A forum for reverse engineering, OS internals and malware analysis 

Tools

Ask your beginner questions here.

Tools

 #20912  by lktp
 Sun Sep 22, 2013 5:35 pm
Hi there!

Ive been looking around the forum, and im kinda new to malware analysis. I can do some basic stuff, but up till now ive been building my own tools to do before / after comparisons. Ive heard that captureBAT is a good tool but I cant get it to work well with windows 7. Does anyone have any good Open source tools that can be used for this kind of comparison?

Thank you!

Re: Tools

 #20928  by r3shl4k1sh
 Mon Sep 23, 2013 8:00 am
CaptureBAT works well under Win 7 32bit using elevated command prompt.

Re: Tools

 #20931  by lktp
 Mon Sep 23, 2013 8:41 am
Whenever I try to run it, using the syntax "CaptureBAT.exe -c -l test.txt -n"

i get the following results:
Code: Select all
Option: Collecting modified files
Option: Logging system events to test.txt
Option: Capturing network packets
Error loading kernel driver: CaptureProcessMonitor - 0x000004fb
Error loading kernel driver: CaptureRegistryMonitor - 0x000004fb
FileMonitor: WARNING - Filter driver not loaded (error: 800704fb) waiting 3 seconds to try again ... (try 1 of 5)
FileMonitor: WARNING - Filter driver not loaded (error: 800704fb) waiting 3 seconds to try again ... (try 2 of 5)
FileMonitor: WARNING - Filter driver not loaded (error: 800704fb) waiting 3 seconds to try again ... (try 3 of 5)
FileMonitor: WARNING - Filter driver not loaded (error: 800704fb) waiting 3 seconds to try again ... (try 4 of 5)
FileMonitor: WARNING - Filter driver not loaded (error: 800704fb) waiting 3 seconds to try again ... (try 5 of 5)

Re: Tools

 #20976  by lktp
 Thu Sep 26, 2013 4:50 am
Your right, it is 64 bit. The other program I have been told is Winalysis, the problem is when i install winalysis 3.1 it will do everything but create the winalysis.exe file to allow you to run the program.

Re: Tools

 #20984  by lktp
 Fri Sep 27, 2013 1:48 am
Ok thank you very much for your time!
 Return to “Newbie Questions”