how to find out what an exe is doing!!!!

[hansraj]

hey guys i know that this question may be very simple for those who are into programming or so called "code masters" but i am not one of them. My doubt is we come across many executable files and while running such files we should know what all things are changing in our pc. I just want to know how to find what all actions is it taking along when we run a exe file.

 

[debsuvra]

You can try Process Explorer and Process Monitor from SysInternals Suite for the purpose.

Process Explorer : *technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Process Monitor : *technet.microsoft.com/en-us/sysinternals/bb896645.aspx

 

[hansraj]

what i am interrested is all the one time changes which the exe file does... for example copying a file from place a to place b or making changes in registry.

 

[Cool Joe]

Installing a firewall like Comodo can help you with this. Besides making your PC more secure, you'll be notified everytime an executable tries to do something on your PC. It can get very annoying though, so don't break your monitor by smashing it if you get annoyed.

 

[hansraj]

@beta testing
yes what u say is fine to protect our pc from any unauthorised change but that will be restricting an exe while it is executing ....cant we have an application which can bring out the list of activities which the exe is intended to do?

 

[swatkat]

Yes, you can analyze the actions of an executable. There are few online sandbox tools, you just upload the file and they will give you the report:
*www.cwsandbox.org/?page=submit
*www.threatexpert.com/submit.aspx
*www.norman.com/microsites/nsic/Submit/en-us

 

[Cool Joe]

@beta testing
yes what u say is fine to protect our pc from any unauthorised change but that will be restricting an exe while it is executing ....cant we have an application which can bring out the list of activities which the exe is intended to do?

It won't be restricting the activites of the exe. It'll alert you about the action it's gonna do, and if you don't mind, you can give permission to the exe to do so.

 

[hansraj]

@swatcat
the sites are limiting the size to 15mb is there a software for the same. Also larger the size more bandwidth it will take for me to know about the file.

 

[swatkat]

Hmm... beta testing has already suggested you one tool - Process Monitor. It can monitor various API and IOCTL calls, using which you can track what an executable is doing. And, here's one more tool:
*www.rohitab.com/apimonitor/index.html

 

[Cool Joe]

^^It was not me, it was debsuvra.

 

[Lucky_star]

Try "Installation Monitor" which comes integrated with "Advanced Uninstaller"

It logs all the files the exe copies/deletes/changes, folders created/destroyed, all the changes made to the registry, etc. I use it while installing demo apps. This way u can completely wipe out the app's installation data and install it once again as a demo

 

[Krazy Bluez]

I would go with process explorer, though i've used it, sometimes it becomes too complicated, for example try running explorer.exe and see how much log you get...

 

[dheeraj_kumar]

You can use sandbox tools recommended by swatkat, or process explorer. Try PrevX as a last resort, since its more of an annoyance than a benefit. If all fails, OllyDBG.

 

[hansraj]

thanx guys. lots of input for the job....

 

[swatkat]

thanx guys. lots of input for the job....

What kind of job

 

[dheeraj_kumar]

*suddenly suspicious*

 

[hansraj]

no dear..... its nothing but using certain malicious exe's (unknowingly) has resulted in system format and reinstallation. So finding a way out ...... at times even the antivirus and spywares dont work properly and then we have to reinstall the whole os. At least i had to!!
This was the only reason to know in advance what an exe is doing.