Flag: Tornado! Hurricane!

Blogs >> inwk's Blog

Created: Wednesday, August 15 2012 08:34.01 CDT  
Printer Friendly ...
Immunity debugger - default PyCommands
Author: inwk # Views: 14718

This blog entry is just quick note. I am new user of immdbg and it's nice to have short list of commands :)

Activex:
- activex - This is script that will resolve exposed COM functions to their relative address.

Logging:
- apitrace - Hooks all intermodular function calls and logs them
- sqlhooker - logs SQL queries
- getevent - Get a log of current debugevent

Heap:
- chunkanalyzehook - Analize a Specific Chunk at a specific moment. Gets address as a value of EIP and expression to calculate the chunk address
- funsniff - Analize the heap pattern of a executed function
- heap - Immunity Heap Dump and analyzing tool
- hippie - Heap logging function
- hookheap - Hook on RtlAllocateHeap/RtlFreeHeap and display information
- horse - Low Fragmentation Heap Viewer
- lookaside - Shows the Lookaside of the Heap structure

Exploiting:
- acrocache - Dumps Acrobat Reader Cache state
- duality - Looks for mapped address that can be 'transformed' into opcodes
- findantidep - Find address to bypass software DEP
- safeseh - Looks for exception handlers registered with SafeSEH
- vcthook - This hook is used to check if the arguments of VariantChangeType are pointers to the same object. There might be vulnerabilities in code that call this function in such a manner.

Searching and comparing:
- cmpmem - Compare memory with a file
- mark - Static Analysis: Mark the tiny ones. Search and mark given function.
-search - simple script that lets you quickie search for regexp
- searchcode - Search code in memory
- searchcrypt - Search a defined memory range looking for cryptographic routines
- searchheap - Search the heap for specific chunks
- searchspray - Script to search all occurences of a string in memory and display them on a table
- shellcodediff - Check for badchars

Analyzing:
- bpxep - Finds entry point...
- dependencies - Find a exported function on the loaded dll
- finddatatype - Attempts to find the type of the data spanning
- findloop - Find natural loops given a function start address
- findpacker - Find a Packer/Cryptor on a Module
- getrpc - Get the RPC information of a loaded dll
- hookndr - Hooks the NDR unmarshalling routines and prints them out so you can see which ones worked
- recognize - Function Recognizing using heuristic patterns
- scanpe - Detect a Packer/Cryptor of Main Module, also scan just EntryPoint. Calculates the entropy of a chunk of data.
- stackvars - set comments around the code to follow stack variables size and content
- syscall - discover system calls
- treedll - Creates imported dll tree

Network:
- hookssl - Creates a table that displays packets received on the network
- mike - Attempts to automate tracing the lifecycle of a network packet's contents.
- packets - Creates a table that displays packets received on the network

Misc:
- gflags - Global flags management tools
- hidedebug - Patches lots of anti-debug protection
- list - List all pycommands in log window
- modptr - Patch all Function Pointers and detect when they triggered
- nohooks - Clean all hooks from memory
- openfile - Opens a File
- pyexec - Non interactive python shell [immlib already imported]
- template - Immunity PyCommand Template
- traceargs - Find User supplied arguments into a given function
- usage - Return the usage information for a python command

It's all. Any mistakes?




Add New Comment
Comment:









There are 31,320 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
hi!
Jul/01
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM

oleavr
Oct/24
Anatomy of a code tracer

hasherezade
Sep/24
IAT Patcher - new tool for ...

oleavr
Aug/27
CryptoShark: code tracer ba...

oleavr
Jun/25
Build a debugger in 5 minutes

More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...

djnemo on:
Nov/17
Kernel debugger vs user mod...

acel on:
Nov/14
Kernel debugger vs user mod...

pedram on:
Dec/21
frida.github.io: scriptable...

capadleman on:
Jun/19
Using NtCreateThreadEx for ...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit