Help

How can I view what a program do precisly on my computer?
If it open a file, if it connect to a website.. and so on..

i prefer ida pro for static analysis, but its not for free
[Only registered and activated users can see links. Click Here To Register...]

how does it works?

It will disassamble the programm and you can analyse the ASM source in order to get your wanted informations.
But for this methode you need a lot of asm knowledge.
I heard that the programm you need is called "Sandbox". I've never tried it but I heard that it will execute the programm in a virtual machine and give you informations about the changes that the programm was doing during its executation. As far as I know there are sandbox-programms which you have to install on your PC and sandbox websites on which you upload the suspicious file and get the analysis reports. But as I said: I never tried it, I just heard of it.

Oh thanks

FileMon - allows you to view file system level traffic. Pretty much see any access to the filesystem made by any process.

TCPView - view open connections on TCP/UDP by any process, can't view traffic.

TDIMon - like TCPView, but for any socket connection.

RedMon - monitor registry access.

PortMon - port monitor.

Process Explorer - like an advanced task manager with loads of information on running processes.

Some of these might not exist anymore. Took it from "Secrets of Reverse Engineering", just google for them.

they're all part of the microsoft sysinternal package
[Only registered and activated users can see links. Click Here To Register...]