We've just released a new utility for Port Explorer and it's available free to all licensed Port Explorer users! Simply log into the Members Area at http://www.diamondcs.com.au/portexplorer/ and you'll see the download link near the bottom in the Members Only Downloads section From the readme ... => What is DiamondCS SLoader? ---------- DiamondCS Loader is a small tool that starts a process in a suspended state (the program is loaded into memory as a process, but isn't actually started). After creating the process, SLoader displays a message informing you of the new process ID (PID). This PID can then be used by a program such as DiamondCS Port Explorer to monitor that process. Pressing the OK button on the PID message is all it takes to then start the created process. => Usage ---------- sloader.exe <target> Example: sloader.exe d:\winnt\system32\calc.exe => Using SLoader with Port Explorer's Socket Spy (load and watch) ---------- 1. Use SLoader.exe to start the process you want to spy on. 2. SLoader will tell you the PID of the created process, add this to the Socket Spy list. 3. Return to the SLoader PID message, and press the OK button to start the created process. That's all. Port Explorer will now be capturing all packets sent and received from the created process. => Normal process creation, no debug APIs used === No debug APIs are used so it isn't susceptible to anti-debug or anti-disassembly tricks (if you can run the process on your system, so can DiamondCS SLoader). Consequently, it is also immune to the IsDebuggerPresent() API call which is a common method of debugger detection. Enjoy!