Security Basics mailing list archives

RE: static/dynamic file analysis of executable in windows

From: "Rashied Sambo" <Rashied () honeyattorneys co za>
Date: Wed, 2 Aug 2006 16:27:28 +0200

There are different levels of checking that you can do and they will
vary from program to program.

The most basic checking that you can do is is with two separate
utilities.
A file monitor,like NTFilemon can show you what files are accessed and
when and what portions are read but for registry changes you have to get
the registry monitor version (I think its called regmon and its by
sysinternals aswell)

You can run them in together and just filter the inputs to include only
your targeted program.

These are quite basic but very good and they work in majority of the
cases but if your program doesn't show up anything then you better hope
that you are familiar with assembler and debugging.

Google some cracking tutorials and your will find in depth reading
materials.

-----Original Message-----
From: Ryan Buena [mailto:dreamsbig () gmail com] 
Sent: 02 August 2006 01:40 AM
To: security-basics () securityfocus com
Subject: static/dynamic file analysis of executable in windows

I need to analyze exactly what an .exe file is doing to a windows OS
when run. Whether it be a snapshot compare utility or something else.
I was looking at Sysinternals Filemon but it doesnt give me registry
changes, dll changes and such. Can anyone point me in the right
direction or linke me to good articles on this kind of file analysis?
Thanks in advance.

------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

static/dynamic file analysis of executable in windows Ryan Buena (Aug 02)
- Re: static/dynamic file analysis of executable in windows Greg Merideth (Aug 03)
- Re: static/dynamic file analysis of executable in windows Josh Olson (Aug 03)
- Re: static/dynamic file analysis of executable in windows Neil (Aug 03)
- Re: static/dynamic file analysis of executable in windows Alice Bryson <abryson () bytefocus com> (Aug 08)
- <Possible follow-ups>
- RE: static/dynamic file analysis of executable in windows Rashied Sambo (Aug 03)
- RE: static/dynamic file analysis of executable in windows Krpata, Tyler (Aug 03)
- RE: static/dynamic file analysis of executable in windows Robertson, Seth (JSC-IM) (Aug 03)
- Re: static/dynamic file analysis of executable in windows krymson (Aug 03)
  - Re: static/dynamic file analysis of executable in windows Ryan Buena (Aug 05)