Forum Discussion

Silver III

8 months ago

Solved

WinDbg: Ep.3 – Debugging Malware

The briefing says: [...] bp kernel32!LoadLibraryA ".printf \"Loading Library: %ma\",poi(esp+0x4);.echo};g"bp kernel32!GetProcAddress ".printf \"\t Looking up function: %ma\",poi(esp+0x8);.echo;g"bp...

feedback

AndradaCraciun
7 months ago
Hey netcat thanks for your feedback on the lab! We have not updated the OS, the content was reflective of the sort of APIs you should be looking for. It wasn’t hugely clear to look for related symbols of those APIs.

The fix you proposed absolutely works! We have also updated the content to show how you can still use kernel32 and advapi32.

Thanks again for the feedback, we appreciate it!

AndradaCraciun

Community Support

7 months ago

Hey netcat thanks for your feedback on the lab! We have not updated the OS, the content was reflective of the sort of APIs you should be looking for. It wasn’t hugely clear to look for related symbols of those APIs.

The fix you proposed absolutely works! We have also updated the content to show how you can still use kernel32 and advapi32.

Thanks again for the feedback, we appreciate it!

Forum Discussion

WinDbg: Ep.3 – Debugging Malware

Featured Places

Help & Support Forum

Related Content

WinDbg: Ep.4 – Debugging a Windows Crash

ICS Malware: Triton - unpack trilog.exe

Malware Analysis: Shlayer

WinDbg: Ep.5 – Kernel Internals

WinDbg: Ep.2 – Walking Windows Structures

Recent Discussions

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

Privilege Escalation: Windows – Finding Passwords

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.

Malware Analysis: Shlayer

CSP Hash Incorrect Despite Correct Script and Hash (CSP Lab Issue?)