Last Updated on 1 Aug. 2016, Company: Nektra
SpyStudio shows and interprets calls, displaying the results in a structured way which is easy. SpyStudio can show registry keys and files that an application uses, COM objects and Windows the application has created, and errors and exceptions. When tracking down an application error.
SpyStudio can compare a trace of a working application with the trace of the application which has issues.
It shows the differences in the registry and file system operations, COM object and Windows creations, and the rest of the traced events.
Process Monitor Complement
SpyStudio is the user-mode Procmon complement. Looking for application errors with kernel-mode traces is tedious, and it is very difficult to see the final outcome of a user-mode call. With kernel-mode tools, you get a lot of noise that the application does not see, since a single user-mode call generates lots of kernel-mode events that are not important from the application's perspective. Most application errors are generated by failed user-mode calls which expect a different state of some resources: registry keys and values, files, pipes, services and printers.
SpyStudio is also able to read Process Monitor logs and show them in a user friendly interface. It shows registry operations in tree form like Regedit and displays errors in red. File operations are also displayed in tree form.
SpyStudio can now troubleshoot .NET applications: it logs exceptions, assembly loads, object creation and much more.
SpyStudio is also being used in other IT sectors such as the cybersecurity field. The books Malware Forensics: Investigating and Analyzing Malicious Code and Malware Forensics Field Guide for Windows Systems discuss one way SpyStudio can be used to fight malware.