RADARE2

#DEFEATING ANTI-DEBUGGING CHECK
#step 1: identify where the anti-debugging check is happening
#step 2: change/comment the anti-debugging check instructions
#step 3: save the file so it will always run the malicious actions for analysis

root@revenge:~$ radare2 {malwareBinary.out}
[0x00001060]> / hello
 Searching 5 bytes in [0x401c.0x4020]
 hits: 0
 ...
 0x00002008 hit0_0 .hello, world;@.        //this is the location of the word hello in memory

 * this cmd will display which memory section the string "hello" was found in the binary
 * the / is used for searching strings
 
[0x00001060]> s 0x00002008
 * this cmd moves the cursor to the specified memory position
    - this cmd moves to the memory location of where the "hello" string is found
	
[0x00002008]> px
 * this cmd identifies what bytes existed in the specified/current location
 * the "px" cmd dumps all of the bytes
    - memory address is on the left (address offset)
	- bytes of memory listed on top-middle
	- hexadecimal representation of the binary data in the middle
	- ascii string is on the right
	
[0x00002008]> oo+
 * this cmd opens the file in read/write mode
[0x00002008]> w hello, name
 * w means write
    - only write strings that is equal or less than the data length
	   - do not go beyond the set data length; else, it'll corrupt valid instructions that the program need
	   - also it is recommended to write null bytes (00) to clear out other data within the data length
[0x00002008]> px
 * refresh
    - the new value of the string will be visible
[0x00002008]> q
 * q exits the radare2 utility and saves the overwritten program
root@re:~$ ./03._hello.out
 * new output will be "hello, name"