Security Basics mailing list archives

RE: static/dynamic file analysis of executable in windows

From: "Robertson, Seth (JSC-IM)" <Seth.Robertson-1 () nasa gov>
Date: Wed, 2 Aug 2006 09:58:05 -0500

There's regmon for the registry.  Process Explorer (SysInternals) gives
you a ton of information in a small package, and it gives you the
services registered under the process (identified by DLL), but not every
DLL loaded for the process.  IDA Pro or a similar disassembler should be
used to trace code execution.


Seth Robertson 
NASA Johnson Space Center 


-----Original Message-----
From: Ryan Buena [mailto:dreamsbig () gmail com] 
Sent: Tuesday, August 01, 2006 6:40 PM
To: security-basics () securityfocus com
Subject: static/dynamic file analysis of executable in windows

I need to analyze exactly what an .exe file is doing to a windows OS
when run. Whether it be a snapshot compare utility or something else.
I was looking at Sysinternals Filemon but it doesnt give me registry
changes, dll changes and such. Can anyone point me in the right
direction or linke me to good articles on this kind of file analysis?
Thanks in advance.

------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has
designated Norwich University a center of Academic Excellence in
Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

static/dynamic file analysis of executable in windows Ryan Buena (Aug 02)
- Re: static/dynamic file analysis of executable in windows Greg Merideth (Aug 03)
- Re: static/dynamic file analysis of executable in windows Josh Olson (Aug 03)
- Re: static/dynamic file analysis of executable in windows Neil (Aug 03)
- Re: static/dynamic file analysis of executable in windows Alice Bryson <abryson () bytefocus com> (Aug 08)
- <Possible follow-ups>
- RE: static/dynamic file analysis of executable in windows Rashied Sambo (Aug 03)
- RE: static/dynamic file analysis of executable in windows Krpata, Tyler (Aug 03)
- RE: static/dynamic file analysis of executable in windows Robertson, Seth (JSC-IM) (Aug 03)
- Re: static/dynamic file analysis of executable in windows krymson (Aug 03)
  - Re: static/dynamic file analysis of executable in windows Ryan Buena (Aug 05)