Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Debugging Windows ServiceDLL
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 04-11-2018, 04:56
schrodyn schrodyn is offline
Friend
  
Join Date: Dec 2016
Posts: 23
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 164
Thanks Rcvd at 27 Times in 11 Posts
schrodyn Reputation: 0
Question Debugging Windows ServiceDLL
Hi,

I'm learning RE and I was trying to reverse a piece of malware that is a DLL and expects to run as a service. It exports ServiceMain and expects to be run as a service so I would like to perform some dynamic analysis on it while it's running as a service.

Some attempts I made to just use rundll32 malware.dll,MainExport failed so I'd prefer to now run it as a service and try again. However, I'm not sure how to approach this.

I have read (Inside Windows Debugging) about installing a service and using gflags to configure a debugger / command to launch when - for example, "MyService.exe" runs. However, in my case I am running "svchost.exe -k groupname" and setting ServiceDLL in the registry to the "malware.dll".

I tried using gflags to run x64dbg (it's a 64-bit sample), but I ran into another issue. So, my questions to the community are:
  1. How do other people approach debugging Windows Services?
  2. Has any tried to use gflags to launch x64dbg for debugging Windows services?
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 19:40.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )