Immunity Debugger is a powerful new way
to write exploits, analyze malware, and reverse engineer binary files. It
builds on a solid user interface with function graphing, the industry's first
heap analysis tool built specifically for heap creation, and a large and well
supported Python API for easy extensibility.
Immunity Debugger's interfaces include
the GUI and a command line. The command line is always available at the bottom
of the GUI. It allows the user to type shortcuts as if they were in a typical
text-based debugger, such as WinDBG or GDB. Immunity has implemented aliases to
ensure that your WinDBG users do not have to be retrained and will get the full
productivity boost that comes from the best debugger interface on the market.
Features :
1) A debugger with functionality
designed specifically for the security industry
2) Cuts exploit development time by 50%
3) Simple, understandable interfaces
4) Robust and powerful scripting language for automating intelligent debugging
5) Lightweight and fast debugging to prevent corruption during complex analysis
6) Connectivity to fuzzers and exploit development tools
2) Cuts exploit development time by 50%
3) Simple, understandable interfaces
4) Robust and powerful scripting language for automating intelligent debugging
5) Lightweight and fast debugging to prevent corruption during complex analysis
6) Connectivity to fuzzers and exploit development tools
7) The Python API ("Immlib/Lib reference" for full documentation)
8) A full Python based graphing library
9) Full debugger and GUI API access
10) A flurry of cool example scripts such as:
- !heap A fully working heap dumping script (try the -d option!)
- !searchheap Searching the heap
- !hippie Trampoline hooks on RtlAllocateheap/RtlFreeHeap
- !modptr Dynamic search for function pointers in pages
- !findantidep Find address to bypass software DEP
8) A full Python based graphing library
9) Full debugger and GUI API access
10) A flurry of cool example scripts such as:
- !heap A fully working heap dumping script (try the -d option!)
- !searchheap Searching the heap
- !hippie Trampoline hooks on RtlAllocateheap/RtlFreeHeap
- !modptr Dynamic search for function pointers in pages
- !findantidep Find address to bypass software DEP
Interface: Commands can be
extended in Python as well, or run from the menu-bar. Python commands can also be run directly from our Command Bar.
Users can go back to previously entered commands, or just click in the dropdown
menu and see all the recently used commands.
Remote command bar : From the command line menu, you can
choose to start a threaded command line server.
so you can debug remotely from another computer.
Built in Graphing
Another Immunity Debugger feature is the capability of creating function graphs. Our Python VCG library will create a window inside Immunity Debugger at the click of a button to graph your selected function. No third party software is required.
Another Immunity Debugger feature is the capability of creating function graphs. Our Python VCG library will create a window inside Immunity Debugger at the click of a button to graph your selected function. No third party software is required.
Immunity Debugger is light
Immunity Debugger strives to absorb as few resources on the system as possible. Being too CPU-heavy will cause heap overflows and other complex vulnerabilities to behave differently than they would under normal load. Likewise, fuzzing and other vulnerability analysis is only possible when the debugger is not causing undue system strain.
Immunity Debugger strives to absorb as few resources on the system as possible. Being too CPU-heavy will cause heap overflows and other complex vulnerabilities to behave differently than they would under normal load. Likewise, fuzzing and other vulnerability analysis is only possible when the debugger is not causing undue system strain.
Immunity Debugger exposes the information you need
Most debuggers offer only one method to allow you to attach to a process of interest - the pid and the process name. Immunity Debugger offers the pid, process name, services within that process, TCP/UDP ports listened to by that process, complete binary name, and window name. This allows quick and easy access to the exact process you wish to analyze.
Most debuggers offer only one method to allow you to attach to a process of interest - the pid and the process name. Immunity Debugger offers the pid, process name, services within that process, TCP/UDP ports listened to by that process, complete binary name, and window name. This allows quick and easy access to the exact process you wish to analyze.
Python Scripting : Python
scripts can be loaded and modified during runtime. The included Python
interpreter will load any changes to your custom scripts on the fly. Sample
scripts are included, as is full documentation on how to create your own.
Immunity Debugger's Python API includes many useful utilities and functions.
Your scripts can be as integrated into the debugger as the native code. This
means your code can create custom tables, graphs, and interfaces of all sorts
that remain within the Immunity Debugger user experience. For example, when the
Immunity SafeSEH script runs, it outputs the results into a table within the
Immunity Debugger window. Other scripts
can ask for user input with dialogs and combo boxes.Having a fully integrated
Python scripting engine means you can easily paint variable sizes and track
variable usage, which in turn comes in handy when trying to automatically find
bugs!
Python Hooks
Often you will want to run a Python script on certain program events, for example when a breakpoint is hit or an exception is caused. Immunity Debugger hook support includes many debugger events, and more are added with every release.
Often you will want to run a Python script on certain program events, for example when a breakpoint is hit or an exception is caused. Immunity Debugger hook support includes many debugger events, and more are added with every release.
Python Hooks : Often you
will want to run a Python script on certain program events, for example when a
breakpoint is hit or an exception is caused. Immunity Debugger hook support
includes many debugger events, and more are added with every release.
Immunity
Debugger
ships with 13 different flavors of hooks,
each of which you can implement as either a standalone script or inside a
PyCommand at runtime. The following hook types can be used:
BpHook/LogBpHook
: When
a breakpoint is encountered, these types of hooks can be called. Both hook
types behave the same way, except that when a BpHook is encountered it actually
stops debuggee execution, whereas the LogBpHook continues execution after the
hook is hit.
AllExceptHook
: Any exception that occurs in the process will
trigger the execution of this hook type.
PostAnalysisHook
: After
the debugger has finished analyzing a loaded module, this hook type is
triggered. This can be useful if you have some static-analysis tasks you want
to occur automatically once the analysis is finished. It is important to note
that a module (including the primary executable) needs to be analyzed before
you can decode functions and basic blocks using immlib.
AccessViolationHook
: This
hook type is triggered whenever an access violation occurs; it is most useful
for trapping information automatically during a fuzzing run.
LoadDLLHook/UnloadDLLHook
: This
hook type is triggered whenever a DLL is loaded or unloaded.
CreateThreadHook/ExitThreadHook
: This
hook type is triggered whenever a new thread is created or destroyed.
CreateProcessHook/ExitProcessHook
: This
hook type is triggered when the target process is started or exited.
FastLogHook/STDCALLFastLogHook
:These
two types of hooks use an assembly stub to transfer execution to a small body
of hook code that can log a specific register value or memory location at hook
time. These types of hooks are useful for hooking frequently called functions
No comments:
Post a Comment