Walking Through Windows Applications.

[Knoble]

Hey Guys,
Just wondering if there is any program I can dL that would display what an application is doing while I'm using it. I downloaded OLLY but it is a bit too shitstormed out with ASM. Thx

[mShred]

I highly doubt it.. but there are way to monitor what the program is doing. You could use wireshark to see where the program is connecting. You could use task manager to see how much RAM its taking up.
I don't know exactly what you're asking. So it depends on what you want to do.

[Knoble]

I'm thinking along the lines of, for example: If I'm using the calculator program and I need to multiply something, is there a program I can run calculator in to see what part of memory that multiplication library, or function, is being accessed at. Another example is, when your writing a program in Dev-C++ or some other program like that, you can track/debug step by step to see exactly how the program is being executed. I'm totally inexperience when it comes to app. hacking or design, so maybe where should I start if I want to alter application code and alter programs that are already written. Sry if this is vague, the problem is I'm not exactly sure what I'm looking for. Thx

[VPR3]

You could try something like windows UMDH utility. You can run it against specific windows applications, like calculator, to see memory allocation, trace memory leaks or whatever.

[fashizzlepop]

If you compile your code with a certain command line flag it will add debug info to the exe and when you run it in Olly and step through it it will display function names and what-not... (I believe)

This stuff would be covered in the book "Hacking: The art of exploitation"

[JoeyPardella]

Also if you take a look at IDA Pro there's a nice graphical application flow graph. it's still assembler but gives you a good idea what the program is doing.

edit: I think Immunity has a graph too and it's free

[VPR3]

Hmm. you could try Windbag, runs from the command line. You can dig through all the memory addresses and see exactly what and where things are happening, and rip an application apart thread by thread if you want. You can go deep with this so good luck.

[Knoble]

Sup guys,
this is still related to my above question, just the next step in the process.

So I was messing around in Olly and I managed to bypass serial verification for a crackme type application, but I didn't do it the way it was supposed to be done. I ended up with a .dll, which is what I needed, but it doesn't seem to work. So I'm just wondering if there are any known securities set up that I don't know about safe-guarding this type of approach. Also, I installed the plug-in and it gave me a .dll file in the selected directory, did it perhaps also alter the registry or something, because I tested the .dll on a different computer, transferring it through USB. Thx