https://youtube.com/watch?v=w_rQJ7u-lpk
My favorite part was the Python debugging portion which I learned a ton from
Here is his cheatsheet he shared, it's amazing, thank you MalwareTech!
https://www.malwaretech.com/Cheatsheet.rtf
Refresh Debugger Memory
RefreshDebuggerMemory()
needed to make sure the debugger memory is up to date when a script breakpoint is hit (debugger memory is only refreshed when application is paused)
RefreshDebuggerMemory()
needed to make sure the debugger memory is up to date when a script breakpoint is hit (debugger memory is only refreshed when application is paused)
Get the value of a register by name
GetRegValue(str)
Str = register name
GetRegValue(str)
Str = register name
Read a dword from memory
Dword(address)
address = start address of dword
Dword(address)
address = start address of dword
Read an array of bytes from memory
GetManyBytes(address, length)
address = start address of bytes to read
length = number of bytes
GetManyBytes(address, length)
address = start address of bytes to read
length = number of bytes
Read a string from memory
GetString(address, length, type)
address = start address of string
length = length of string (or -1 to read until null terminator)
type = ASCSTR_C for ASCII and ASCSTR_UNICODE for Unicode
GetString(address, length, type)
address = start address of string
length = length of string (or -1 to read until null terminator)
type = ASCSTR_C for ASCII and ASCSTR_UNICODE for Unicode
Add Breakpoint
AddBpt(address)
address = address to set breakpoint
AddBpt(address)
address = address to set breakpoint
Set Conditional Breakpoint
SetBptCnd(address, condition)
address = address for breakpoint
condition = condition string (or python function)
SetBptCnd(address, condition)
address = address for breakpoint
condition = condition string (or python function)
No comments:
Post a Comment