Nektra Advanced Computing
ホーム
製品
      OEAPI
      WLMailApi
      NKT WAB
      Deviare API Hook
    Spy Studio
      Secure Code Gen.
      Audio Recorder SDK
      Nektra Panorama
      Nektra CM
       
       
コンサルタント
ダウンロード
サポート
価格・購入
概要
機能
その他情報

SpyStudio v2.9 概要

2015年 4月 29日 - SpyStudio 2.9 から商用および非商用に関わらず、SpyStudio はフリーウェアになりました。

 

SpyStudio は、Windows 上のユーザー モード API コールをトレースするベストな製品です。

SpyStudio は、コールを表示およびインターセプトするアプリケーション トレーサーであり、IT 専門家が構造化されたその結果を表示することで簡単に理解できます。SpyStudio は、アプリケーションが使用するリソースを理解することができ、エラーをトラックダウンし、マルウェアを検出し、仮想化のためのアプリケーション レイヤーを作成します。

アプリケーションのトレース

SpyStudio shows and interprets calls, displaying the results in a structured way which is easy for any IT professional to understand. SpyStudio can show registry keys and files that an application uses, COM objects and Windows the application has created, and errors and exceptions.

トレースの比較

When tracking down an application error, SpyStudio can compare a trace of a working application with the trace of the application which has issues. SpyStudio shows the differences in the registry and file system operations, COM object and Windows creations, and the rest of the events.

アプリケーションの仮想化

To troubleshoot a virtual application you can compare the virtual application's trace with the base trace. Using this feature, you can see what is generating the issue.

アプリケーション パッケージング

Nektra’s SpyStudio simplifies application virtualization packaging for VMware ThinApp and Symantec Workspace Virtualization. It includes advanced features for application harvesting, and troubleshooting. It is able to package applications with or without installation media in ThinApp environment.

プロセス モニター補完

SpyStudio is the user-mode Procmon complement. Looking for application errors with kernel-mode traces is tedious, and it is very difficult to see the final outcome of a user-mode call. With kernel-mode tools, you get a lot of noise that the application does not see, since a single user-mode call generates lots of kernel-mode events that are not important from the application's perspective. Most application errors are generated by failed user-mode calls which expect a different state of some resources: registry keys and values, files, pipes, services and printers.

SpyStudio is also able to read Process Monitor logs (see Load ProcMon log) and show them in a user friendly interface. It shows registry operations in tree form like Regedit and displays errors in red. File operations are also displayed in tree form.

フィルター ドライバー パフォーマンス

SpyStudio is very useful to test filter driver's performance. It can show time differences when the application executes user mode APIs. Unlike other performance analysis products SpyStudio shows how long the application waits for each user-mode operation. Products which show kernel operations cannot measure the impact of a new driver on the system.

マルウェア検出

SpyStudio is also being used in other IT sectors such as the cybersecurity field. The books Malware Forensics: Investigating and Analyzing Malicious Code and Malware Forensics Field Guide for Windows Systems discuss one way SpyStudio can be used to fight malware.

 


SpyStudio の画面:

SpyStudio のメイン画面:

SpyStudio's main window

SpyStudio の Trace タブ:

SpyStudio's Trace Tab

SpyStudio のレジストリ アクセスの表示:

SpyStudio's Registry access

SpyStudio の比較ダイアログ:

SpyStudio's Registry access

 

ここをクリックして、SpyStudio のビデオを見る。

 

 

 

概要
機能
その他情報

SpyStudio 機能

SpyStudio の主な機能:

  • スタートアップからアプリケーションをトレース
  • 実行中のプロセスのインターセプト
  • イベントのフィルター
  • COM オブジェクト作成のウォッチ
  • ウィンドウ作成のウォッチ
  • アクセスされたファイルのウォッチ
  • レジストリキーと値のウォッチ
  • Shell32 関数のウォッチ
  • Urlmon 関数のウォッチ
  • Wininet 関数のウォッチ
  • Resources 関数のウォッチ
  • Threads 関数のウォッチ
  • スタック トレースの表示
  • トレースの比較 (limited in the Unregistered version)
  • Load / Save ログ

サポートするオペレーティング システム:

  • Microsoft Windows XP (Requires .NET 3.5)
  • Microsoft Windows Vista (Requires .NET 3.5)
  • Microsoft Windows 7
  • Microsoft Windows 8
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2003 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 8
  • Both 32-bit and 64-bit (Registered version only) platforms are supported.

