Results 1 to 2 of 2

Thread: Video:Using SysInternals’ Process Monitor to Analyze Apps and Malware

  1. #1
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897

    Video:Using SysInternals’ Process Monitor to Analyze Apps and Malware

    Video:Using SysInternals’ Process Monitor to Analyze Apps and Malware

    Process Monitor is a useful tool to see what registry, file system and thread changes processes are making on your Windows system. It should work on currently patched versions of 2k, XP and Vista. Two major uses security professionals may have for Process Monitor for are:

    1. Analyzing what malware is doing to a system so it can be countered and removed.
    2. Figuring out what registry and files system rights a user will need to run a badly written application. Some apps assume everyone is an admin and won’t run correctly unless they are. By using Process Monitor an admin can figure out the minimum rights needed for an application to work.

    Also, some software pirates may use the tool to figure out how a shareware application’s expiration function works, but that’s not a topic I will be covering. For simplicity of demonstration, I will be using my own app called MadMACs for this demo.

    Video: http://www.irongeek.com/i.php?page=videos/procmon1

  2. #2
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    I believe sysinternals had a video on their site as well how to fight malware with their software.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •