SpyStudio shows and interprets calls, displaying the results in a structured way which is easy for any IT professional to understand. SpyStudio can show registry keys and files that an application uses, COM objects and Windows the application has created, and errors and exceptions.
When tracking down an application error, SpyStudio can compare a trace of a working application with the trace of the application which has issues. SpyStudio shows the differences in the registry and file system operations, COM object and Windows creations, and the rest of the events.
To troubleshoot a virtual application you can compare the virtual application's trace with the base trace. Using this feature, you can see what is generating the issue.
Nektra’s SpyStudio simplifies application virtualization packaging for VMware ThinApp and Symantec Workspace Virtualization. It includes advanced features for application harvesting, and troubleshooting. It is able to package applications with or without installation media in ThinApp environment.
Process Monitor Complement
SpyStudio is the user-mode Procmon complement. Looking for application errors with kernel-mode traces is tedious, and it is very difficult to see the final outcome of a user-mode call. With kernel-mode tools, you get a lot of noise that the application does not see, since a single user-mode call generates lots of kernel-mode events that are not important from the application's perspective. Most application errors are generated by failed user-mode calls which expect a different state of some resources: registry keys and values, files, pipes, services and printers.
SpyStudio is also able to read Process Monitor logs (see Load ProcMon log) and show them in a user friendly interface. It shows registry operations in tree form like Regedit and displays errors in red. File operations are also displayed in tree form.
Filter Driver Performance
SpyStudio is very useful to test filter driver's performance. It can show time differences when the application executes user mode APIs. Unlike other performance analysis products SpyStudio shows how long the application waits for each user-mode operation. Products which show kernel operations cannot measure the impact of a new driver on the system.
SpyStudio is also being used in other IT sectors such as the cybersecurity field. The books Malware Forensics: Investigating and Analyzing Malicious Code and Malware Forensics Field Guide for Windows Systems discuss one way SpyStudio can be used to fight malware.