Converter 32/64.dll diptrace8/30/2023 ![]() ![]() This can be done via command line or through the GUI. The next step is to use WinDbg and rundll32 to load the DLL in memory. Since I won’t be debugging with symbols, I took note of the address 0x140001570, this is where I ultimately set my breakpoint. In this case, I let IDA Pro do the work – IDA will identify the entry point in the exports tab. To begin, I needed to find the entry point of the DLL. This is a brief posting discussing how to load a 64-bit DLL and break on DllMain, the sample I am using is Dridex and can be found on VirusTotal. Debugging a DLL is not quite as straight forward as an executable, since you have to use rundll32 to load it and invoke DllMain.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |