Saturday, October 07, 2006

Tools to Spy on Running Code...

A few days ago, I was reading Long Zheng's always fresh technology blog, istartedblogging.

Specifically, I was combing his "Lazy man's Desktop Aurora" post. If you are not familiar, Desktop Aurora was the name given to a speculative feature of Vista that would display an "active" wallpaper background. Kinda like a shimmering, blendy, non-static background. Sounded cool.

Except it hasn't showed up in the Vista dance hall yet.

So Long posted a "How To" on how to make your own "active" wallpaper in Vista, anyway. Really cool concept...but I'm not sure how distracting it would be. Execution would have to be VERY subtle to be worth having, and it couldn't take up too many CPU cycles to keep running. In my opinion at least. (Related Cool Toy: JediConcentrate application -- freeware application that dims background on all but active window....)

Anyway...While reading his guide...he mentioned the use of a Visual Studio Package software debugging tool from Microsoft called Spy++.

He had a direct download link, so I bit and tried it out. Nice.

Using this tool, you can hover over any window element to find the code controlling that item. It also can show a tree-view of code running under different processes.

Now I'm no programmer. At all. I'm more of a processes and thread's guy when hunting down malware buggers. So Sysinternal's Process Explorer is my top-drawer tool. But I can see where a tool like Spy++ might have some uses in the fight against malware.

That got me looking for more information on this tool, and in the process, I found a number of cousins of Spy++ that added more features.

Oh yeah. Did I mention these are all free? Sweet!

WinID (freeware) - From Dennis Babkin. "WinID is a controls (and) windows identification utility that is both powerful and compact. Its main purpose is to give an easy way to retrieve information about Microsoft Windows controls visually right off the screen. WinID resembles Spy++ from the Microsoft Visual Studio toolset but it also incorporates lots of its own handy features."

SysTree++ (freeware) - Maarten van Oosterhout Software. "SysTree++ is a freeware application that lets you see what is going on on your system. It is a cross-over between ms spy++ and windows task manager. A complete tree-hierarchy of your system, so you can see literally everything that is running on your system. Lets you monitor, manage and save all processes, threads and windows running on system. You can set the priority for processes and threads. End processes and individual threads without warning pop-ups. Toggle windows visibility. Easily copy info text to clipboard and save all info to a text file."

Managed Spy (freeware) - MSDN - "a new utility called ManagedSpy and its associated library ManagedSpyLib, both of which are available for download from the MSDN Magazine Web site. Similar to how Spy++ displays Win32 information such as window classes, styles, and messages, ManagedSpy displays managed controls, properties, and events. ManagedSpyLib allows you to programmatically access Windows Forms controls in another process. You can get and set properties and sync on events in your own code. ManagedSpyLib can also help you build test harnesses and can perform window, message, and event logging." (needs .NET Framework 2.0)

Finally, my favorite find in this class of utilities...

Winspector - Ultimate Programmers Window Spy Utility (freeware) - Wonderful multi-pane view. Has a ton of tools and views and property listings. It's really the kitchen-sink of these applications. I can't compare them from a programmer's standpoint, but for just all-around curiosity and exploration...this is the tool I'm keeping handy on a USB stick!

Good luck, 00's,

--Claus

No comments: