WDog

A software utility for process- and file-creation watching

Description

WDog is a software utility that can be useful to monitor the creation of undesired files and/or processes in the PC.
It can monitor a list of process names and files: as soon as a process included in the list starts running or a file included in the file list is created (for example by a virus program), WDog issues a warning with a pop-up window. The event is recorded in a log-file as well, along with other useful information.

Why has WDog been developed?

Some time ago, I had to diagnose a strange behavior of a number of workstations in a LAN (system lockups, resets, and so on). These problems were due to some software trojan horses, that were installed and executed on the systems. WDog has been used to help to identify the parent processes that generated trojans.

Download

This software (and its source code) is freely downloadable and useable by anyone.

Download self-extracting installer: (setup.exe - 266 kB)
Download source code (a C compiler for Windows is needed): (wdogsrc.zip - 25 kB)

Configuration

Configuration of WDog is straightforward: just double-click on its icon in the tray area of Windows taskbar. Then, it will be possible to input the name of files and processes to watch. Moreover, WDog language can be set to US/English (default) or Italian.
WDog runs on Windows 9x and NT 4.0; it has not been tested on Windows 2000 and Windows ME, but it is supposed to run smoothly on these OSs too.

PLEASE NOTE: on NT (and probably on W2000 too), process watching is not reliable unless WDog is run as a system service, by using SRVANY.EXE utility included in NT Resource Kit. The current version of WDog can't be installed as a service without this utility (please see "Improvements" section).

Improvements

As usual, a number of things might be improved. The first one that comes to my mind is the possibility to self-install as a system service, in order to get an accurate process watching under Windows NT or 2000; to achieve this goal, with the current version it's necessary to use the SRVANY.EXE utility that comes with Windows NT Resource Kit, a commercial product from Microsoft. Anyway, I'll be glad to know if there are non-commercial utilities that do the same thing.
If someone adds new features or improvement to WDog, (s)he may send me the updated version so I publish it on these pages.

Author

WDog has been written by Aldo Giove. Some parts (code fragments in EnumProc.C) have been copied from some code available on Microsoft site.

License

This software is released under the DWYWWIECYWI (Do Whatever You Want With It Except Claiming You Wrote It) license.

Warranty

This software is a very simple and non-intrusive product, and it has been tested on a number of different PCs; anyway, it's impossible to guarantee that it will work properly in all cases. In other words, this software is supplied as-is, without any warranty of any kind, implicit or explicit. I will not be responsible for any (and unlikely) damage that might come from its utilization.