Flag: Tornado! Hurricane!

Blogs >> inwk's Blog

Created: Wednesday, August 15 2012 08:34.01 CDT  
Printer Friendly ...
Immunity debugger - default PyCommands
Author: inwk # Views: 10615

This blog entry is just quick note. I am new user of immdbg and it's nice to have short list of commands :)

Activex:
- activex - This is script that will resolve exposed COM functions to their relative address.

Logging:
- apitrace - Hooks all intermodular function calls and logs them
- sqlhooker - logs SQL queries
- getevent - Get a log of current debugevent

Heap:
- chunkanalyzehook - Analize a Specific Chunk at a specific moment. Gets address as a value of EIP and expression to calculate the chunk address
- funsniff - Analize the heap pattern of a executed function
- heap - Immunity Heap Dump and analyzing tool
- hippie - Heap logging function
- hookheap - Hook on RtlAllocateHeap/RtlFreeHeap and display information
- horse - Low Fragmentation Heap Viewer
- lookaside - Shows the Lookaside of the Heap structure

Exploiting:
- acrocache - Dumps Acrobat Reader Cache state
- duality - Looks for mapped address that can be 'transformed' into opcodes
- findantidep - Find address to bypass software DEP
- safeseh - Looks for exception handlers registered with SafeSEH
- vcthook - This hook is used to check if the arguments of VariantChangeType are pointers to the same object. There might be vulnerabilities in code that call this function in such a manner.

Searching and comparing:
- cmpmem - Compare memory with a file
- mark - Static Analysis: Mark the tiny ones. Search and mark given function.
-search - simple script that lets you quickie search for regexp
- searchcode - Search code in memory
- searchcrypt - Search a defined memory range looking for cryptographic routines
- searchheap - Search the heap for specific chunks
- searchspray - Script to search all occurences of a string in memory and display them on a table
- shellcodediff - Check for badchars

Analyzing:
- bpxep - Finds entry point...
- dependencies - Find a exported function on the loaded dll
- finddatatype - Attempts to find the type of the data spanning
- findloop - Find natural loops given a function start address
- findpacker - Find a Packer/Cryptor on a Module
- getrpc - Get the RPC information of a loaded dll
- hookndr - Hooks the NDR unmarshalling routines and prints them out so you can see which ones worked
- recognize - Function Recognizing using heuristic patterns
- scanpe - Detect a Packer/Cryptor of Main Module, also scan just EntryPoint. Calculates the entropy of a chunk of data.
- stackvars - set comments around the code to follow stack variables size and content
- syscall - discover system calls
- treedll - Creates imported dll tree

Network:
- hookssl - Creates a table that displays packets received on the network
- mike - Attempts to automate tracing the lifecycle of a network packet's contents.
- packets - Creates a table that displays packets received on the network

Misc:
- gflags - Global flags management tools
- hidedebug - Patches lots of anti-debug protection
- list - List all pycommands in log window
- modptr - Patch all Function Pointers and detect when they triggered
- nohooks - Clean all hooks from memory
- openfile - Opens a File
- pyexec - Non interactive python shell [immlib already imported]
- template - Immunity PyCommand Template
- traceargs - Find User supplied arguments into a given function
- usage - Return the usage information for a python command

It's all. Any mistakes?




Add New Comment
Comment:









There are 31,103 total registered users.


Recently Created Topics
How to view IDA Pro'...
Nov/02
reverse MC9S12DG128
Oct/07
Looking for an advan...
Mar/21
Ultimate Hacking Cha...
Jun/21
CreateMutex
May/31
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15


Recent Forum Posts
Looking for an advan...
tthtlc
Looking for an advan...
tthtlc
Looking for an advan...
clightning
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo


Recent Blog Entries
nieo
Mar/22
Android Application Reversing

halsten
Mar/14
Breaking IonCUBE VM

oleavr
Oct/24
Anatomy of a code tracer

hasherezade
Sep/24
IAT Patcher - new tool for ...

oleavr
Aug/27
CryptoShark: code tracer ba...

More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...

djnemo on:
Nov/17
Kernel debugger vs user mod...

acel on:
Nov/14
Kernel debugger vs user mod...

pedram on:
Dec/21
frida.github.io: scriptable...

capadleman on:
Jun/19
Using NtCreateThreadEx for ...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit