2. Debugging a Binary Using x64dbg
x64dbg (https://x64dbg.com) is an open source debugger. You can use x64dbg to debug both 32-bit and 64-bit applications. It has an easy-to-use GUI and offers various debugging features (https://x64dbg.com/#features).
In this section, you will see some of the debugging features offered by x64dbg, and how to use it to debug a malicious binary.
2.1 Launching a New Process in x64dbg
In x64dbg, to load an executable, select File | Open
and browse to the file that you wish to debug; this will start the process, and the debugger will pause at the System Breakpoint, the TLS callback, or the program entry point function, depending on the configuration settings. You can access the settings
dialog by choosing Options | Preferences | Events
. The default settings
dialog is shown as follows, with the default settings when the executable is loaded. The debugger first breaks in the system function (because the System Breakpoint*
option is checked). Next, after you run the...