 

 

 

 

概要
機能
その他情報

SpyStudio その他情報

SpyStudio のビデオ

SpyStudio Videos (Harvesting Applications and Creating VMware ThinApp Packages with SpyStudio)

クイックスタートガイド

 

変更ログ

Changes on version 2.9.0.18371 (22-Apr-2015)

  • SpyStudio は、フリーウェア製品になりました。
  • いくつかのマイナーな不具合の修正。
  • いくつかの比較問題を修正。
  • アプリケーション パッケージを作成するためのテンプレート システムを実装。

Changes on version 2.8.7.17830 (31-Jul-2014)

  • General performance improved.

  • Compare logs' memory consumption reduced around 60%.

  • VIrtual Applications Update: any application even those created without SpyStudio can be updated directly from the base with a simple wizard.

  • DotNet Capture: SpyStudio can now troubleshoot .NET applications: it logs exceptions, assembly loads, object creation and much more.

  • New 'Relevance' column showing event priority.

  • FIX: Hang when shutting down.

  • FIX: Capturing Internet Explorer 11 wasn't working.

  • FIX: AutoSizeColumn on Trace Tree only iterates visible nodes making it very fast.

Changes on version 2.8.6.17526 (10-Jun-2014)

  • Windows 8 / 8.1: Fixed some issues intercepting applications.

  • Events are processed faster now (about 50%) reducing the time it takes to show events in the UI.

  • Compare Traces: File System tab groups events in a different way showing more matches than before.

  • Compare Traces: Windows and COM tabs show mismatches now.

  • FIX: Some times processing event count wasn't reaching zero.

  • Package Creation: FIX NullReferenceException on XP.

  • ThinApp: some applications packaged with ThinApp were generating a dead lock.

Changes on version 2.8.5.17404 (13-May-2014)

  • Event Summary: Don't lose your time looking for critical events. SpyStudio provides a vertical scrollbar showing trace summary on the left of Trace tab.

  • Compare traces has a summary of matches on the left side like text compare products.

  • Export wizard now saves user changes.

  • License Key can be saved in SpyStudio's directory to automatic register it (use .key extension).

  • Properties dialog: double click or Enter on an event 'GoTo' Trace event.

  • Events are classified to show in strong colors those that are important.

  • Export to Symantec Workspace Virtualization fixed.

  • FIX: Memory usage optimized.

  • FIX: ThinApped Apps could have some problems with the embedded manifests (e.g.: MS Access).

  • FIX: Double click on Trace was opening properties dialog even when the click was in an empty area or on the header.

  • FIX: After clearing events Trace control could have some problems in 'Go To event'.

  • FIX: After clearing events Trace control could show incorrect scrollbar position.

  • FIX: File System tree wasn't showing first level expanded.

  • FIX: Memory leak after FormDeviareCompare close.

  • FIX: SpyStudio bug in Deviare agent can caused objects leak.

  • FIX: SpyStudio was sometimes losing events on application termination.

 

Changes on version 2.8.1.17065 (19-Feb-2014)

  • New "Expand Errors" function lets you expand all error nodes in the File System and Registry tree.

  • Properties dialog now displays almost instantly (even with lots of events) and uses a small amount of memory.

  • Double click on any node opens Properties dialog.

  • Export: New "Import Key" and "Import Directory" functions allow the user to add keys, directories and files from the O.S. to a ThinnApp package.

  • Export: Easy Runtime dependencies insertion to the package.

  • Smart file and registry auto-selection and auto-import.

  • Free version can now compare and Export up to 2000 events.

