Listen Top Shows Blog

Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro

Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro

Update: 2019-06-11

Share

Description

This tutorial covers how to disable ASLR in your debugging VM to speed up your debugging when using x64dbg and IDA Pro.We have a short blog post here:
https://oalabs.openanalysis.net/2019/06/12/disable-aslr-for-easier-malware-debugging/

The registry value you want to add is:
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\MoveImages

Feedback, questions, and suggestions are always welcome : )

Sergei https://twitter.com/herrcore
Sean https://twitter.com/seanmw

As always check out our tools, tutorials, and more content over at https://www.openanalysis.net

#ReverseEngineering #Debugging #ASLR #x64dbg

Comments

In Channel

REvil Ransomware Unpacked - Cheeky Hack To Build Import Address Table

REvil Ransomware Unpacked - Cheeky Hack To Build Import Address Table

2019-07-3009:10

Reverse Engineering RC4 Crypto For Malware Analysis

Reverse Engineering RC4 Crypto For Malware Analysis

2019-06-1715:56

Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro

Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro

2019-06-1107:31

Reverse Engineering C++ Malware With IDA Pro

Reverse Engineering C++ Malware With IDA Pro

2019-06-0323:40

Reverse Engineering Quick Tip - Unpacking Process Injection With a Single Breakpoint

Reverse Engineering Quick Tip - Unpacking Process Injection With a Single Breakpoint

2019-04-1403:30

WinDbg Basics for Malware Analysis

WinDbg Basics for Malware Analysis

2019-02-1938:36

Malware Samples Crashing x64dbg Fixed!

Malware Samples Crashing x64dbg Fixed!

2019-01-2706:55

Lazy String Decryption Tips With IDA PRO and Shade Ransomware Unpacked!

Lazy String Decryption Tips With IDA PRO and Shade Ransomware Unpacked!

2019-01-0728:05

OALabs Rewind 2018 - Reverse Engineering Bloopers

OALabs Rewind 2018 - Reverse Engineering Bloopers

2018-12-2903:38

Unpacking Quick Tip: Two Breakpoints to Unpack Hermes Ransomware

Unpacking Quick Tip: Two Breakpoints to Unpack Hermes Ransomware

2018-12-2802:37

Reverse Engineering IcedID / Bokbot Malware Part 2

Reverse Engineering IcedID / Bokbot Malware Part 2

2018-11-0937:59

Unpacking Bokbot / IcedID Malware - Part 1

Unpacking Bokbot / IcedID Malware - Part 1

2018-10-2615:58

How Do Packers Work - Reverse Engineering "FUD" Aegis Crypter

How Do Packers Work - Reverse Engineering "FUD" Aegis Crypter

2018-09-2217:41

Malware Analysis VM Setup Tutorial

Malware Analysis VM Setup Tutorial

2018-07-1614:12

Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python

Unpacking and Extracting TrickBot Malware Configuration With x64dbg and Python

2018-06-2027:52

Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg

Unpacking Gootkit Part 2 - Debugging Anti-Analysis Tricks With IDA Pro and x64dbg

2018-05-2019:23

Unpacking VB6 Packers With IDA Pro and API Hooks (Re-Upload)

Unpacking VB6 Packers With IDA Pro and API Hooks (Re-Upload)

2018-04-2929:23

Unpacking Princess Locker and Fixing Corrupted PE Header (OALabs x MalwareAnalysisForHedgehogs)

Unpacking Princess Locker and Fixing Corrupted PE Header (OALabs x MalwareAnalysisForHedgehogs)

2018-04-0834:03

Analyzing Adwind / JRAT Java Malware

Analyzing Adwind / JRAT Java Malware

2018-03-2633:23

Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request

Unpacking Gootkit Malware With IDA Pro and X64dbg - Subscriber Request

2018-03-0431:30

00:00

00:00

x

Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro

Disable ASLR For Easier Malware Debugging With x64dbg and IDA Pro

OALabs