DonationCoder.com Software > Post New Requests Here

IDEA: run an executeable step by step

<< < (2/3) > >>

f0dder:
A debugger is certainly a program to "run an executeable step by step", but what lifeh2o wants is probably more along the lines of an over-zealous program behavioral analyzer/blocker. Something like what, for instance, Kaspersky antivirus offers, but blocking on all file and registry activity instead of just suspicious activity.

If you just want to monitor what happens, check out sysinternals' Process Monitor.

lifeh2o:
f0dder got my point exactly. This is what i am inspired from kaspersky, actullay what happened was that a few days ago i have downloaded a small executeable accidently. And when i executed it, nothing appeared, :tellme: and i caught it red handed. I moved to msconfig and there i found that it made 22kb exe copies in severel directories named as svchost.exe and userint.exe and moreover it added each copy two times in system startup.

I removed those files by searching them with instant file search utility "everything" and to confirm removal of those suspicious 22kb files i used "indexyourfiles" to search for 22kb files but there was no one left.
My pc saved from a big problem. I m not using any antivirus and dont want to load my system with it, but i am a fan of kaspersky. As it tells the detail of each suspicious activity.

Then i thought that if i have executed it with a program that i have suggested, i get notification of each step and may have blocked all those steps.

f0dder:
You should probably give your system a scan with some antivirus, you might not have caught everything.

A tool like the one you describe would be major bother in everyday life, it's much less agonizing running Vista+UAC - which would have caught it trying to write to system folders and adding itself to auto-startup locations.

lifeh2o:
No, i am pretty sure that my system is clear now, i do use process explorer, process monitor and file and reg monitor to check when i find something suspicious. I used vista a few weeks but it is only good to eyes, not to taste. And i am again on XP. Vista runs slow on 1g ram, and 2ghz dual core. All my games gives better performance on xp than vista.

Can i really use olly debugger for this purpose? i have used it but i dont know that provides enough information to understand that the software is trying to edit registry and files or not.

If so than it means that i can check any sucpicious file with it?

f0dder:
First, you can't be 100% sure that you're clean - the executable could have downloaded and activated a rootkit, which pretty much renders process explorer & monitor useless.

Second, if you don't want to run Vista, at least consider running under a non-privileged user account. It's more bothersome on XP than on Vista, though. The alternative would be using something like "dropmyrights" on all internet-facing applications (browser, mail client, ...) but that won't stop you from malware if you accidentally(? :)) double-click random executables. Dunno about Vista running slow on 1GB ram, but it runs perfectly fine on a laptop with 2GB ram, 2GHz dualcore and integrated intel graphics. I don't game much on that machine, though.

Third, OllyDbg is a debugger. It lets you handle program execution instruction by instruction. It works on individual processes, though, and what you want sounds like systemwide action.

Navigation

[0] Message Index

[#] Next page

[*] Previous page