Security Basics mailing list archives
RE: static/dynamic file analysis of executable in windows
From: "Rashied Sambo" <Rashied () honeyattorneys co za>
Date: Wed, 2 Aug 2006 16:27:28 +0200
There are different levels of checking that you can do and they will vary from program to program. The most basic checking that you can do is is with two separate utilities. A file monitor,like NTFilemon can show you what files are accessed and when and what portions are read but for registry changes you have to get the registry monitor version (I think its called regmon and its by sysinternals aswell) You can run them in together and just filter the inputs to include only your targeted program. These are quite basic but very good and they work in majority of the cases but if your program doesn't show up anything then you better hope that you are familiar with assembler and debugging. Google some cracking tutorials and your will find in depth reading materials. -----Original Message----- From: Ryan Buena [mailto:dreamsbig () gmail com] Sent: 02 August 2006 01:40 AM To: security-basics () securityfocus com Subject: static/dynamic file analysis of executable in windows I need to analyze exactly what an .exe file is doing to a windows OS when run. Whether it be a snapshot compare utility or something else. I was looking at Sysinternals Filemon but it doesnt give me registry changes, dll changes and such. Can anyone point me in the right direction or linke me to good articles on this kind of file analysis? Thanks in advance. ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- static/dynamic file analysis of executable in windows Ryan Buena (Aug 02)
- Re: static/dynamic file analysis of executable in windows Greg Merideth (Aug 03)
- Re: static/dynamic file analysis of executable in windows Josh Olson (Aug 03)
- Re: static/dynamic file analysis of executable in windows Neil (Aug 03)
- Re: static/dynamic file analysis of executable in windows Alice Bryson <abryson () bytefocus com> (Aug 08)
- <Possible follow-ups>
- RE: static/dynamic file analysis of executable in windows Rashied Sambo (Aug 03)
- RE: static/dynamic file analysis of executable in windows Krpata, Tyler (Aug 03)
- RE: static/dynamic file analysis of executable in windows Robertson, Seth (JSC-IM) (Aug 03)
- Re: static/dynamic file analysis of executable in windows krymson (Aug 03)
- Re: static/dynamic file analysis of executable in windows Ryan Buena (Aug 05)