The Windows Performance Toolkit comes with the Windows Assessment and Deployment Kit (Windows ADK). Learn where you can grab the latest ADK and what to select in order to grab just the Windows Performance Toolkit. After installation is completed, see where to locate the Windows Performance Recorder User Interface (WPR-UI) and the Windows Performance Analayzer (WPA). This is your toolbox that will help you find what antivirus programs could not.
- [Narrator] Let's grab the tools we will need in order to detect the spyware by going to the Windows ADK download site. In this kit there are two tools which we will need. The first of these two tools is the Windows Performance Recorder, which logs system events and generates an event tracing log file. The second tool, Windows Performance Analyzer, will open and analyze this file. Both of these two tools are commonly referred to as WPR and WPA respectively. With that said, let's click on the blue Download button and save the ADK setup executable.
One the setup file is done downloading, locate it, and double click on it to start the installation process. Click Run if the prompt comes up. And the installation process is going to be your typical one where we click on Next, Next, accept end user license agreements, but once we get to the part where we can select features, we want to pause right here, and we want to uncheck everything, and we want to make sure we only check Windows Performance Toolkit.
Once checked, click on Install, and click Yes on any prompts that come up. Once the installation process is done, we can exit out of here. Let's now locate the Windows Performance Toolkit, which will be by default in your C Drive, Program Files, in the folder labeled Windows Kits. Inside here you will see different folders labeled 8, 8.1 and 10. I'm going to click on 10 for Windows 10.
You will want to click on the folder for your OS, and in that folder will be the Windows Performance Toolkit. Inside the Windows Performance Toolkit, if we scroll all the way to the bottom, we can see this WPRUI. Let's right click on that and select Create Shortcut. Click Yes on any prompts that come up. Let's do the same for the Windows Performance Analyzer, which is wpa right here. Right click on that, and select Create Shortcut.
Once again, click Yes on any prompts that come up. Once you've created the Desktop shortcuts for the Windows Performance Recorder and the Windows Performance Analyzer, let's exit out, and we need to do one more thing. We need to configure our system to point to the Microsoft Symbol Server. This step is so we can see the function names that are being called by applications like the Keylogger. Without these symbols, we are blind. We're going to add the path to the Microsoft Symbol Server to our system environment variable.
To do this, let's go to our Control Panel, and go to the System Environment Variables. We are going to add the path to the Microsoft Symbol Server to our system environment variable. Under the System Variables section, click on the button New. The Variable Name we're going to add is _NT_SYMBOL_PATH, and for its value this is what we're going to put.
What this says is grab the symbols from the Microsoft server and save them to our own folder labeled Symbols. Once done, click OK, and we're going to add one more variable. So let's click on New one more time, and for the Variable Name let's put _NT_SYMCACHE_PATH. And for the value let's put SymCache. This lets us cache the downloaded symbols to our C Drive SymCache folder.
This folder will be automatically generated for us. Once done, let's click on OK, and click on OK, and one more time on this OK, and let's exit out of the Control Panel, and that is it. That's the Windows Performance Toolkit installed and set up. We now have quick access to these two tools, which we will need for spyware detection and malware analysis.
- Installing the Windows Performance Toolkit
- Reviewing keylogger source code
- Setting up a private call environment
- Gathering keylogger evidence
- Spyware audio usage analysis
- Spyware removal
- Microphone recording prevention tips