Monitor kernel object activity in realtime
ObjMon allows you to monitor kernel object activity in real time. Because many elements in the Windows kernel such as files, registry keys,
symbolic links and events are represented as kernel objects, ObjMon can be used for a wide variety of purposes.
Although not every type of kernel object can be monitored by ObjMon, the following kernel object types are supported: Type, Directory,
SymbolicLink, Token, Process, Thread, Job, Event, Mutant, Callback, Semaphore, Timer, KeyedEvent, WindowStation, Desktop, Section,
Key, Port, Waitable Port, Adapter, IoCompletion., File and WmiGuid. We will be looking forward to extend this range in a future version of ObjMon.
This is a live screen shot of ObjMon in action.
For research and education only
Note: this software is for research and educational purposes only. It uses some undocumented techniques to achieve its goal and is therefore not
intended to be used on any production system. Although this software has been thoroughly tested and verified, it remains very vulnerable to operating
system changes. Any new service pack or visit to the Windows update site may cause this software to malfunction and cause
your computer to blue screen and reset.
Supported operating systems
Currently, ObjMon runs on the following operating systems:
Windows XP Service Pack 2
Windows XP Service Pack 2 x64 editions
Windows 2003 Server Service Pack 2
Windows 2003 Server Service Pack 2 x64 editions
Windows 2000 Service Pack 6
Note: ObjMon does not run on any edition of Windows Vista. On the x64 edition of Windows XP Service Pack 2 you have on average about 20 minutes before Patchguard
detects ObjMon and shuts down the system with a 0x109 bug check. ObjMon is reported to run stable on all other operating systems.
ObjMon is available for free however you must agree to the license agreement which will be displayed before installing the software.
Please report any comments suggestions or issues you may have.
Click here to download ObjMon version 1.00 (844K)
We have released the source code for the ObjMon kernel object activity monitoring driver for education purposes. All information on how to build or
use this can be found in the README.TXT file inside the package.
Click here to download ObjMon version 1.01 source code (30K)