-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnotes
31 lines (21 loc) · 1.05 KB
/
notes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Write a tool that watches a process for file opens, reads, etc
watch the filesystem for changes and try to map back to a process
likewise with the registry
why? Look for race conditions, or priv escalations via bad permissions
watch for disk changes...
http://timgolden.me.uk/python/win32_how_do_i/watch_directory_for_changes.html
notify registry change...
win32api.RegNotifyChangeKeyValue
http://msdn.microsoft.com/en-us/library/windows/desktop/ms724892%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/aa364106%28v=vs.85%29.aspx
windowz registry
http://www.williballenthin.com/registry/doc/Registry.html
awesome windoze stuff
http://www.immunitysec.com/resources-freesoftware.shtml
ltrace windoze
http://www.phenoelit.org/dumbug/
COM registry info
http://www.codeproject.com/Articles/1265/COM-IDs-Registry-keys-in-a-nutshell
--------------------------------------------------------------------------------
do the same thing for linux and release it
--------------------------------------------------------------------------------