Deadlisting gives us most of the information we need, including the program's branching flow. Now, we have an opportunity to validate the path that the program will follow when doing debugging. We get to see the data that are temporarily stored in the registers and memory. And instead of manually trying to understand a decryption code, debugging it would easily show the resulting decrypted data.
Tools used for debugging in Windows include the following:
- OllyDebug
- x86dbg
- IDA Pro
Tools used for debugging Linux include the following:
- gdb
- radare2