I'd say if you wanna test for something like that to see what it does then do it in a
virtual machine with snapshots on a Linux box so you can revert changes.
Test for changes that have been made. Use programs like
regshot to take snapshots of the filesystem and registry before running exploits. Then take a snapshot of the filesystem and registry after running exploits and compare the diff. You'll be able to see changes that have been made.
I've also written a helper application for regshot in Python called
Registry Key Remover which takes the regshot diff file as input and generates an
NSIS script from it. This way you can compile it and undo the changes.
That's how I usually go about testing stuff for a system and determining what programs are safe, etc. This is when it's difficult to view the source code for the proprietary app.
You could also use the GNU/Unix command
strings to dump all of the strings in a binary to a text file... There's many more things you could do to reverse engineer a problem like this but I'll leave you with that to ponder.