تقييم الموضوع :
  • 0 أصوات - بمعدل 0
  • 1
  • 2
  • 3
  • 4
  • 5
Analyzing a DLL in x64DBG
#1
Quick tips about how to load a dll in x64dbg in order to debug it and analyse it. In this example we will use a random dll called “example.dll”

Locate the exported function you want to analyse
Here I am using PEbear but you can use any other PE tool

[صورة مرفقة: pG8yzb7.png]

We will use the function DllRegisterServer with the ordinal 1

Start debugging rundll32.exe with x64dbg
Rundll32.exe is a Windows system file used to load and run dynamic-link libraries (DLLs)

The first step is to load rundll32.exe into x64dbg

[صورة مرفقة: WeYXy0L.png]
Loading rundll32.exe into x64dbg

Select “Change Command Line”

[صورة مرفقة: SL6q9Cl.png]

Change command line

Enter the path of your DLL with the exported function

[صورة مرفقة: xJ88yGe.png]

Rundll + DLL + Ordinal

Go to Option -> Preferences and select “DLL Entry Point”

[صورة مرفقة: E1QQsyD.png]

Option DLL Entry

Run F9 until you reach the DLL you want to analyse

Check the name of the module you reach on the top of the Window

[صورة مرفقة: MZRdn5E.png]
Module Name : example.dll

That’s it! You can now debug your dll
أعضاء أعجبوا بهذه المشاركة : EarthMan123 , rce3033 , alihmoda1970 , Xelzor , MOFNET


التنقل السريع :


يقوم بقرائة الموضوع: بالاضافة الى ( 1 ) ضيف كريم