Windows Application Debugging with WinDBG

Setting up WinDBG Lab – Part 1

With this post, we will install WinDBG and other applications such as code editor, compilers, assemblers etc., on our Lab machine.

Before starting actual installation, check following things:

  1. Powerful base machine hardware: When I say powerful, it means your base machine must have i3+ processor, minimum 8GB RAM. My own system is i7 + 24 GB (which is overkill). Recommended is i5 + 16GB RAM. You need to choose your processor as per your requirements.

For example, you want to analyse malware affecting AMD systems only. Then obviously, you have to choose AMD system. I write shellcodes for Intel systems, so I always use Intel machines.

  • Base operating system: We will be using virtual machine. So, you can use any base OS. Just ensure that base machine is x64 (64 bit). I myself use Windows 10 x64.
  • Virtualization software: You can either use Oracle Virtualbox or VMWare Workstation/Player. After bit of testing, I have observed that VMware was slower than Virtualbox. But Virtualbox crashed couple of times and hence, I chose VMware workstation. Ultimately choice is yours.
  • Guest OS: With this, things get bit tricky. Though you can use any Win 7 and above distro, I’ll always recommend to go for Windows 10 x64 version. Reasons? World is mostly moved from Windows 7/8/8.1 to Windows 10. Eventually, Win 7/8/8.1 will be gone. And as per Microsoft’s business strategy, Windows 10 will be their last OS and they will keep providing updates to it. And x86 architecture is pretty much outdated. Almost all processors today are x64. Also, no big organizations today use x86 processors (except if it’s a legacy system). For this series too, we will use Windows 10 x64.

Below is the list of tools we will be installing:

  1. WinSDK: WinDBG is part of WinSDK. Hence, you have to download WinSDK installer from Microsoft Developer site.
  2. Visual Studio 2017 (VS): Initially I was thinking about using MinGW cross-platform compiler for compiling and linking C programs. However, as Paranoid Ninja and SubZerox09 pointed out, Symbols (.pdb) files can only be generated with CL.EXE tool of VS. Considering this, I decided to switch to VS for code writing. Honestly speaking, I have no experience of coding in VS. This will be new learning for me. Maybe I’ll write one post solely on usage of VS for writing C program. For our purpose, VS 2017 Community edition is totally fine.
  3. NASM for Windows: Again, this is totally optional. Since I want to drive this series primarily from shellcoder’s perspective, I’ll be writing windows shellcode and use WinDBG for debugging it. Hence, I am using NASM for Windows to assemble assembly language code.

Link: https://www.nasm.us/

  • Python 2.7.x: We will be using python addons such as Mona.py. Also, it is required during shellcoding. Hence install latest Python 2.7.x (64bit version).
  • Text editor: This is again all about your choice. I like Notepad++. You can go ahead with your favourite text editor.

With this we can start with actual setup:

  • Creating Windows 10 x64 Virtual Machine: This is not difficult task at all. If you have ISO image, go ahead and install it in your favourite Virtualization software. Or if you are lazy person, you can directly download readymade VM’s from this link.

(Pro tips –
– All Windows VMs are resource hogging. Hence consider disabling unnecessary graphics, Cortana etc.
– Make sure VM disk size should be sufficiently large. 60 to 80 GB is fine. Run disk cleanup with elevated privilege to remove unnecessary files.
– Windows will always update/upgrade. So, it is good idea to disable auto-update.
– Enable developer mode. It will be helpful during code writing)

  • Installing WinDBG: Installing WinDBG is straightforward affair. Either download installer file or .iso file and you can go ahead with installation. For installer, make sure you have stable and fast internet connection. In either case, go ahead with below options. No need to install SDK as it will be available
WinDBG installtion option
Installing WinDBG

On contrast, configuring WinDBG is not that straightforward one. We will tackle that during next blog where we will explore “Basic functions of WinDBG”.

  • Installing VS: Simply download and install VS 2017 installer from Microsoft.com website. It will install the actual installer which will help you choose the components for installation. It will look something like this:
Installing Visual Studio
Installing Visual Studio

In above screenshot, I have highlighted items to be installed. Even if you fail to install anything, don’t worry!! You can easily install those items with VS Installer.

  • Install Python: Straightforward task. Next -> Next -> Next -> Finish.
Installing Python
Installing Python 2.7.15
  • Installing NASM: Again, straightforward task. Next -> Next -> Finish. Same goes for editor.

I guess this is enough of software installation. Actual job starts with configuration of above tools. In next post, we will dive into “Basics of WinDBG”. Trust me, it will be longer and interesting post… Till then, Auf Wiedersehen!!!!!

(Note: This was very short post and covered simple installation of listed application. I was busy with couple of different things. As a result, I am rushing with this smaller post.)

I am guy in infosec, who knows bits and bytes of one thing and another. I like to fiddle in many things and one of them is computer.

SLAER

I am guy in infosec, who knows bits and bytes of one thing and another. I like to fiddle in many things and one of them is computer.

Leave a Reply

Your email address will not be published. Required fields are marked *

*