Dynamic Analysis
Debugging
Dynamic analysis involves running binaries under controlled conditions to observe behavior, set breakpoints, and inspect memory at runtime.
x64dbg (Windows)
text
; x64dbg Keyboard Shortcuts
F2 - Toggle breakpoint
F7 - Step into
F8 - Step over
F9 - Run
Ctrl+G - Go to address
Ctrl+F - Find pattern
; Useful commands
bp VirtualAlloc ; Break on memory allocation
bp CreateFileW ; Break on file creation
bp InternetConnectW ; Break on network connection
bp GetProcAddress ; Break on API resolution
; Conditional breakpoint
bp MessageBoxA, "eax == 0"
; Log without breaking
bp kernel32.CreateFileW, log:"CreateFile({s:rcx})"
; Trace execution
trace step, maxcount=1000GDB (Linux)
bash
# GDB with GEF/PEDA/pwndbg
gdb ./binary
# Basic commands
break main # Set breakpoint
run # Start execution
continue # Continue after break
step # Step into (s)
next # Step over (n)
finish # Run until return
# Examine memory
x/10x $rsp # 10 hex words at stack pointer
x/s 0x400000 # String at address
x/i $rip # Instruction at current IP
# Info commands
info registers # Show all registers
info breakpoints # List breakpoints
info functions # List functions
# Set values
set $rax = 0
set {int}0x601000 = 42
# GEF commands
vmmap # Memory map
heap chunks # Heap information
got # Global Offset TableAnti-Debug Evasion
Malware often detects debuggers. Use plugins like ScyllaHide (x64dbg) or patch IsDebuggerPresent
checks to continue analysis.