Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Matrix ThePornDude
Home Artists Posts Import Register
Patreon importer is back online! Tell your friends ✅

Debugging Fundamentals Module 1 - Debugger Events (Patreon)

Published:
2022-04-08 23:01:34
Imported:
2023-09
Flagged

Downloads

Content

Further Research

Lab Environment Setup

We recommend using the FLARE-VM virtual machine (VM) for the labs running Window 10 x64. For more information on how to setup a free FLARE-VM virtual machine please see our Dynamic Malware Analysis Lab Setup tutorial.

For the labs you will need to enable networking on the VM so you can install the required Python libraries. Before enabling networking ensure that you have restored a clean snapshot of your VM and ensure that it does not contain any malware.

Python is required for the labs. It is important to install the correct version of Python - we will be using the Python 3.8.10 (32-bit).

If you are using the FLARE-VM you will already have a Python 64-bit version installed which may cause issues for the labs. We recommend installing Python 3.8.10 (32-bit) using the Windows-installer (32-bit)

  • Launch installed and select “Customize installation
  • Make sure Add Python 3.8. to PATH is not checked
  • Select all of the optional features and continue the installation
  • In Advanced Options only select “Associate file with Python
  • Change the “Customize install location” to “C:\Python38-32
  • Complete installation

Once Python has been installed it can be launched using the install path: 


C:\Python32-32\python.exe


Lab Debugger Setup

Copy the lab zip file to your VM and unzip the lab directory.

In the directory there will be requirements.txt file that can be used to install the Python libraries required for the debugger. 

To install these you can launch the Python PIP module from your newly installed Python 3.8.10 environment.

C:\Python38-32\python.exe -m pip install -r requirements.txt

Once the requirements have been installed the debugger can be launched via the same Python 3.8.10 environment. The debugger must be launched from inside the lab directory as it requires a relative path to the dbglib folder (also included in the lab directory).

C:\Python38-32\python.exe module_1_debug_events.py

Launching the debugger without an argument will raise an error. The debugger requires a path to the target binary to be passed as the first argument. 

A target.exe binary has been supplied in the lab directory. This target binary is a simple “hello world” executable that can be used to test the debugger.

C:\Python38-32\python.exe module_1_debug_events.py target.exe

Lab 1 

When launched the debugger will print out the CREATE_PROCESS_DEBUG_EVENT and some associated information. The target will also print “Hello World” to the console.

The debugger will continue to wait for debug events until the return key is entered in the console. Note that the debugger will wait for events even after the target has completed execution so it is the responsibility of the user to press enter to quit the debugger.

Lab 1 - Exercise

Now that your a familiar with how the debugger receives debug events, add a handler for the EXIT_PROCESS_DEBUG_EVENT which returns an EXIT_PROCESS_DEBUG_INFO struct (ExitProcess) with the process exit code (dwExitCode). 

Print the exit code to the console from your new handler.


Files

Debugging Fundamentals Module 1

This is "Debugging Fundamentals Module 1" by OALABS on Vimeo, the home for high quality videos and the people who love them.

Comments

No comments found for this post.