Repacking the unpacker: Applying Time Travel Debugging to malware analysis
2019-10-23, 10:30–12:00, DieKirch-Echternach

In this workshop we will apply the Time Travel Debugging feature of WinDbg, one of the most powerful Windows debuggers, to the field of malware analysis. We will show with concrete examples how this technology can be very effective in reversing complex samples in a timely manner.


Microsoft added Time Travel Debugging to their powerful WinDbg debugger in 2017. This feature is a gift for reverse engineers working in all sort of fields and is clearly gaining in popularity. The most obvious area that benefits from reverse debugging is the one of root cause analysis during vulnerability research. Multiple blog posts and demonstrations have proven this.

However, other fields of reverse engeering can also greatly benefit from this innovation. This workshop will take a look at how we can leverage Time Travel Debugging for efficiently unpacking a complex, multilayered malware sample and solving common malware analysis problems in an alternative manner.

The intended audience for this workshop ranges from those who have a minimal reverse engineering background, to seasoned malware analysts who are interested in new approaches.

A basic knowledge of x86 Assembly is recommended. Experience in WinDbg is not required.

Information on the required setup and resources for the workshop can be found here. Be sure to check it out if you are attending the workshop.