How to track the program?

A

andrejfomenko2020-01-20 17:35:22

Windows

andrejfomenko, 2020-01-20 17:35:22

How to track what data the program collects and where it sends? There is a program, I want to track what it collects, where and how often it sends it, but I don’t know where to dig, well, if the network traffic is wireshark, but I want to know what MB it drags and merges from the registry to track its body movements, are there any tools?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

M

Max Strekalovsky, 2020-01-22
@Strklvsk

The most ideal option is to send it to hybridanalysis, there you will have detailed information about what merges where.

R

Ranwise, 2020-01-20
@Ranwise

sysinternals utilities by Mark Russinovich, also on Habré there were articles on investigating bugs using such utilities

S

Sergey Karbivnichy, 2020-01-20
@hottabxp

I highly recommend Api Monitor and Sandboxie . Both utilities are free. Description of more than 10000 api functions is included in the Api Monitor program by default. For example, you can install hooks on networking functions (I don't remember which ones, see msdn). And as soon as the program sends or receives something to the network, monitor will pause it. Then see what parameters and data are passed to these functions. By the way, all the parameters that are passed to the function can be changed in the api monitor. Article on xakep.ru