long in binary format, select the .bin extension in the save dialog
  • Request filtering and higlighting
    • similar to Process Monitor
    • can be applied to both live capture and loaded binary logs

Since this is a pre-release/beta, I did not update the documentation yet, however, there was not much of GUI changes, so the application may still look familiar to you. I would greatly appreciate any bug reports and other feedback.

Drivers are digitally signed by my latest certificate, so IRPMon should run correctly on all PCs expect those with Secure Boot enabled.

Assets 3
You can’t perform that action at this time.