Security Basics mailing list archives
Re: static/dynamic file analysis of executable in windows
From: "Greg Merideth" <gmerideth () ftnj net>
Date: Wed, 2 Aug 2006 10:11:34 -0400
Well, sysinternals also makes regmon to monitor what is going on in the registry in real-time. Combined with filemon you can get a good idea what the application is *modifying* but other than a debugger there's no real way to determine what the application is doing. Applications like Spy can watch the message pumps of an application and sysinternals process monitor can watch the threads, open files, mutex generations and dll usage. Other than watching with a debugger and tracing the application, those tools can give you a good idea of what it's doing to the system but not what it's code is executing. On 8/1/06, Ryan Buena <dreamsbig () gmail com> wrote:
I need to analyze exactly what an .exe file is doing to a windows OS when run. Whether it be a snapshot compare utility or something else. I was looking at Sysinternals Filemon but it doesnt give me registry changes, dll changes and such. Can anyone point me in the right direction or linke me to good articles on this kind of file analysis? Thanks in advance. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
-- Greg Merideth Forward Technology, LLC. CTO & Other Wild Stuff gmerideth () forwardtechnology net PGP Fingerprint D0FCCD39743A6ABF87470A87EDE382594968A60A "10b|~10b" - Shakespeare --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- static/dynamic file analysis of executable in windows Ryan Buena (Aug 02)
- Re: static/dynamic file analysis of executable in windows Greg Merideth (Aug 03)
- Re: static/dynamic file analysis of executable in windows Josh Olson (Aug 03)
- Re: static/dynamic file analysis of executable in windows Neil (Aug 03)
- Re: static/dynamic file analysis of executable in windows Alice Bryson <abryson () bytefocus com> (Aug 08)
- <Possible follow-ups>
- RE: static/dynamic file analysis of executable in windows Rashied Sambo (Aug 03)
- RE: static/dynamic file analysis of executable in windows Krpata, Tyler (Aug 03)
- RE: static/dynamic file analysis of executable in windows Robertson, Seth (JSC-IM) (Aug 03)
- Re: static/dynamic file analysis of executable in windows krymson (Aug 03)
- Re: static/dynamic file analysis of executable in windows Ryan Buena (Aug 05)