Forum Discussion

Bronze III

2 months ago

WinDbg: Ep.3 – Debugging Malware

The briefing says: [...] bp kernel32!LoadLibraryA ".printf \"Loading Library: %ma\",poi(esp+0x4);.echo};g"bp kernel32!GetProcAddress ".printf \"\t Looking up function: %ma\",poi(esp+0x8);.echo;g"bp...

feedback

AndradaCraciun
18 days ago
Hey netcat thanks for your feedback on the lab! We have not updated the OS, the content was reflective of the sort of APIs you should be looking for. It wasn’t hugely clear to look for related symbols of those APIs.

The fix you proposed absolutely works! We have also updated the content to show how you can still use kernel32 and advapi32.

Thanks again for the feedback, we appreciate it!

AndradaCraciun

Community Support

18 days ago

Hey netcat thanks for your feedback on the lab! We have not updated the OS, the content was reflective of the sort of APIs you should be looking for. It wasn’t hugely clear to look for related symbols of those APIs.

The fix you proposed absolutely works! We have also updated the content to show how you can still use kernel32 and advapi32.

Thanks again for the feedback, we appreciate it!

Forum Discussion

WinDbg: Ep.3 – Debugging Malware

Related Content

WinDbg: Ep.4 – Debugging a Windows Crash

WinDbg: Ep.5 – Kernel Internals

What are some good labs for learning the basics of malware analysis?

WinDbg: Ep.2 – Walking Windows Structures

Malware Analysis: Tracking a LOLBins Campaign – Examination

Recent Discussions

Threat Research: Dependency Confusion Q8

WinDbg: Ep.2 – Walking Windows Structures

Kubernetes: Secrets

IAM: Demonstrate Your Skills - Developer access (2/3)

Introduction to encryption help