Forum Discussion

Silver III

9 months ago

Solved

WinDbg: Ep.3 – Debugging Malware

The briefing says: [...] bp kernel32!LoadLibraryA ".printf \"Loading Library: %ma\",poi(esp+0x4);.echo};g"bp kernel32!GetProcAddress ".printf \"\t Looking up function: %ma\",poi(esp+0x8);.echo;g"bp...

feedback

AndradaCraciun
8 months ago
Hey netcat thanks for your feedback on the lab! We have not updated the OS, the content was reflective of the sort of APIs you should be looking for. It wasn’t hugely clear to look for related symbols of those APIs.

The fix you proposed absolutely works! We have also updated the content to show how you can still use kernel32 and advapi32.

Thanks again for the feedback, we appreciate it!

AndradaCraciun

Community Support

8 months ago

Hey netcat thanks for your feedback on the lab! We have not updated the OS, the content was reflective of the sort of APIs you should be looking for. It wasn’t hugely clear to look for related symbols of those APIs.

The fix you proposed absolutely works! We have also updated the content to show how you can still use kernel32 and advapi32.

Thanks again for the feedback, we appreciate it!

Forum Discussion

WinDbg: Ep.3 – Debugging Malware

Featured Places

Help & Support Forum

Related Content

WinDbg: Ep.4 – Debugging a Windows Crash

Malware Analysis: Shlayer

ICS Malware: Triton - unpack trilog.exe

Practical Malware Analysis: .NET Encryption and Encoding

WinDbg: Ep.5 – Kernel Internals

Recent Discussions

AI: Plugin Injection - Demonstrate Your Skills

A Letter to Santa

Hack Your First Web App: Ep.6 - Hydra

GuardDuty: Demonstrate Your Skills

Infrastructure Hacking: Responder Network Poisoning