this post was submitted on 10 Jun 2024
960 points (98.3% liked)

Programmer Humor

19809 readers
1122 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] TootSweet 16 points 6 months ago (1 children)

Great question! Not really my area of expertise, but probably there are at least a couple of possible avenues. One is decompilation and/or disassembly and static analysis. (Basically use automated tools to reconstruct the original source code as best it can and then read that imperfect reconstruction of the source code to figure out what it does.) Another is isolating it ("air gap" -- no network or connectivity to anything you care about) so you're sure it can't do any damage and running it with tools that record/report everything it does. (On Linux, one could use strace and/or GDB. On Mac, dtrace. Not sure what the equivalent is for Windows programs running on Windows.)

Actually, I guess another option could be to set up an isolated system, record a whole bunch of information about it before running the .exe then after running the .exe, examine it to see what you can find on the filesystem or in the registry or in RAM or whatever that might have changed. It wouldn't catch everything, though. Like if it made a network connection or something but didn't actually change anything on the filesystem, it might not leave any traces.

Whatever the case, it'd probably require some specialized tools and expertise. But it'd be an interesting project.

[โ€“] [email protected] 6 points 6 months ago

That last part, that's what sandboxie is for