  • FIX: LoadLibrary's stack trace wasn't working on x64 environments.

  • FIX: Find dialog was working only sometimes on trace tab.

  • FIX: Crash when an intercepted process tryed to access some weird registry invalid paths.

  • FIX: Corrected some errors loading XML logs.

  • FIX: Crash when hooking and then unhooking Services.exe.

  • Deadlock: sometimes hooking a process would cause a deadlock.

Changes on version 2.8.0.16888 (8-Jan-2014)

  • Capture speed improved (about 35%).

  • Package speed improved (over 50%).

  • Memory manager redesign enables SpyStudio to capture millions of events.

  • More applications can be packaged with the Application Harvesting feature (no installation required).

  • Item properties now available in free version.

Changes on version 2.7.3.16613 (18-Nov-2013)

  • FIX: Some fixes in FindResource / LoadResource handlers. Sometimes, they weren't able to get loaded module.

  • Performance improvements.

  • Properties in Values now works.

  • Added Show in Files / Registry / Windows / Com context menu item in trace control.

  • Compare: lot of improvements and fixes matching events.

  • Compare: some improvements to match ThinApp applications better.

  • FIX: Compare Registry: some keys had incorrect result in trace 2.

  • Asynchronous handlers now available in free version.

Changes on version 2.7.2.16546 (7-Nov-2013)

  • FIX: Several fixes and performance improvements around harvesting feature.

  • Performance improvements when applying filters or loading logs.

  • FIX: Some Window creation times were incorrect in async.

  • FIX: SpyStudio wasn't working when executed from a shared folder.

  • FIX: On XP sometimes events are not shown even when processes are hooked.

  • Database: Reduced space and improved performance.

Changes on version 2.7.1.16515 (1-Nov-2013)

  • Feature: Improved performance of export dialog.

  • Feature: Added better automatic algorithm for export dialog.

  • Feature: Added simple and custom mode to chose files and registry keys.

  • FIX: Corrected some crashes, wrong paths, errors accessing some files, and general bugs in export dialog.

Changes on version 2.7.0.16437 (24-Oct-2013)

  • Feature: Event database stores CallEvents in Sqlite database saving memory.

  • FIX: Filezilla was crashing using Quick Connect feature. NtSetFileInformation function was generating a exception when used for named pipes.

  • FIX: Crash closing hooked application.

  • FIX: In different situations the Log compare was failing.

  • FIX: Compare registry values didn't have Type information.

  • FIX: Remove unused memory after capturing an application.

  • FIX: ProcMon logs were not loading.

  • FIX: Registry tab in Compare dialog: Registry tab wasn't showing RegEnumerate

  • FIX: Lots of failing RegQueryValue and RegEnumerateKey events were not compared and not shown in the registry tab.

  • FIX: Registry tab in Compare dialog: Properties wasn't showing only matched events of the second file.

  • FIX: Ole32.CoGetClassObject wasn't added to the Com tab.

  • Feature: Big capture performance improvement. Capture time was reduced between 50% and 60%.

  • Feature: Ability to harvest applications directly from the operating system without installation media.

  • Feature: Ability to harvest applications executing an installer.

  • Feature: Export log data to VMware ThinApp.

Changes on version 2.6.0

  • FIX: Compare: missing class redirection. Different queries to different places that are trying to get the same class information should be merged in the same HKEY_CLASSES_ROOT path.

  • FIX: AutoSize wasn't working on Tree controls.

  • Removed tree lines and changed UI.

  • FIX: Auto search wasn't working as expected.

  • FIX: Some crashes.

  • Feature: Merge Wow registry paths.

  • Feature: Merge COM classes registry paths.

  • Feature: added Show startup modules and Hide Query attributes options in Compare dialog

  • Feature: Copy and Select All working on Properties dialogs.

  • UI: TreeViewAdv: Headers now look like MS TreeView

  • UI: TreeViewAdv.BorderStyle now is FixedSingle for all controls.

  • FIX: ThinApp support on Compare dialog.

