Skip to content

giadom/Debugging_with_API_Monitor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
Filters
Filters
 
 
Guide
Guide
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Alternative text: "Azure Grotto, Naples by Ivan Konstantinovich Aivazovsky (1841)"

Topic of this guide

The technique illustrated in this guide is oriented for Windows and allows to debug a sample (i.e. an instance of a malware) using also API Monitor (available at http://www.rohitab.com/apimonitor).
This technique has sped up my malware analysis on several occasions and hence its very suited for incident response activities. To use it you just need:

  • your favourite debugger;
  • API Monitor.

In a nutshell, you will:

  1. debug a sample (including the possibility to move its Instruction Pointer as you whish);
  2. track via API Monitor the APIs used by the sample (which is still under debugging).

Table of contents

At:

  • "Guide" you will find the tutorial for this technique.
  • "Filters" you will find some suggested filters to be feeded to API Monitor.

Acknowledgements

I would like to thank professor D. C. D'Elia for the clarifications and suggestions about this guide.

About

Debug a sample in Windows using also API Monitor.

Topics

windows debugger api debugging sample analysis incident-response reverse-engineering dynamic-analysis filters malware-analysis debugging-tools api-monitor incident-response-tooling api-monitoring save-the-day

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published