Edit - Reverse Engineering Stack Exchange

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

2

This is a fairly comprehensive answer, but I would add RegShot and maybe Sysmon. RegShot is straightforward. You take a snapshot before running a process, a second one after, and then to compare them. If you select "Scan dir" and enter "C:\" in the box, it will also tell you file changes. These are snapshots at the time the buttons are pressed, so may miss files that are dropped and deleted. Use Process Monitor or Sysmon for that info and more.

knowmalware
– knowmalware

2019-03-31 23:01:06 +00:00
Commented Mar 31, 2019 at 23:01
1

I did not want to make his life too easy. With ProcMon he has greater chance of learning.

GelosSnake
– GelosSnake

2019-04-01 07:02:46 +00:00
Commented Apr 1, 2019 at 7:02

Add a comment |

Correct minor typos or mistakes
Clarify meaning without changing it
Add related resources or links
Always respect the author’s intent
Don’t use edits to reply to the author

create code fences with backticks ` or tildes ~
```
like so
```
add language identifier to highlight code
```python
def function(foo):
print(foo)
```
put returns between paragraphs
for linebreak add 2 spaces at end
_italic_ or **bold**
indent code by 4 spaces
backtick escapes `like _so_`
quote by placing > at start of line
to make links (use https whenever possible)

<https://example.com>

[example](https://example.com)

<a href="https://example.com">example</a>

formatting help »
answering help »