Flag: Tornado! Hurricane!

 Forums >>  Debuggers  >>  !ASLRdynamicbase Immunity Debugger Extension

Topic created on: August 11, 2007 09:20 CDT by Faithless .

The ASLRdynamicbase.py PyCommand will inspect each loaded module, and report whether the PEHeader contains the relevant information indicating it is compatible with Vista's ASLR implementation (DLLCharacteristics). It is interesting to note some of the Microsoft Office 2007 modules, Groove in particular, have not be compiled with the /dynamicbase option set. The same goes for the Apple Bonjour service DLL installed with Safari for Windows 3.0, providing a nice, stable set of opcodes within the svchost.exe processes that also houses many RPC interfaces.

Install by copying this file into the PyCommands\ folder, and from within the running debugger issue the !ASLRdynamicbase command.

-Rhys

  n00b   August 12, 2007 04:55.34 CDT
Oh great man keep up the good work m8.Any chance of getting a script that will check for buffer over flow's when reverse engineering stuff would be wiked also could implement pointing out possible format string's..

  Faithless     August 12, 2007 06:30.30 CDT
A much requested feature I'm sure n00b! Take a look at the strncpy_hook PyScript included with Immunity Debugger. I've implemented the same approach for memcpy, looking for particular exploit "primitives" with success. It's fairly easy to set a breakpoint on the memcpy function, and inspect the three arguments passed to it. Likewise for memmove() or pedram's previous CreateMailslot() work.

If I tidy up the memcpy_hook PyScript I might release it here in future.

Note: Registration is required to post to the forums.

There are 31,132 total registered users.


Recently Created Topics
Information on the t...
Feb/08
Information on the m...
Feb/07
Order Finax, Fincar ...
Feb/07
Information on the m...
Feb/07
Order Proscar (Finas...
Feb/07
Order Proscar, Finax...
Feb/07
Order Finasteride, F...
Feb/07
How to view IDA Pro'...
Nov/02
reverse MC9S12DG128
Oct/07
Looking for an advan...
Mar/21


Recent Forum Posts
Looking for an advan...
tthtlc
Looking for an advan...
tthtlc
Looking for an advan...
clightning
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo


Recent Blog Entries
nieo
Mar/22
Android Application Reversing

halsten
Mar/14
Breaking IonCUBE VM

oleavr
Oct/24
Anatomy of a code tracer

hasherezade
Sep/24
IAT Patcher - new tool for ...

oleavr
Aug/27
CryptoShark: code tracer ba...

More ...


Recent Blog Comments
ComPuer on:
May/14
Android Application Reversing

nieo on:
Mar/22
IAT Patcher - new tool for ...

djnemo on:
Nov/17
Kernel debugger vs user mod...

acel on:
Nov/14
Kernel debugger vs user mod...

pedram on:
Dec/21
frida.github.io: scriptable...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit