|
If the EXE is running on your computer, debug it just like any other EXE. If the EXE is a "real" service, you might have to hex-edit a few values in the header before a debugger will load it, but 99% of the so called "services" are just plain and simple GUI executables which are only executed by the service manager instead of the autostart function.
Capturing traffic will only work if the connection is not encrypted or if the application doesn't check certificates. VMware for example does check certificates. (the update check will fail with "connection refused" if you have any MITM in the certificate chain)
If you control both ends of an encrypted connection using weak SSL/TLS parameters, you can supply some of the capture tools with the private key of the connection and they will be able to decode the saved captures (not the live traffic). But if the programmer isn't totally stupid and the software isn't older than 10 years it's pretty much impossible to decode any properly encrypted traffic.
|