Topic created on: May 5, 2013 17:27 CDT by Funv .
Hi, trying to analyse a piece of malware, which when I step over a particular call, it hits an int 3 instruction within that call (in kernel32.dll).
If I try to continue stepping through (or step out) it eventually just continues to run...
The int 3 call is in kernel32.dll, is this normal? I believe its called as part of a WMI query.
Any help on how to get IDA to ignore this break point, or how to continue the debugging after this break would be great! I've tried setting IDA to ignore most exceptions (in the debugging options dialogue), but it still breaks at the same point, I've also tried patching the instruction to a nop in memory.
The only thing I haven't tried is running it in Olly because it took me a while to get to where I am now (its a packed, obfuscated program... brilliant for a newbi...)
A screenie of where the program stops and hits INT 3
Any help would be appreciated!