I need to debug the code injected by a malware into internet explorer. By

Question

0

Asked: May 31, 20262026-05-31T01:18:21+00:00 2026-05-31T01:18:21+00:00

I need to debug the code injected by a malware into internet explorer. By

0

I need to debug the code injected by a malware into internet explorer. By itself it wouldn’t be problem if I could debug the main process, problem is I cannot run the malware from inside the debugger due to a lot of anti debugging measures (moreover the injection is not performed via CreateRemoteThread, nor via NtQueueApcThread, that by itself is already interesting and that’s what I’d also like to figure out).

Is there a way to attach a debugger to the injected process? I can detect the thread I’m interested in using OllyDbg, but there’s no way I can attach to the code to step it and understand what’s going on.

Any suggestion from you?
Thanx in advance!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-31T01:18:22+00:00

Editorial Team

2026-05-31T01:18:22+00:00Added an answer on May 31, 2026 at 1:18 am

Some of the anti-attach tricks are listed here. Some of them mention countermeasures too. FWIW, I was able to attach to the program mentioned in the first post (DbgUiRemoteBreakin overwrite trick) using IDA by enabling “Stop on debugging start” option.

If that doesn’t help, I’d suggest posting to the RE reddit with more details.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I need to debug the code injected by a malware into internet explorer. By

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply