In the previous chapter, we looked at the disassembly features of IDA Pro. In this chapter, you will learn about IDA's debugging capabilities. The commercial version of IDA can debug both 32-bit and 64-bit applications, whereas the demo version only allows you to debug a 32-bit Windows binary. In this section, you will see some of the debugging features offered by IDA Pro, and you will learn how to use it to debug a malicious binary.
There are different ways to launch a new process; one method is to directly launch the debugger, without initially loading the program. To do that, launch IDA (without loading the executable), then select Debugger | Run | Local Windows debugger
; this will bring up a dialog where you can choose the file to debug. If the executable takes any parameters, you can specify them in the Parameters
field. This method will start a new process, and the debugger will pause the execution at the program's entry...