NoVirusThanks PE Capture 1.1.0.0

Capture and save executable images as they're loaded

 
img3File.png?version=1%2E1%2E0%2E0

Share

NoVirusThanks PE Capture is a portable tool which captures and saves non-system PE images - executables, DLLs, drivers - as they're loaded.

There's no setup involved, no configuration required: just run PE Capture and watch the display.

As processes run in the background, you'll see the relevant DLL or EXE listed, along with its execution time.

To prove this works, launch some other application of your own - Google Chrome should generate some hits.

Browse to your \pe_capture_portable\PORTABLE\Intercepted\xx-xx-2016 folder at any time, and you'll see all the captured files.

The images are renamed to their file hashes, which can be annoying. But if you're concerned about malware, you can at least scan the folder with your antivirus tool for a speedy verdict.

Verdict ratingsratingsratingsratingsratings

An easy way to capture the executables launched on a PC. Pity they're renamed to their MD5 file hashes, though.

Specification: NoVirusThanks PE Capture 1.1.0.0:

Platforms:
Windows XP,Windows Vista (32 bit),Windows 7 (32 bit),Windows Vista (64 bit),Windows 7 (64 bit),Windows 8,Windows Server
Version:
1.1.0.0
Licence:
Freeware
Developer:
NoVirusThanks
Date Added:
February 26, 2016