WinAppDbg is perhaps one of the most underrated Windows binary instrumentation frameworks.
As I am learning how to use it, I have created some code to help me.
I wrote a four part WinAppDbg tutorial using this module. As this module might change, the version in the tutorial can be found in the WinAppDbg directory in my clone. You can find the links in the pages below:
- Part 1 - Basics
- Part 2 - Function Hooking and Others
- Part 3 - Manipulating Function Calls
- Part 4 - Bruteforcing FlareOn 2017 - Challenge 3
WinAppDbg is created by Mario Vilas:
- code: https://github.com/MarioVilas/winappdbg
- docs (read them): https://winappdbg.readthedocs.io
Opensourced under the MIT license.