Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: static/dynamic file analysis of executable in windows

From: Neil <neil () voidfx net>
Date: Thu, 03 Aug 2006 00:01:14 +0530
On 8/2/2006 5:09 AM, Ryan Buena wrote:

I need to analyze exactly what an .exe file is doing to a windows OS
when run. Whether it be a snapshot compare utility or something else.
I was looking at Sysinternals Filemon but it doesnt give me registry
changes, dll changes and such. Can anyone point me in the right
direction or linke me to good articles on this kind of file analysis?
Thanks in advance.



Filemon will give dll changes if its actually writing those changes to
disk.  There is a companion tool, also from SysInternals, called Regmon,
which shows registry changes.  Netstat (or Vision from Foundstone if you
want a GUI) will show you the network connections; and a sniffer will
show the content (Wireshark, formerly Ethereal, has both a helpful
interface and the back-end compatibilities to match, windump is like
tcpdump for windows).

-Neil.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: