Intro to WinDbg Part 3: Call Me Maybe
Watch Intro to WinDbg Part 1: The Beginning and Part 2: Back to the Future Using TTD OnDemand.
By now you have learned how to travel through time using Time Travel Debugging. TTD is such a powerful feature and you’ve only begun to scratch the surface of its use cases.
This portion of the series is going to take a detailed look into calling conventions for a number of calling standards like stdcall, cdecl, thiscall, and fastcall. Calling conventions are not only important in the developer side, as taught in SEC670, but also in the malware analysis side too. It is critical to understand these conventions when performing any kind of analysis at the assembly level. If you can’t track what’s being passed in as the 3rd argument, you could miss a key part in your analysis. After this portion of the series, you will have a solid understanding of the various calling conventions covered.
You won’t need anything from Part 2 of this series other than your personal setup. See you there!
System Requirements:
- 64-bit Windows VM or host with the WinDbg installed (not WinDbg classic). Installation Instructions, https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/
This webcast supports content from SANS Institute SEC670: Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control™. To learn more about this course, explore upcoming sessions, and access your FREE demo, click here.
