Debugging is a technique in which malicious code is executed in a controlled manner. A debugger is a program that gives you the ability to inspect malicious code at a more granular level. It provides full control over the malware's runtime behavior and allows you to execute a single instruction, multiple instructions, or select functions (instead of executing the entire program), while studying the malware's every action.

In this chapter, you will mainly learn the debugging features offered by IDA Pro (commercial disassembler/debugger) and x64dbg (open source x32/x64 debugger). You will learn about the features offered by these debuggers, and how to use them to inspect the runtime behavior of a program. Depending on the resources available, you will be free to choose either of these debuggers or both, for debugging the malicious binary. When you are debugging a malware, proper care needs to be taken, as you will be running the malicious code on a system. It is highly recommended that you perform any malware debugging in an isolated environment (as covered in Chapter 1, Introduction to Malware Analysis). At the end of this chapter, you will also see how to debug a .NET application using a .NET decompiler/debugger, dnSpy (https://github.com/0xd4d/dnSpy).