Security Basics mailing list archives
RE: static/dynamic file analysis of executable in windows
From: "Robertson, Seth (JSC-IM)" <Seth.Robertson-1 () nasa gov>
Date: Wed, 2 Aug 2006 09:58:05 -0500
There's regmon for the registry. Process Explorer (SysInternals) gives you a ton of information in a small package, and it gives you the services registered under the process (identified by DLL), but not every DLL loaded for the process. IDA Pro or a similar disassembler should be used to trace code execution. Seth Robertson NASA Johnson Space Center -----Original Message----- From: Ryan Buena [mailto:dreamsbig () gmail com] Sent: Tuesday, August 01, 2006 6:40 PM To: security-basics () securityfocus com Subject: static/dynamic file analysis of executable in windows I need to analyze exactly what an .exe file is doing to a windows OS when run. Whether it be a snapshot compare utility or something else. I was looking at Sysinternals Filemon but it doesnt give me registry changes, dll changes and such. Can anyone point me in the right direction or linke me to good articles on this kind of file analysis? Thanks in advance. ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- static/dynamic file analysis of executable in windows Ryan Buena (Aug 02)
- Re: static/dynamic file analysis of executable in windows Greg Merideth (Aug 03)
- Re: static/dynamic file analysis of executable in windows Josh Olson (Aug 03)
- Re: static/dynamic file analysis of executable in windows Neil (Aug 03)
- Re: static/dynamic file analysis of executable in windows Alice Bryson <abryson () bytefocus com> (Aug 08)
- <Possible follow-ups>
- RE: static/dynamic file analysis of executable in windows Rashied Sambo (Aug 03)
- RE: static/dynamic file analysis of executable in windows Krpata, Tyler (Aug 03)
- RE: static/dynamic file analysis of executable in windows Robertson, Seth (JSC-IM) (Aug 03)
- Re: static/dynamic file analysis of executable in windows krymson (Aug 03)
- Re: static/dynamic file analysis of executable in windows Ryan Buena (Aug 05)