How to tell what a program is actually doing?

Kinda got thinking with all the discord speak on here lately.

How would you actually tell what a program in particular is exactly doing? Discord apparently collects data on which applications are running on your computer and such, but how is it that its doing it? How would you tell if discord is opening up a shell and executing the line $hello = 1; echo $hello or something unnoticeable?

Attached: 567702.png (1920x1080, 1.17M)

please be underaged

look up debugging and disassembly.

>debugger
which debugger would you attach, surely you cant just go on visual studios and attach a debugger and it will work?

>disassembly
doesnt always work also you have to assume some stuff like what language the program is written in

>How would you actually tell what a program in particular is exactly doing?
if networking wireshark
if context switches, your kernel can (don't know about windows)
if you want to see inside memory, your kernel can but your hardware may not be not ok with this
you can log things, depends on your os.

but more importantly if you have to ask this, don't bother, you're years too soon to be able to understand what you will see or how to achieve it.

I just want to know if some programs can just read the contents of a folder or something like that on startup, and how you'd know and circumvent it

e.g how would I check discord is not trying to access C:\Users\npc\Desktop\Mypasswords\passwords.txt or something

On Windows, no idea.
On linux just strace the binary with the flag to follow all threads, dump to file, and follow the system calls for a start. File access will be immediately apparent.

Oh I forgot to mention the platform was windows

>strace
General question though, what happens if the developers of the program made it so that it only tried to steal your passwords under very certain conditions.... i'd assume strace wouldnt pick up on it unless you actually knew about those conditions and fulfilled it right? So it pretty much becomes a game of actual debugging if the people are trying to make it as hidden as possible, youd have to assume its malicious from the very start and wouldn't truly know if a program isn't malicious unless you ran every possible configuration right?

Also, you know when people speak of free software (like under GPL or whatever) how do people know its not malicious with a slapped on label saying its under the GPL license and assume people wont bother to check the source code before running it? has something happened like this before

Wireshark can intercept network packets

If you don’t have source code, knowing what a program does is a bit tricky, I’d just google it. Jow Forums is too retarded for that shit

>the developers of the program made it so that it only tried to steal your passwords under very certain conditions
Disassemble. No other guarantee I can think of, in Windows anyway. In old Unix systems (say Solaris 9 onwards) you could write DTruss scripts to monitor keyboard input / file access etc. to be more specific on what a program does, but even then system calls were the most you could get (which is still a lot).

Sorry, I'm just a sysadmin, not a programmer. If you showed me disassembled code asking if it's safe I'd just stare and shrug. Frankly, if you suspect the author that much, either find an open-source project replacement that you can easily follow or stop using it.

I did find something call Procmon (process monitor) which is an executible officially released by microsoft that can show what a process accesses and modifies, but you pretty much get spammed in the logs with normal stuff like accessing certain libraries and all that it kinda obfuscates any malicious stuff you're looking for.

I suppose you could sit there and look through each of the 100,000 lines of the logs but it seems rather unproductive

>no source available
Yeah with no assumptions like the language its written in, what it was compiled with etc I wanted to know how accurate you could get to finding out what an executible is capable of

But this seems remotely familiar to the decidability problem for a computer (program in this case)

Alright thanks for the answer

>Frankly, if you suspect the author that much, either find an open-source project replacement that you can easily follow or stop using it.

Nah was just curious, just wanted to know what the reality was behind Jow Forums saying everythings a botnet, but I guess this task might be a little out of my scope for me to figure out

> How to tell what a program is actually doing?
Read the source code.

Im obviously assuming that you have nothing to work with besides the executible that you downloaded and can run

On linux you do nothing, because linux is just a kernel.

>executing unknown binaries on your system
Common Sense 2018 Pro could have prevented this.

That doesnt make any sense, everyone pretty much assumes some generic app like skype isnt going to blow up your computer or steal your bank account information, its a matter of actually knowing if it does or not

why would discord do such a thing? say they have been been accumulating passwords from users using some advanced search algorithm to find the random place it could be stored; what do they do with this? sell it? who's going to buy passwords that isn't a shady dealer? I'm sure it'd have leaked by now. just have it? seems like a waste of time. the data they collect is just the time spent playing certain games and maybe demographics if available. those are the only things I could see a legitimate company buying

>they collect is just the time spent playing certain games
why stop at that, they could build a more extensive user profile

I know but its just an example, that isn't the point though, we the people should know what they are up to on our own computers we bought.

They can do whatever the fuck they want if you installed their program and agreed to their terms, avoid using malware

why stop there? why not disassemble electronics to see if there's microphones or other bugs? why not reverse engineer the circuit to see what exactly it does?

still though I bet 95% of people use the same password for everything so they could just try the one you gave them. no need to program a directory crawler to find a random list of passwords that may or may not even exist.

Thats a good point and a point raised would be questioning whether intel cpus are malicious or not (has already been proven to have undocumented and hidden op codes)

So yea just running a new intel cpu kinda already compromises everything, but lets just assume were working with sterile hardware & focus on the software perspective

I guess? But that still doesnt answer my question when I want to figure out what someone elses program does since we live in a time and age where free software isn't readily available for our consuption needs

>why would discord do such a thing?
data harvesting.
Obviously every data has not the same money value but you can be sure they will find a way to make money from it.
Imagine you take shitload of photo with your old ass canon and the model is written in exif data of said photos.
Discord read your exif data and store it.
They can now sell your data to canon. canon buy data from different sources and merge them, they now have advanced and precise stats about how many older models are in the wild.
ads companies already have your profile, canon can send you ads about their newer models through them.

You'd be surprise how powerful and mind-fucking the data harvesting business is.

>Why would X abuse their power?
Always an irrelevant question. Always assume the worst is taking place and plan accordingly.

yeah but a lot of that stuff is voluntarily given up by the user, they don't have to search for it. it's not malicious if you give it to them and I'm sure people upload more than enough already

>Nah was just curious, just wanted to know what the reality was behind Jow Forums saying everythings a botnet
Running a non-free program is like signing a blank piece of paper. The owner of that paper makes the rules and can add anything on there. You don't know what you're gonna get, and software ain't no box of chocolates. Therefore, you're relying on the person who made that program to be nice, or more appropriately, not be a cunt. You're trusting people in a world where the owners of tech giants don't let their kids use the same things they've made and sold because they know they're harmful, yet continue to sell more. You can thrust and most probably get stabbed in the back, or you can play poker only with those who pull up their sleeves.
They might not steal text documents storing passwords in plain text, or perhaps they do. They certainly profile you as much as they can though, and considering they apparently ban accounts that were joined to servers whose activities they dislike, that is a dangerous thing. Not being able to get a job because you've played [game] with a lolicon is a potential prospect of that. Also remember: you will always find buyers for both this information, and other, less likely to be farmed info. Various sites were caught selling username/email+password combos. These are worth a lot if you know how to use them, because passwords are reused and people are stupid.
This is why we need to promote free hardware and countries need to make as much of it as they can internally.

>executing unknown binaries on your system
Yeah, what retard doesn't write his own OS for his own hardware and uses his own Webbrowser to post from it on Jow Forums.
Are you literally retarded? Every single person who is using a computer executes unknown binaries.

not about abusing power, it's about risk/reward. it's much easier and less risky to sell metrics that users give up willingly then to go hunting for more maliciously. sure they could be greedy and double dipping but I don't think they have the resources to accomplish that.

well you install something onto your computer do you really ask yoruself how it does it? they always do it because they are permitted to not only by you who install them but because they are safe to use by OS makers and such which let them use any code they want, if software devss become crazy and decide to delete all yoru data nothign is stopping them

stop asking stupid questions like this, if you wanna know what exactly a program does either ask the dev himself if he ever wants to share that info with you (because it can be a custom way) or just don't ask yourself this stupid questions and jsut make sure your shit doesn't lag by buying more power and loop into the circle of PC monopoly feeding them all your money because suddenly firefox 51 now is 50% slower than firefox 49 just to have a random example

>I just want to know if some programs can just read the contents of a folder or something like that on startup, and how you'd know and circumvent it

>e.g how would I check discord is not trying to access C:\Users\npc\Desktop\Mypasswords\passwords.txt or something
google procmon