this post was submitted on 10 Jun 2024
981 points (98.2% liked)

Programmer Humor

19817 readers
555 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 75 points 6 months ago (1 children)
[–] [email protected] 4 points 6 months ago (3 children)

How could I know, out of curiosity? I probably have the exe from the time period.

[–] [email protected] 17 points 6 months ago

Try decompiling it.

[–] [email protected] 16 points 6 months ago (1 children)

Great question! Not really my area of expertise, but probably there are at least a couple of possible avenues. One is decompilation and/or disassembly and static analysis. (Basically use automated tools to reconstruct the original source code as best it can and then read that imperfect reconstruction of the source code to figure out what it does.) Another is isolating it ("air gap" -- no network or connectivity to anything you care about) so you're sure it can't do any damage and running it with tools that record/report everything it does. (On Linux, one could use strace and/or GDB. On Mac, dtrace. Not sure what the equivalent is for Windows programs running on Windows.)

Actually, I guess another option could be to set up an isolated system, record a whole bunch of information about it before running the .exe then after running the .exe, examine it to see what you can find on the filesystem or in the registry or in RAM or whatever that might have changed. It wouldn't catch everything, though. Like if it made a network connection or something but didn't actually change anything on the filesystem, it might not leave any traces.

Whatever the case, it'd probably require some specialized tools and expertise. But it'd be an interesting project.

[–] [email protected] 6 points 6 months ago

That last part, that's what sandboxie is for

[–] [email protected] 4 points 6 months ago* (last edited 6 months ago)

There are tracing programs that let you see when a program makes system calls to read and write files, control hardware, etc. It might be easiest to run it and see what it does in a VM sandbox. Process Monitor looks like a strace equivalent on windows.