WINDBG

#identify debugging symbols
PS C:\sre> WinDBG
 ...
 
WinDBG > File > Open anti-debug.exe
WinDBG > Command
 0:000> x anti*!*
 
 * anti is only the partial name of the program
 * x → Examine Symbols: This command lists symbols (functions, variables, etc.) that match a given pattern.
 * anti*!* → This specifies a symbol pattern:
 * anti! → Searches for symbols in a module named anti (e.g., anti.dll or anti.exe).
 * !* → The wildcard (*) matches all symbols within that module.
 
 0:000> x anti*!mai*

 * x → Examine Symbols: Lists symbols (functions, variables, etc.) matching a given pattern.
 * anti*!mai* → Symbol Pattern Specification:
 * anti! → Search for symbols in the module named anti (e.g., anti.dll or anti.exe).
 * mai* → Wildcard search: Matches any symbol that starts with "mai".
    - this will look for "main"
    
 0:000> x anti*!check*
 
 * x → Examine Symbols: Lists symbols (functions, global variables, etc.) that match a pattern.
 * anti*!check* → Symbol pattern specification:
 * anti! → Searches in the module named anti (e.g., anti.dll or anti.exe).
 * check* → Matches any symbol starting with "check" (e.g., CheckDebugger, CheckProcess).
 
#set breakpoints
 0:00> right-click on "main" > select "Set Breakpoint [bp]
 0:00> right-click on each of the identified functions > select "Set Breakpoint [bp]

PS C:\sre> .\WinDBG
WinDBG > Command
 bl
 
 * bl represents breakpoint list
WinDBG > Command
 bp {address obtained from ghidra}

 * bp represents setting breakpoint