The
following document is extracted from the README.TXT file of a customized
IntraSpy application. This Special Edition of IntraSpy is specifically
designed for US Police
Departments and Law Enforcement Agencies.
Note:
A few characters are replaced with stars (*) for privacy reasons.
CONTENTS
********
I- DESCRIPTION
II- INSTALLATION
III- TRACKING MS-DOS
BATCH FILES
IV- NOTE
ABOUT ISSRV VERSION **.**
I- DESCRIPTION
--------------
IS Server **.**
is a monitoring engine for Win32/Intel platforms (Win9x/2k/ME/NT4+).
It allows
you to monitor the processing duration of specific applications. The
applications list is created by the user and stored locally in a text
file located in Windows directory. The logging output is stored in
a delimited text file. The field delimiter is a semicolon character
<;>
Each record in the
log file contains 8 fields:
1- Machine Unique
Identification Code (60 alphanumerical characters maximum)
2- Day (Sun... Sat)
3- Date (in MM/DD/YYYY format)
4- Time (hh:mm:ss)
5- Event name (Process START, Process END, SYSTEM STARTUP...)
6- Process file name w/ full path - N/A for none process events (e.g.
SYSTEM STARTUP)
7- Process ID - 0 for none process events (e.g. SYSTEM STARTUP)
8- Process life time (in seconds) - used for Process END events only,
otherwise = 0
Note about Process
ID's: When a process is created in memory, Windows assigns a 32-bit
identification number to it. Suppose you run c:\windows\notepad.exe
and its assigned process ID is 4293147951 for example. While the first
Notepad window (instance) is opened, you run c:\windows\notepad.exe
again. The process ID for the second instance will be different from
4293147951... Process ID's are shown in all Process START and Process
END records in the log file allowing you to trace each instance seperately
and
to know which instance (of the same program) ended first.
When the IS server
is started, the engine will attempt to load file '********.***' from
Windows directory (e.g. c:\windows\********.***). A sample ********.***
file looks like the following:
=0000512 <--
press Enter
MSACCESS.EXE <-- press Enter
CALC.EXE <-- press Enter
NOTEPAD.EXE <-- press Enter
The first line MUST
start with the equal sign '=' followed by an alphanumerical (user-defined)
code. The code can be up to 60 chars. IntraSpy will read this code
and report it in the first field (see escription earlier) of each
record in the log file.
Each line starting
from line number 2 in '********.***' lists a single program file name
WITHOUT the path name.
All Windows executable
files can be monitored (.EXE .DLL .MOD ...). To monitor MS-DOS batch
files (.BAT) please refer to section III below.
Each line in '********.***'
must be followed by a carriage return. We recommend you use notepad
to edit the '********.***' file.
IMPORTANT!!!
If '********.***' is absent, IntraSpy will monitor ALL processes!
Process life time
is rounded to the nearest second so the precision is +/-500ms
(4s 500ms second = 4 seconds and 4s 501ms second = 5 seconds)
II- INSTALLATION
----------------
The setup files
should be located in the same directory on the hard disk or on a removable
disk (CD-ROM, Floppy, Zip...).
Before installing
this version, please remove ANY previous IntraSpy version from the
computer. Restart the system...
Create file '********.***'
(using Notepad) in Windows directory (in c:\windows for example).
See section I earlier for more info.
Open Windows system
directory (example: c:\windows\system) and make sure that the following
files are absent:
[snip]
Make sure that all
the applications you wish to monitor are closed.
Run ********.exe
and click button "Install IS Server". Click OK.
Exit IS Manager.
Logging will start...
IMPORTANT: You must
call and exit IS Manager after modifying file '********.***' in the
future in order to reload the new applications list file into the
IS engine's memory. The '********.***' file will also be automatically
reloaded when you restart Windows.
To import the log
file into a database software, please make a copy of ISSRV.LOG and
import the copy. You can use Wordpad's Save As/ANSI Text file format
function to create a copy of your log file.
III- TRACKING MS-DOS
BATCH FILES
--------------------------------
Windows runs batch
files and MS-DOS programs into a special (emulation) software environment
called a Virtual Machine. Basically, batch files 'live' in a Windows
process named "WINOA386.MOD". MS-DOS Batch files are not
Windows processes. In order to track and monitor batch files, Natasoft
developed a special utility.
[snip]
IV- NOTE ABOUT ISSRV
VERSION **.**
----------------------------------
This is the final release of IntraSpy Server version **.**. It won't
expire.
If
you have any questions regarding this project or if you have any specific
monitoring or reporting needs, please contact
us.
