With an understanding of debugging features, let's look at how debugging can help us to understand malware behavior. Consider a code excerpt from a malware sample, where the malware calls the CreateFileA function to create a file. To determine the name of the file that it creates, you can set a breakpoint at the call to the CreateFileA function and execute the program until it reaches the breakpoint. When it reaches the breakpoint (that is, before calling CreateFileA), all of the parameters to the function will be pushed onto the stack; we can then examine the first parameter on the stack to determine the name of the file. In the following screenshot, when the execution is paused at the breakpoint, x64dbg adds ...