oalabs

Applied Emulation - Module 5 (Patreon)

Published:

2023-08-29 22:35:04

Imported:

2023-09

⚑ Flagged

Downloads

Download lab5.zip (browse »)

Content

Emulating The Windows Environment

This is the last part in our five-part tutorial series on emulation. In this module we learn how to use a full User-Mode emulator capable of running a PE file. The focus is mainly on Dumpulator and its applications vs. Unicorn (and other CPU only emulators). The module is accompanied by a live demo and a lab that builds on the concepts we discuss.

References

Mandiant Speakeasy
https://github.com/mandiant/speakeasy
Dumpulator Cheat Sheet (Examples)
https://github.com/mrexodia/dumpulator#examples
Dumpulator Introduction Video (OALABS YouTube)
https://www.youtube.com/watch?v=4Pfu98Xx9Yo
Minidump Format (Official MS)
https://learn.microsoft.com/en-us/troubleshoot/windows-client/performance/read-small-memory-dump-file
Minidump Format
https://formats.kaitai.io/windows_minidump/
Minidump Streams
https://learn.microsoft.com/en-us/windows/win32/api/minidumpapiset/ne-minidumpapiset-minidump_stream_type
CPUID CPU-Z Tool
https://www.cpuid.com/downloads/cpu-z/cpu-z_2.06-en.zip

Lab Exercise

The lab for this module is contained in the lab5_zip file. Download lab5_zip, unzip, and run jupyter-lab from the root of the unzipped directory. Once Jupyter Labs is launched in your browser open the lab notebook and follow the instructions.

Files

Applied Emulation Module 5 - Emulating The Windows Environment

This is "Applied Emulation Module 5 - Emulating The Windows Environment" by OALABS on Vimeo, the home for high quality videos and the people who love them.