Dаrren Kitchen Posted January 15, 2007 Share Posted January 15, 2007 Hope some of you find this of use. Video:Using SysInternalsâ€™ Process Monitor to Analyze Apps and Malware Process Monitor is a useful tool to see what registry, file system and thread changes processes are making on your Windows system. It should work on currently patched versions of 2k, XP and Vista. Two major uses security professionals may have for Process Monitor for are: 1. Analyzing what malware is doing to a system so it can be countered and removed. 2. Figuring out what registry and files system rights a user will need to run a badly written application. Some apps assume everyone is an admin and wonâ€™t run correctly unless they are. By using Process Monitor an admin can figure out the minimum rights needed for an application to work. Also, some software pirates may use the tool to figure out how a shareware applicationâ€™s expiration function works, but thatâ€™s not a topic I will be covering. For simplicity of demonstration, I will be using my own app called MadMACs for this demo. Video: http://www.irongeek.com/i.php?page=videos/procmon1 Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.