  • Feature: Export dialog: Several fixes and new features for Symantec Workspace Virtualization.

  • Feature: Export dialog: full support for shortcuts.

  • Feature: Export dialog: full support for local files.

  • Feature: Export Dialog: Added Isolation Rules.

  • Feature: Export Dialog: Added load and save from template.

  • Feature: Export Wizard: Added Load Ldf files.

  • FIX: Export Wizard: several errors and crashes.

  • Removed file system events of type C:

  • Find on Registry tree wasn't working on values

  • Added NtDeviceIoControlFile hook

  • QueryDirectory operation wasn't getting file properties if Hide QueryAttributes was set

  • Added RegQueryKey to the Registry tree

Changes on version 2.5.2


Released in April of 2013

  • Feature: Go to trace from Properties dialog.

  • Feature: Merge Wow paths and Show Virtual paths.

  • Feature: Added QueryDirectory function.

  • Feature: ExecutionProperties dialog lets you execute an application with parameters and a specific user.

  • Fix: RegQueryMultipleValues now working.

  • Fix: some icons were missing in files which access was only Attributes.

  • Fix: several matching errors in Compare Dialog.

  • Fix: some exception in Properties dialog.

Changes on version 2.5.1


Released in February of 2013

  • "Properties" right-click option working for Compare dialog (preliminary version).

  • Minor fixes.

Changes on version 2.5.0


Released in February of 2013

  • Fixed issue in which registry entries were not be correctly displayed under Windows XP.

  • Fixed ProcMon loader.

  • Now File System and Registry tabs entries do not collapse when receiving new data.

  • Incremental search working in File Sytem and Registry tabs.

  • Improved registry usage monitoring performance.

  • Fixed some memory leaks.

  • New feature: Export to .reg file.

  • Fixed File System tab visualization options.

  • The Compare dialog no longer generates an exception when closed.

  • Improved log load time (~%50).

  • Added option to monitor environment variables.

  • Fixed filtering before compare.

  • Now Find function can find not visible items.

  • Fixed "Expand all differences" function.

  • Added "Show Layer Paths" and "Hide Query Attributes" view options.

  • Added entry properties visualizer for all tabs.

  • Fixed bug which would cause erroneously unmatched entries in the Compare dialog.

  • Known issue: "Properties" right-click option not working for Compare dialog entries (yet!).

Changes on version 2.4.0


Released in January of 2013

  • File System and Registry are intercepted at ntdll level.

  • Added all available Registry and File System functions.

  • File System view mode: Tree and Flat.

  • Fixed Swv Export Wizzard.

  • Added different statistics to help driver writers.

  • Compare statistics.

  • File System tree can sort by version

  • Important performance improvements.

Changes on version 2.3.0


Released in October of 2012

  • New feature: Support for loading and comparing Process Monitor logs.

  • New feature: "Find" function for all monitoring categories.

  • New feature: Processes execution with parameters.

  • New monitoring categories.

  • Fixed issues related to registry paths not being correctly displayed.

  • Several bug fixes.

Changes on version 2.0.0

Released in June of 2012

  • Complete new application oriented to trace applications

  • Compare traces

  • Filter events in different ways

  • Stack trace information

  • Find dialog

Changes on version 1.0.1

Re-released on July of 2008

  • Fixed: SpyStudio had a wrong version number internally, autoupdate was triggered on an infinite loop.

  • Fixed: Incorrect runtime dependency made SpyStudio crash on Vista.

Changes from version 1.0.0b to 1.0.1

Released on June of 2008

  • Fixed: Members of pointers to structs were not displayed in the output.

  • Performance: Improved for Python scripts output.

  • Scripts Feature: DStackTrace object lets you inspect the stack in a call.

  • Fixed: Copy to clipboard from output window was truncating large strings and it did not show if the call was before or after.

  • Feature: Copy to clipboard shortcut added.

  • Scripts Fixed: When having more than one hook, each function call triggered HookEvents.OnCall more times than it should.

  • Feature: Parameter types and names are now displayed on the Output.