Jump to content

Video:Using SysInternals’ Process Monitor to Analyze Apps


Dаrren Kitchen

Recommended Posts

Hope some of you find this of use.

Video:Using SysInternals’ Process Monitor to Analyze Apps and Malware

Process Monitor is a useful tool to see what registry, file system and thread changes processes are making on your Windows system. It should work on currently patched versions of 2k, XP and Vista. Two major uses security professionals may have for Process Monitor for are:

1. Analyzing what malware is doing to a system so it can be countered and removed.

2. Figuring out what registry and files system rights a user will need to run a badly written application. Some apps assume everyone is an admin and won’t run correctly unless they are. By using Process Monitor an admin can figure out the minimum rights needed for an application to work.

Also, some software pirates may use the tool to figure out how a shareware application’s expiration function works, but that’s not a topic I will be covering. For simplicity of demonstration, I will be using my own app called MadMACs for this demo.

Video: http://www.irongeek.com/i.php?page=videos/procmon1

Link to comment
Share on other sites

again a gr8 vid irongeek :P

love your material :D

btw did u kno that some of your older vids even show up on some german script kiddy sites ?

like on the site of the no-name crew ...

Yeah, I've seen them in quite a few places. I don't mind as long as they ask, but a lot of folks don't ask. If anyone has any ideas for more videos let me know.

Link to comment
Share on other sites

again a gr8 vid irongeek :P

love your material :D

btw did u kno that some of your older vids even show up on some german script kiddy sites ?

like on the site of the no-name crew ...

Yeah, I've seen them in quite a few places. I don't mind as long as they ask, but a lot of folks don't ask. If anyone has any ideas for more videos let me know.

How to: Hack the Gibson?
Link to comment
Share on other sites

If anyone has any ideas for more videos let me know.

- Reverse-engineering software using IDA Pro (preferably the freeware version).

- How to make an IronBrew, your personal flavor of hi-octane coffee.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...