How to detect if a Windows application (.exe) is sending data externally?
I'm using a Windows application (.exe) written in Python to manipulate files in a folder. I suspect this application might be sending my files to a remote server without permission. How can I verify if this application is making unwanted network connections?
Specifically:
- Is there a way to check if this application is connecting to the internet without having to reverse engineer the source code?
- Besides monitoring network traffic, are there any other clear methods to detect internet access, similar to how Android declares internet permission (android.permission.INTERNET)?
The application is supposed to be offline. I'm looking for straightforward ways to determine if it's accessing the internet without delving into complex analysis techniques.
Well, there are two ways I know of to monitor the network requests of a program (on Windows). The first way is to use Process Monitor of the Sysinternals suite. Once you open it, every time an application makes a system call, an entry will appear in the window with the name of the event and some details. And if you select an entry and open its "Properties" window, you can get even more details about it.
So if you set up a filter to only display network events from your target executable, you should be able to see the program making network requests in real time. Below is a screenshot of me capturing the network events of my browser as an example:
Another way is to open a command prompt with administrative priviledges and use the command netstat -bn 1. This would display the list of all open socket connections at the time of running the command, and it would continuously pause for one second and then output the list again until you press Ctrl-C to exit.
The -b option makes it display which binary is making each connection, and the -n option makes it display IP addresses numerically without trying to resolve them to domain names. And the 1 makes it re-display every second instead of displaying once and exiting. You could remove the -n if you want, but that would make it really slow. And you can see netstat /? for more options.
- Activating Anaconda Environment in VsCode
- How to implement the Softmax function in Python?
- Dataframe - Select the minimum set of rows to cover all possible values of each columns
- Non-equi join in polars
- Tkinter and matplotlib - NavigationToolbar2Tk - cursor position precision
- Media Image is not loaded in the output of Django Project
- selenium upload part not working on windows. Path related?
- How to encode UTF8 filename for HTTP headers? (Python, Django)
- Split columns in Csv file
- In the Django admin site, how do I change the display format of time fields?
- Condition in pytest fixture depending on some test-suite results
- How to make a class JSON serializable
- Apache Airflow unit and integration test
- TypeError: 'MultiPolygon' object is not iterable with Plotly Choropleth
- How do I get the current time in milliseconds in Python?
- Python: Decoding base64 encoded strings
- How to fix the error when try to plot data with pandas?
- Python Image - Finding largest branch from image skeleton
- Enumerate is Returning A None Type
- Python finite difference functions?
- How to extract hex color codes from a colormap
- Regex: Get "London, UK" from "Evolution Recruitment (Agency) (London, UK)"
- Visual Studio Code - How to add multiple paths to python path?
- What are the Spark transformations that causes a Shuffle?
- How to find the second lowest lists into a nested list by their second value?
- python-docx: Parse a table to Panda Dataframe
- Deposit and Withdraw on Account
- Why does this code snippet give the error list object is not callable?
- How to find out if argparse argument has been actually specified on command line?
- Print current call stack from a method in code