While the passive dynamic analysis tools covered in the last chapter can often provide insight into a malicious sample, they allow you to observe the sample’s actions only indirectly and may not fully reveal its internal workings. In certain cases, you’ll need something more comprehensive.

The ultimate dynamic analysis tool is the debugger. A debugger is a program that allows you to execute another program instruction by instruction. At any time, you can examine or modify its registers and memory contents, manipulate control flow, and much more. In this chapter, I’ll introduce various debugging concepts by means of the de facto ...