https://tahadraidia.com/tags/reverse-engineering/Recent content in reverse-engineering on Taha DraidiaHugo -- gohugo.ioen-usFri, 14 Jul 2023 00:00:00 +0000https://tahadraidia.com/posts/expanding-our-windbg-arsenal-handleex-extension/Fri, 14 Jul 2023 00:00:00 +0000https://tahadraidia.com/posts/expanding-our-windbg-arsenal-handleex-extension/This post has been ported from Darkwaves InfoSec blog. Introduction When it comes to dynamic analysis on Windows, WinDBG is our option of choice. The debugger provides several built-in extensions such as analyze, heap, gle and allows extendibility by creating extensions using several programming languages. During an engagement for a client, a need emerged to retrieve the filename associated with a file handle, all that is within the userland.