About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

Blogs >> inwk's Blog

Created: Friday, August 24 2012 10:48.48 CDT  
Direct Link, View / Make / Edit Comments
New version of Ollydbg!
Author: inwk # Views: 1979

The new version of Olly is OllyDbg 2.01 beta 2, more info here.

Created: Wednesday, August 15 2012 08:34.01 CDT  
Direct Link, View / Make / Edit Comments
Immunity debugger - default PyCommands
Author: inwk # Views: 2445

This blog entry is just quick note. I am new user of immdbg and it's nice to have short list of commands :)

Activex:
- activex - This is script that will resolve exposed COM functions to their relative address.

Logging:
- apitrace - Hooks all intermodular function calls and logs them
- sqlhooker - logs SQL queries
- getevent - Get a log of current debugevent

Heap:
- chunkanalyzehook - Analize a Specific Chunk at a specific moment. Gets address as a value of EIP and expression to calculate the chunk address
- funsniff - Analize the heap pattern of a executed function
- heap - Immunity Heap Dump and analyzing tool
- hippie - Heap logging function
- hookheap - Hook on RtlAllocateHeap/RtlFreeHeap and display information
- horse - Low Fragmentation Heap Viewer
- lookaside - Shows the Lookaside of the Heap structure

Exploiting:
- acrocache - Dumps Acrobat Reader Cache state
- duality - Looks for mapped address that can be 'transformed' into opcodes
- findantidep - Find address to bypass software DEP
- safeseh - Looks for exception handlers registered with SafeSEH
- vcthook - This hook is used to check if the arguments of VariantChangeType are pointers to the same object. There might be vulnerabilities in code that call this function in such a manner.

Searching and comparing:
- cmpmem - Compare memory with a file
- mark - Static Analysis: Mark the tiny ones. Search and mark given function.
-search - simple script that lets you quickie search for regexp
- searchcode - Search code in memory
- searchcrypt - Search a defined memory range looking for cryptographic routines
- searchheap - Search the heap for specific chunks
- searchspray - Script to search all occurences of a string in memory and display them on a table
- shellcodediff - Check for badchars

Analyzing:
- bpxep - Finds entry point...
- dependencies - Find a exported function on the loaded dll
- finddatatype - Attempts to find the type of the data spanning
- findloop - Find natural loops given a function start address
- findpacker - Find a Packer/Cryptor on a Module
- getrpc - Get the RPC information of a loaded dll
- hookndr - Hooks the NDR unmarshalling routines and prints them out so you can see which ones worked
- recognize - Function Recognizing using heuristic patterns
- scanpe - Detect a Packer/Cryptor of Main Module, also scan just EntryPoint. Calculates the entropy of a chunk of data.
- stackvars - set comments around the code to follow stack variables size and content
- syscall - discover system calls
- treedll - Creates imported dll tree

Network:
- hookssl - Creates a table that displays packets received on the network
- mike - Attempts to automate tracing the lifecycle of a network packet's contents.
- packets - Creates a table that displays packets received on the network

Misc:
- gflags - Global flags management tools
- hidedebug - Patches lots of anti-debug protection
- list - List all pycommands in log window
- modptr - Patch all Function Pointers and detect when they triggered
- nohooks - Clean all hooks from memory
- openfile - Opens a File
- pyexec - Non interactive python shell [immlib already imported]
- template - Immunity PyCommand Template
- traceargs - Find User supplied arguments into a given function
- usage - Return the usage information for a python command

It's all. Any mistakes?


Archived Entries for inwk
Subject # Views Created On
No archived blog entries found.

There are 29,884 total registered users.


Recently Created Topics
Incorrect bitness wh...
May/20
PaiMei stalker modul...
May/19
Attach to program us...
May/13
IDA PRO how to make ...
May/12
FACT: OpenRCE is dead.
May/08
Int 3 anti debug?
May/05
help needed - Beginn...
May/03
Attaching IDA Pro to...
Apr/27
File type
Apr/21
Debugging iphone app...
Apr/15


Recent Forum Posts
Debugging iphone app...
staree2010
Ollydbg 2.0 - Plugin...
openrce...
IDA PRO how to make ...
codeinject
FACT: OpenRCE is dead.
codeinject
IDA Resource Viewer ...
r2x64
FACT: OpenRCE is dead.
djnemo
FACT: OpenRCE is dead.
codeinject
FACT: OpenRCE is dead.
pedram
help needed - Beginn...
araujo
Attaching IDA Pro to...
codeinject


Recent Blog Entries
sweetyss
May/18
Adam Wainwright continues t...
lowpriority
Apr/13
OllyMigrate Plugin for Olly...
everdox
Mar/08
2 anti-trace mechanisms spe...
everdox
Mar/07
Advanced debugging techniques
everdox
Mar/06
Branch tracing and LBR acce...
More ...


Recent Blog Comments
clarisonic on:
Apr/03
New version of Ollydbg!
clarisonic on:
Apr/03
New version of Ollydbg!
trackerx90 on:
Mar/04
SuppressDebugMsg As Anti-De...
coachfactory on:
Feb/25
Portable Executable Format ...
coachfactory on:
Feb/25
A new Anti-Olly trick.
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit