2

I am attempting to manually unpack a malware sample. I am using the new WinDbg Preview (only thing that is available to download now). After letting the malware call VirtualAlloc I am trying to search the memory now but I am getting 0 results. I have been on Google and Microsoft docs about the range operator trying to get this to work but I cant get it to find anything. I am on a Windows 11 vm.

s -a 0 L?4ffffff "This Program"

Improve this question
1
  • Try few other variations like s -sa to search all ascii strings s -su for all unicode or just try searching for hex like s ..... 0x(T).... Commented Mar 20, 2023 at 7:24

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.