# how to find out what an exe is doing!!!!



## hansraj (Oct 12, 2008)

hey guys i know that this question may be very simple for those who are into programming or so called "code masters" but i am not one of them. My doubt is we come across many executable files and while running such files we should know what all things are changing in our pc. I just want to know how to find what all actions is it taking along when we run a exe file.


----------



## debsuvra (Oct 12, 2008)

You can try Process Explorer and Process Monitor from SysInternals Suite for the purpose.

Process Explorer : *technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Process Monitor : *technet.microsoft.com/en-us/sysinternals/bb896645.aspx


----------



## hansraj (Oct 12, 2008)

what i am interrested is all the one time changes which the exe file does... for example copying a file from place a to place b or making changes in registry.


----------



## Cool Joe (Oct 12, 2008)

Installing a firewall like Comodo can help you with this. Besides making your PC more secure, you'll be notified everytime an executable tries to do something on your PC. It can get very annoying though, so don't break your monitor by smashing it if you get annoyed.


----------



## hansraj (Oct 12, 2008)

@beta testing
yes what u say is fine to protect our pc from any unauthorised change but that will be restricting an exe while it is executing ....cant we have an application which can bring out the list of activities which the exe is intended to do?


----------



## swatkat (Oct 12, 2008)

Yes, you can analyze the actions of an executable. There are few online sandbox tools, you just upload the file and they will give you the report:
*www.cwsandbox.org/?page=submit
*www.threatexpert.com/submit.aspx
*www.norman.com/microsites/nsic/Submit/en-us


----------



## Cool Joe (Oct 12, 2008)

hansraj said:


> @beta testing
> yes what u say is fine to protect our pc from any unauthorised change but that will be restricting an exe while it is executing ....cant we have an application which can bring out the list of activities which the exe is intended to do?



It won't be restricting the activites of the exe. It'll alert you about the action it's gonna do, and if you don't mind, you can give permission to the exe to do so.


----------



## hansraj (Oct 12, 2008)

@swatcat
the sites are limiting the size to 15mb is there a software for the same. Also larger the size more bandwidth it will take for me to know about the file.


----------



## swatkat (Oct 12, 2008)

Hmm... beta testing has already suggested you one tool - Process Monitor. It can monitor various API and IOCTL calls, using which you can track what an executable is doing. And, here's one more tool:
*www.rohitab.com/apimonitor/index.html


----------



## Cool Joe (Oct 12, 2008)

^^It was not me, it was debsuvra.


----------



## Lucky_star (Oct 12, 2008)

Try "Installation Monitor" which comes integrated with "*Advanced Uninstaller*"

It logs all the files the exe copies/deletes/changes, folders created/destroyed, all the changes made to the registry, etc. I use it while installing demo apps. This way u can completely wipe out the app's installation data and install it once again as a demo


----------



## Krazy Bluez (Oct 13, 2008)

I would go with process explorer, though i've used it, sometimes it becomes too complicated, for example try running explorer.exe and see how much log you get...


----------



## dheeraj_kumar (Oct 13, 2008)

You can use sandbox tools recommended by swatkat, or process explorer. Try PrevX as a last resort, since its more of an annoyance than a benefit. If all fails, OllyDBG.


----------



## hansraj (Oct 13, 2008)

thanx guys. lots of input for the job....


----------



## swatkat (Oct 13, 2008)

hansraj said:


> thanx guys. lots of input for the job....


What kind of job


----------



## dheeraj_kumar (Oct 13, 2008)

*suddenly suspicious*


----------



## hansraj (Oct 14, 2008)

no dear..... its nothing but using certain malicious exe's (unknowingly) has resulted in system format and reinstallation. So finding a way out ...... at times even the antivirus and spywares dont work properly and then we have to reinstall the whole os. At least i had to!!
     This was the only reason to know in advance what an exe is doing.


----------

