Analyzing a DLL in x64DBG

[clerkmarc]

Quick tips about how to load a dll in x64dbg in order to debug it and analyse it. In this example we will use a random dll called “example.dll”

Locate the exported function you want to analyse
Here I am using PEbear but you can use any other PE tool



We will use the function DllRegisterServer with the ordinal 1

Start debugging rundll32.exe with x64dbg
Rundll32.exe is a Windows system file used to load and run dynamic-link libraries (DLLs)

The first step is to load rundll32.exe into x64dbg


Loading rundll32.exe into x64dbg

Select “Change Command Line”


Change command line

Enter the path of your DLL with the exported function


Rundll + DLL + Ordinal

Go to Option -> Preferences and select “DLL Entry Point”


Option DLL Entry

Run F9 until you reach the DLL you want to analyse

Check the name of the module you reach on the top of the Window


Module Name : example.dll

That’s it! You can now debug your dll