[dundee] Just seen this, seems quite interesting for those interested in malware research
Arron Finnon
afinnon at googlemail.com
Wed Dec 31 15:52:56 UTC 2008
http://zerowine.sourceforge.net/
Zero wine is an open source (GPL v2) research project to dynamically
analyze the behavior of malware. Zero wine just runs the malware using
WINE in a safe virtual sandbox (in an isolated environment) collecting
information about the APIs called by the program.
The output generated by wine (using the debug environment variable
WINEDEBUG) are the API calls used by the malware (and the values used
by it, of course). With this information, analyzing malware's behavior
turns out to be very easy.
More information about the dundee
mailing list