Monitoring Global Atom Table part III
New version v1.4 has been released as there were few bugs detected. This version also includes a new and very interesting feature, inspecting atoms from windows services. "A Windows Service applications run in a different window station than the interactive station of the logged-on user. A window station is a secure object that contains a Clipboard, a set of global atoms, and a group of desktop objects. Because the station of the Windows service is not an interactive station, dialog boxes raised from within a Windows service application will not be seen and may cause your program to stop responding. Similarly, error messages should be logged in the Windows event log rather than raised in the user interface".
Source : Microsoft.
This actually means that a running service is using a different set of global atoms than the current user. To display those atoms, atom table monitor v1.4 includes an Atom scanner service which uses the same core engine than Atom monitor and retrieves the list of Global atoms and RWM atoms from the system under the window station.
Current version contains: Atom Table monitor v1.4.
- Atom monitor win32 stand-alone tool.
- List of common patterns.
- Atom scanner win32 service.
- Install / Unninstall service batch files.
Session selection screen:
If the service is up and running, we can select the option to display the atoms from the service session. If the service is not detected the monitor will stop itself.
Service session monitoring RWM atoms:
This screen is displaying the amount of atoms which are being monitored by the service session. You can play with that by creating a small tool to leak atoms and use different configurations from the service. Have a look at my previous post How to run an application under active session account from a windows service.
User session monitoring RWM atoms:
Check out the amount of patterns which match an specific subset of atom strings. This will help you to rapidly identify which atoms are being created and which is the source.
Installing the service:
Once up and running, select "Monitor Atoms from service session" on Option's tab and press scan atom table.
Check out the amount of patterns which match an specific subset of atom strings. This will help you to rapidly identify which atoms are being created and which is the source.
Installing the service:
Use the batch files to install / uninstall ATOMScannerService.exe. Once installed, run it under local account.
Once up and running, select "Monitor Atoms from service session" on Option's tab and press scan atom table.
Related links:
Awesome job on this project. A great and useful tool.
ReplyDeleteThanks Carl!
DeleteHello Jordi!
ReplyDeleteYou did a really nice job!
I downloaded the project from GitHub (https://github.com/JordiCorbilla/atom-table-monitor), but it doesn't have the AtomTableMonitor.exe file.
I can run the Atom scanner service, but I can't see the window with the graphs of the atoms and stuff
Could you upload the AtomTableMonitor.exe and related files, please?
Thank you very much!
Hi,
DeleteYou'll find the files here.
Regards,
Jordi
Hi!
DeleteI tried to download the files from that link, but it shows the following message:
"This shared file or folder link has been removed."
Could you check it, please?
Thanks!
Regards,
Gustavo
Hi Gustavo,
Deleteit seems there is an issue with my hosting service. I'll see what's going on.
Regards,
Jordi
Hi Gustavo,
DeleteIt seems that app box cloud is offline regarding my files so I have uploaded it to Onedrive. Here you can find the files AtemoTableMonitor 1.4.zip:
Regards,
Jordi
Hi Jordi!
ReplyDeleteThere's no hyperlink in your last message... I searched for this .zip file on Google but I couldn't find either...
Could you send the link to the file in Onedrive, please?
Thanks!
Regards,
Gustavo
Hi Gustavo,
DeleteIt seems the link got deleted. Here is the URL:
https://onedrive.live.com/redir?resid=4F2073EF7028E94D!111&authkey=!AKYSqmJDHPmzMpc&ithint=file%2czip
Regards,
Jordi
Thank you, Jordi!
DeleteYou did a great job!!! This program is awesome!
Thanks for your attention!
Regards,
Gustavo
Professionally written blogs are rare to discover, however I apprehend all of the factors referred to right right here. I also need to include a few different writing competencies which every person must privy to.
ReplyDeleteสแกนเอกสาร
Fantastic tool! Had a long running application with an issue which now turns out to be caused by filling the global atom table. Your tool made debugging this super easy. Thanks!
ReplyDelete