OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Monday, October 8 2007 12:02.14 CDT

Printer Friendly ...

For those who miss it: Immunity Debugger v1.2 Release

Author: nicowow

# Views: 4250

This release we include a flurry of new exciting features!

We are proud to announce the first beta version of our free
Vista Heap Library, which supports the new 'Freelist' and
Low Fragmentation Chunk.  Check out the new usage of the
!heap command for more details.

Also included in this release the new recognition library using
heuristic patterns, with a huge database of known windows static
functions. Immunity Debugger includes this library both as a
PyCommand (use !recognize) and as a function for scripting
(use searchFunctionByHeuristic).

As an example usage, imagine you want to release your own script
and set a breakpoint on a unnamed function which might move or
change slightly across different versions of the program. Using
Immunity Debugger's API you can get the heuristic out of the
function and do:

Code:

address = imm.searchFunctionByHeuristic( heuristic)
imm.setBreakpoint( address )

Finally, we include our own small version of peid called
!findpacker using Ero Carrera's pefile and Bob's UserDB with
around 1300 signatures for packers, cryptors and other loaders.

Immunity is also moving the deadline for the PyCommands contest
to the 10th of December to give you more time to use the new features.

Thanks for using Immunity Debugger! We hope you enjoy this month's
release. You+can upgrade your current Immunity Debugger by going to
Help/Update or by directly downloading the new installer from
http://debugger.immunityinc.com/register.html

Don't forget to check out the Immunity Forum (http://forum.immunityinc.com)
for more examples, feedback, cool screenshots, etc.

Thanks
Immunity Debugger Team

1.20 Build 0
October 1, 2007

New Features:

- Immunity Debugger API
  o immlib.getThreadId() method added: return the current debuggee thread id
        o immlib.getCallTree() method added: return the call tree for given
          address
        o immlib.setFocus() method added: focus ID window
        o immlib.isValidHandle() method added: check if a HWND is still valid
        o immlib.getInfoPanel() method added: get information from panel window
          and optionally receives a type flag to force the kind of comment
          fetched.
        o imm.findPacker() method added: find packers/cryptors on a file or a
          loaded module
        o imm.getMemoryPagebyOwner(): Find all the memory pages belonging to a
          module.
        o immlib.ps() returns two extra objects: the tcp list and the udp list
        o immlib.getComment() now will try to fetch all types of comments
        o Added new HOOKTYPE: PRE_BP_HOOK, hooks exactly before the breakpoint
          is hit (Decoding events timeline)
        o New Vista support for libheap
        o Custom Tables has "Clear Window" menu now
        o Added several methods from librecognize

- PyCommands
        o findpacker added. (Use of findPacker to get Packers from a module)
        o recognize added. (Function Recognizing using heuristic patterns)
        o Hippie now can filter by heap
        o heap updated to work with new Vista Heap
        o Optimized code for stackvars (Memory usage reduction during runtime)

- Core
        o Pyshell can be focused once created with alt-F11
        o Shortcut for attach process added: Ctrl+F1
        o Added librecognition.py (Library for function recognizing)
- Graph
        o immvcglib.generateGraphFromBuf() method added: play with your own vcg
          files!
        o Redesign of VCG parser: easier to read, easier to use.

Bug Fixes:

o Return value (HWND) of createTable
o Fixed Attach Search Filtering :
  http://forum.immunityinc.com/index.php?topic=49.0
o Grapher: Vertex lastline jumps correctly displayed now
o Fixed crash when searching on modules:
  http://forum.immunityinc.com/index.php?topic=63.0
o Fixed search issue on protected binary:
  http://forum.immunityinc.com/index.php?topic=34
o Fixed breakpoint/logpoint hooks issue (logic/stepping inside a hook)
o Fixed PyString_AsString() missbehaviour
o Fixed PyCommand Gui Arguments box to receive \x00 as argument
o Fixed imm.getModulebyAddress() to receive any module address and not only
  module entry point
  http://forum.immunityinc.com/index.php?topic=74.0

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit