+- الفريق العربي للهندسة العكسية (https://www.at4re.net/f)
+-- قسم : ENGLISH FORUM (https://www.at4re.net/f/forum-6.html)
+--- قسم : Tutorials (https://www.at4re.net/f/forum-14.html)
+--- الموضوع : Analyzing a DLL in x64DBG (/thread-2671.html)
Analyzing a DLL in x64DBG - clerkmarc - 30-03-2021
Quick tips about how to load a dll in x64dbg in order to debug it and analyse it. In this example we will use a random dll called “example.dll”
Locate the exported function you want to analyse
Here I am using PEbear but you can use any other PE tool
![[صورة مرفقة: pG8yzb7.png]](https://i.imgur.com/pG8yzb7.png)
We will use the function DllRegisterServer with the ordinal 1
Start debugging rundll32.exe with x64dbg
Rundll32.exe is a Windows system file used to load and run dynamic-link libraries (DLLs)
The first step is to load rundll32.exe into x64dbg
![[صورة مرفقة: WeYXy0L.png]](https://i.imgur.com/WeYXy0L.png)
Loading rundll32.exe into x64dbg
Select “Change Command Line”
![[صورة مرفقة: SL6q9Cl.png]](https://i.imgur.com/SL6q9Cl.png)
Change command line
Enter the path of your DLL with the exported function
![[صورة مرفقة: xJ88yGe.png]](https://i.imgur.com/xJ88yGe.png)
Rundll + DLL + Ordinal
Go to Option -> Preferences and select “DLL Entry Point”
![[صورة مرفقة: E1QQsyD.png]](https://i.imgur.com/E1QQsyD.png)
Option DLL Entry
Run F9 until you reach the DLL you want to analyse
Check the name of the module you reach on the top of the Window
![[صورة مرفقة: MZRdn5E.png]](https://i.imgur.com/MZRdn5E.png)
Module Name : example.dll
That’s it! You can now debug your dll