QEMU implements a GDB server making it possible to attach to the operating system from outside the virtual machine, via the target remote command of the debugger. When analysing a Windows malware, this method is useful to bypass any anti-debug technique but has a big drawback: GDB has no knowledge of the underlying system and therefore cannot display any symbol to ease the analysis. As an example, let’s see how to add information from the import table here......http://www.lexsi-leblog.com/cert-en/qemu-gdb-pe-imports.html
↧