[2015-06-28] Edge label modes. Besides the new edges for file-renames and process-kills build 47 of ProcDOT also introduced a new feature which is called “Edge label mode”. With this feature now one can choose the expressiveness of the graphs edges and thus match her individual taste from “Extensive” to “None” at all. You’ll find the according switch in ProcDOT’s options ... As you can see their are 5 modes to choose: Default None Short Long Extensive The following screenshots show the different modes in action ... “Default” ... “None” ... “Short” ... “Long” ... “Extensive” ... Well, the differences are easy to spot - only “Default” and “Long” are equal with this actual example graph, “Long” would differ from “Default” in edges for loading a module “load as module” in constrast to ”loads”. However, as you can see each of the modes has its pros and cons. “Extensive” labeled edges may be more informative but the graph gets bigger. No edge labels (”None”) at all shrink the graph but require an expert in / one familiar with ProcDOT graphs to be able to read them properly. I’m also thinking of adding “Custom” in the future so everyone can actually choose the actual content of the labels, this would furthermore make it possible to localize ProcDOT graphs - but I’m not sure about the relevance of that, though, we’ll see. So, choose your own taste of edge labels. Happy graphing!
Blog
logotype Home Home Blog Blog FAQs FAQs Download Download Online Documentation Online Documentation Tutorials Tutorials Forum Forum References References Conferences Conferences Donate Donate Contact Contact
ProcDOT - Visual Malware Analysis
Blog Blog