nic-lovin

Patching binary in order to debug child process

I sometimes stumble into binaries that use CreateProcess, CreateProcessInternal, CreateThread or any functions like that. In this case, the binary is using CreateProcess function. When debugging with xdbg, we cannot follow the code excution. In order to debug the binary, I often patch it, then run it and hook to...