Binary Monitor System project in Java
Problem Definition
Our Binary Monitor System project aims at providing a GUI based software to determine registry, file system and network activities done by a binary on windows platform.
This allows the user to statically and dynamically monitor executable s which helps to determine whether the binary performs some malicious activity or not. It can also act as an effective tool for system administration
Project Description
Our goal is to develop GUI based software which allows the user to statically and dynamically monitor executable s, that is to see what registry, file system and network activities are done by a particular binary in WINDOWS XP system. This helps to determine whether it performs some malicious activity or not.
We aim to establish a report which will show comprehensive and detailed activities of a binary (what system calls were made by it, parameters values that were passed to the functions, what files were accessed etc) with respect to the registry, file system and network. It informs the user about any malicious or harmful activity being performed for example deleting a file or modifying a registry key entry in an unauthorized manner.
This Binary Monitor System can aid an anti virus software in detecting a malicious code. It can also help to detect “Encrypted viruses” since it analyses the behavior of the malicious code and not just virus signatures. This software can be used in Cyber-forensics
This product can be used by System Administrator, security analysts, application developers, system designers and tool developers or the end-user.
Working
The Binary Monitor System includes Analysis that is, processing of the binary code to extract syntactic and symbolic information. It tries to find Symbol tables (if present). We begin by decoding instructions by creating a dis assembly equivalent of the binary. We then proceed by finding the control-flow information that is, basic blocks, loops, functions etc and data-flow information.
The project is divided into two parts:
- STATIC – includes determination of the functions present in the dis assembly code of the binary before execution and finding parameters passed to them by scanning the string table(if present).
- DYNAMIC – includes analysis of the code coverage during the execution of the binary by finding the actual function calls being made depending on the conditions satisfied in various types of conditional statements.
Software And Hardware Requirements
Software Requirements
- Windows XP.
- Visual C++.
- Monitoring tools:
- REGMON.
- FILEMON.
- TCPView.
Hardware Requirements
- Minimum 20 GB hard disk.
- Minimum 256 MB RAM.
- INTEL Pentium 4 processor.
- SVGA color monitor.
Leave a Reply