OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Wednesday, August 15 2012 08:34.01 CDT

Printer Friendly ...

Immunity debugger - default PyCommands

Author: inwk

# Views: 14360

This blog entry is just quick note. I am new user of immdbg and it's nice to have short list of commands :)

Activex:
- activex - This is script that will resolve exposed COM functions to their relative address.

Logging:
- apitrace - Hooks all intermodular function calls and logs them
- sqlhooker - logs SQL queries
- getevent - Get a log of current debugevent

Heap:
- chunkanalyzehook - Analize a Specific Chunk at a specific moment. Gets address as a value of EIP and expression to calculate the chunk address
- funsniff - Analize the heap pattern of a executed function
- heap - Immunity Heap Dump and analyzing tool
- hippie - Heap logging function
- hookheap - Hook on RtlAllocateHeap/RtlFreeHeap and display information
- horse - Low Fragmentation Heap Viewer
- lookaside - Shows the Lookaside of the Heap structure

Exploiting:
- acrocache - Dumps Acrobat Reader Cache state
- duality - Looks for mapped address that can be 'transformed' into opcodes
- findantidep - Find address to bypass software DEP
- safeseh - Looks for exception handlers registered with SafeSEH
- vcthook - This hook is used to check if the arguments of VariantChangeType are pointers to the same object. There might be vulnerabilities in code that call this function in such a manner.

Searching and comparing:
- cmpmem - Compare memory with a file
- mark - Static Analysis: Mark the tiny ones. Search and mark given function.
-search - simple script that lets you quickie search for regexp
- searchcode - Search code in memory
- searchcrypt - Search a defined memory range looking for cryptographic routines
- searchheap - Search the heap for specific chunks
- searchspray - Script to search all occurences of a string in memory and display them on a table
- shellcodediff - Check for badchars

Analyzing:
- bpxep - Finds entry point...
- dependencies - Find a exported function on the loaded dll
- finddatatype - Attempts to find the type of the data spanning
- findloop - Find natural loops given a function start address
- findpacker - Find a Packer/Cryptor on a Module
- getrpc - Get the RPC information of a loaded dll
- hookndr - Hooks the NDR unmarshalling routines and prints them out so you can see which ones worked
- recognize - Function Recognizing using heuristic patterns
- scanpe - Detect a Packer/Cryptor of Main Module, also scan just EntryPoint. Calculates the entropy of a chunk of data.
- stackvars - set comments around the code to follow stack variables size and content
- syscall - discover system calls
- treedll - Creates imported dll tree

Network:
- hookssl - Creates a table that displays packets received on the network
- mike - Attempts to automate tracing the lifecycle of a network packet's contents.
- packets - Creates a table that displays packets received on the network

Misc:
- gflags - Global flags management tools
- hidedebug - Patches lots of anti-debug protection
- list - List all pycommands in log window
- modptr - Patch all Function Pointers and detect when they triggered
- nohooks - Clean all hooks from memory
- openfile - Opens a File
- pyexec - Non interactive python shell [immlib already imported]
- template - Immunity PyCommand Template
- traceargs - Find User supplied arguments into a given function
- usage - Return the usage information for a python command

It's all. Any mistakes?

There are 31,314 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
hi!	Jul/01
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit