| Сейчас на форуме: rmn (+3 невидимых) | 
|  | eXeL@B —› WorldWide —› Immunity Debugger | 
| Посл.ответ | Сообщение | 
|  | Создано: 07 декабря 2007 10:02 · Поправил: Модератор · Личное сообщение · #1 [url=http://debugger.immunityinc.com ]http://debugger.immunityinc.com [/url] This month's release is all about the debuggee's flow! 
_http://rapidshare.com/files/74855840/ImmunityDebugger_setup.rar.html  | 
|  | Создано: 07 декабря 2007 11:42 · Личное сообщение · #2 | 
|  | Создано: 07 декабря 2007 17:09 · Поправил: Av0id · Личное сообщение · #3 | 
|  | Создано: 07 декабря 2007 19:24 · Личное сообщение · #4 | 
|  | Создано: 08 декабря 2007 00:34 · Личное сообщение · #5 | 
|  | Создано: 08 декабря 2007 01:43 · Поправил: linhanshi · Личное сообщение · #6 | 
|  | Создано: 05 февраля 2008 06:47 · Личное сообщение · #7 Immunity Debugger v1.4 1.40 Build 0 New Features: - Debugger Core: o Added Silent Debugging Flag [accesible via Debugging options ALT-O or via immlib] forum.immunityinc.com/topic=157.0 o Added Analysis Second Pass [Decoding Functions] forum.immunityinc.com/topic=163.0 - Debugger GUI Core: o Now you can add headers + other useful information on every Row displayed at the Disasm Window. The information will be saved as part of dump struct. o Dettach option added to File Menu: Go to File -> Dettach [You need to be attached to gray out Dettach] forum.immunityinc.com/topic=158.0 - Debugger GUI: o Right click on disasm line -> Add Header will add headers to your line - Immunity Debugger API: o Row Headers / Adding Lines to CPU - Added imm.addHeader() and imm.getHeader() methods. - imm.addLine behaves like addHeader() - Added imm.removeHeader()/imm.removeLine() && imm.getHeader()/imm.getLine() - Added imm.getTraceArgs() o Added imm.goSilent() method. o Added imm.undecorateName() method: Undecorate symbol names forum.immunityinc.com/topic=159.0 o Added imm.Dettach() method: Dettach current process from debugger o Added imm.prepareForNewProcess() method: Prepare Debugger core for a fresh start o Updated BoB's UserDB.txt (http://peid.info/BobSoft/Downloads.html) - PyCommands: o Added namefunc.py : a simple samplescript that uses imm.addHeader to name functions in module o Added traceargs.py: find User supplied arguments into a given function. o Added JMS's Mike & Boo script o User Contributed PyCommands: - BoB (http://PEiD.info/BobSoft/) * scanpe.py (http://forum.immunityinc.com/topic=137.0) * hidedebug.py (http://forum.immunityinc.com/topic=140.0) * bpxep.py (http://forum.immunityinc.com/topic=138.0) Bug Fixes: - Fixed error when adding knowledge and changing python enviroments later. (__dict__ not accesible in restricted mode error) Download: You can upgrade your current Immunity Debugger by going to Help/Update or directly downloading the new installer from debugger.immunityinc.com/register.html  | 
|  | Создано: 06 февраля 2008 17:41 · Поправил: Модератор · Личное сообщение · #8 | 
|  | Создано: 20 февраля 2008 10:50 · Личное сообщение · #9 For fans of this tools.   Here, my adapted plug-ins Phantom 1.20 and OllyDump 3.00 for Immunity Debugger. may be it will it is useful.  6e93_19.02.2008_CRACKLAB.rU.tgz - Plugins.rar  | 
|  | Создано: 20 февраля 2008 11:49 · Личное сообщение · #10 | 
|  | Создано: 05 апреля 2008 17:58 · Личное сообщение · #11 Immunity team is proud to present: Immunity Debugger 1.5 This new Immunity Debugger release provides a lot of new scripts and important fixes. New scripts to improve your debugging experience include: gflags, hookssl, and hookndr. The API has been reinforced with new functionality which allows you to gather more information from the remote process, such as Threads, findRetValue. This release also includes some important fixes such as correct Memory Page protection flags, which are also available via the Python API. Check the Changelog below for the details of this exciting release. As usual, you can discuss your scripts, request new features or just hang out at our forum: forum.immunityinc.com. We would like to thank Teddy Roggers from tuts4you for maintaining a list of Immunity Debugger ported plug-ins that can be found at www.tuts4you.com/download.php?list.74 Do you want to hire a hacker? Are you looking for job? Immunity has extended the Immunity Debugger Advertisment service to hackers, reverse engineers and debugger freaks and it is now free for job seekers! Job seekers can place ads at debugger.immunityinc.com/hireahacker.html Happy debugging (and job hunting)! Team Immunity P.S.: If you want to request a feature, show off your script or just chat about Immunity Debugger, Justin Seitz from the Immunity Debugger team will be at CanSecWest for the next three days. 1.50 Build 0 New Features: - Debugger: o Added "Servers" folder with specific PyCommand listeners - for example, hookssl.py will send all the data back to a XML-RPC service using ssl_listener.py, which then has the option to change it and send it back. - Memory Pages: o Working on Windows Vista. Now correct on Windows XP, 2000, 2003. Immunity Debugger API: o Added imm.vmQuery() wrapper [Query Virtual Memory pages] o The MemoryPage class has been improved. - Protect and Allocation Protect Flags are queried in real-time - You can get a human readable flag passing human = 1 to page.getAccess() and page.getInitAccess() o Added: - searchOnExecute() - searchOnRead() - searchOnWrite() These methods will search in any memory page with access = any combination. o Modified: - Search() - searchShort() - searchLong() to receive an extra flag parameter to specify memory protection type when searching. o Added imm.isAdmin() : is ID running as admin? o Added Thread class to debugtypes.py o Added imm.getAllThreads() method o librecognition.py : Improved REGEXP support for the indexed register search o Added Function.findRetValue Find all the possible values on a Function o GFlags class Handle Windows Global Flags. PyCommands: o gflags.py: Enable/Disable Windows Global Flags o recognize.py: Backward compatability o Added hookssl.py o Added ssl_listener.py to Servers directory o Added hookndr.py: Hooks the NDR unmarshalling routines and prints them out so you can see which ones worked o Added nohooks.py : removes all hooks from memory Bug Fixes: - Debugger Core o The memory page protect information is correctly displayed now. o Fixed Second Analysis pass repeated entries bug. o Fixed thread state swap issue which was leading to a memory leak.  | 
|  | Создано: 07 апреля 2008 13:03 · Личное сообщение · #12 15 Scripts for Immunity Debugger 13 plugins for Immunity Debugger list of plugins: Analyze This 0.1 1 Joe Stewart Asm2clipboard 0.1 FatMike Cleanup Ex 1.12.108 Gigapede Crypto Scanner 0.5b Loki FullDisasm 1.71 BeatriX HideOD 0.17 Kanxue IsDebugPresent 1.4 SV ODBGScript 1.65 SHaG & Epsylon3 OllyDbg PE Dumper 3.03 FKMA OllyDump 3.00.110 Gigapede PhantOm Plugin 1.20 Hellsp@wn & Archer Ultra String Reference 0.12 Luo Windows Maximizer 1.0 BoB rapidshare.com/files/105095669/ImDg_15_Scripts____13_plugins.exe  | 
|  | Создано: 08 апреля 2008 19:39 · Поправил: nlord · Личное сообщение · #13 | 
|  | Создано: 27 ноября 2008 16:53 · Личное сообщение · #14 ImmunityDebugger 1.73 RemoveAD KuNgBiM 1.70 Build 0 New Features: - Debugger o Added support for variable decoding when second pass analysis enabled - Immunity Debugger API o Added getVariable/setVariable methods o Added driverlib.py for analyzing drivers - PyCommands o activex.py for auditing ActiveX controls - Bug Fixes o Fixed Python pathing issue when JIT debugging/spawning from right-click o Fixed Module.getName() method to return only the module name o Fixed length check error in imm.Assemble() 1.60 Build 0 New Features: - Debugger o Added ‘Use Symbol Server’ option [http://forum.immunityinc.com/topic=162] o Improved Getallnames o Added timestamp to log events - Immunity Debugger API o Added getAllSymbolsFromModule method o Added libcontrolflow.py Container for classes DominatorTree and ControlFlowAnalysis o Added Clear function to FastLogHook. - PyCommands o Added findloop.py: Find natural loops given a function start. o Added treedll.py: Creates imported dll tree. - Bug Fixes: o Fixed POST_ANALYSIS_HOOK “FATAL ERROR” o Fixed Arguments overflow (Thanks David Wetson for reporting this one!) o Local Symbol Path issue o Analysis second pass option now works o Getallsymbols now correctly creates the PyDict [Import/Export/Library issue] 1.50 Build 0 New Features: - Debugger: o Added “Servers” folder with specific pycommand listeners - Memory Pages: o Working on Windows Vista Immunity Debugger API: o Added imm.vmQuery() wrapper [Query Virtual Memory pages] o The MemoryPage class has been improved. - Protect and Allocation Protect Flags are queried realtime - You can get a human readable flag passing human = 1 to page.getAccess() and page.getInitAccess() o Added: - searchOnExecute() - searchOnRead() - searchOnWrite() These methods will search in any memory page with access = any combination. o Modified: - Search() - searchShort() - searchLong() to receive an extra flag parameter to specify memory protection type when searching. o Added imm.isAdmin() : is ID running as admin? o Added Thread class to debugtypes.py o Added imm.getAllThreads() method o librecognition.py : Improved REGEXP support for the indexed register search o Added Function.findRetValue Find all the possible values on a Function o GFlags class Handle Windows Global Flags. PyCommands: o gflags.py: Enable/Disable Windows Global Flags o recognize.py: Backward compatability o Added hookssl.py o Added ssl_listener.py to Servers directory o Added hookndr.py Hooks the NDR unmarshalling routines and prints them out so you can see which ones worked o Added nohooks.py : remove all hooks from memory Bug Fixes: - Debugger Core o The memory page protect information is correctly displayed now. o Fixed Second Analisys pass repeated entries bug. o Fixed thread state swap issue which was leading to a memleak. 1.40 Build 0 New Features: - Debugger Core: o Added Silent Debugging Flag [accesible via Debugging options ALT-O or via immlib] forum.immunityinc.com/topic=157.0 o Added Analysis Second Pass [Decoding Functions] forum.immunityinc.com/topic=163.0 - Debugger GUI Core: o Now you can add headers + other useful information on every Row displayed at the Disasm Window. The information will be saved as part of dump struct. o Dettach option added to File Menu: Go to File -> Dettach [You need to be attached to gray out Dettach] forum.immunityinc.com/topic=158.0 - Debugger GUI: o Right click on disasm line -> Add Header will add headers to your line - Immunity Debugger API: o Row Headers / Adding Lines to CPU - Added imm.addHeader() and imm.getHeader() methods. - imm.addLine behaves like addHeader() - Added imm.removeHeader()/imm.removeLine() && imm.getHeader()/imm.getLine() - Added imm.getTraceArgs() o Added imm.goSilent() method. o Added imm.undecorateName() method: Undecorate symbol names forum.immunityinc.com/topic=159.0 o Added imm.Dettach() method: Dettach current process from debugger o Added imm.prepareForNewProcess() method: Prepare Debugger core for a fresh start o Updated BoB’s UserDB.txt (http://peid.info/BobSoft/Downloads.html) - PyCommands: o Added namefunc.py : a simple samplescript that uses imm.addHeader to name functions in module o Added traceargs.py: find User supplied arguments into a given function. o Added JMS’s Mike & Boo script o User Contributed PyCommands: - BoB (http://PEiD.info/BobSoft/) * scanpe.py (http://forum.immunityinc.com/topic=137.0) * hidedebug.py (http://forum.immunityinc.com/topic=140.0) * bpxep.py (http://forum.immunityinc.com/topic=138.0) Bug Fixes: - Fixed error when adding knowledge and changing python enviroments later. (__dict__ not accesible in restricted mode error) 1.30 Build 0 November 1, 2007 New Features: - Immunity Debugger API o Hooks - Hooks can receive force flag to overwrite previously placed hooks - Hooks can receive time to live in memory parameter when adding (After the TTL expires, the hook is automatically removed from memory) - Hooks has a runTimeout method to execute code after TTL expires o Choose thread enviroment to execute the ttl code - Added special kind of AccessViolation hook: RunUntilAV() class o Added setHardwareBreakpoint method o Address deleteBreakpoint method o Process flow: o Improved methods: - stepOver - stepIn - Run - Attach o Added methods: - openProcess - restartProcess - pause - runTillReturn - PyCommands o search allows multiple line searching: !search add esp,const\nret o Added sql_listener and sqlhooker o Added Example processflow script Bug Fixes: - Fixed imm.ps() to correctly fetch udp port list forum.immunityinc.com/topic=84.0 - Fixed Get references methods 1.20 Build 0 October 1, 2007 New Features: - Immunity Debugger API o immlib.getThreadId() method added: return the current debuggee thread id o immlib.getCallTree() method added: return the call tree for given address o immlib.setFocus() method added: focus ID window o immlib.isValidHandle() method added: check if a HWND is still valid o immlib.getInfoPanel() method added: get information from panel window and optionally receives a type flag to force the kind of comment fetched. o imm.findPacker() method added: find packers/cryptors on a file or a loaded module o imm.getMemoryPagebyOwner(): Find all the memory pages belonging to a module. o immlib.ps() returns two extra objects: the tcp list and the udp list o immlib.getComment() now will try to fetch all types of comments o Added new HOOKTYPE: PRE_BP_HOOK, hooks exactly before the breakpoint is hit (Decoding events timeline) o New Vista support for libheap o Custom Tables has “Clear Window” menu now o Added several methods from librecognize - PyCommands o findpacker added. (Use of immlib.findPacker to get Packers from a module) o recognize added. (Function Recognizing using heuristic patterns) o Hippie now can filter by heap o heap updated to work with new Vista Heap o Optimized code for stackvars (Memory usage reduction during runtime) - Core o Pyshell can be focused once created with alt-F11 o Shortcut for attach process added: Ctrl+F1 o Added librecognition.py (Library for function recognizing) - Graph o immvcglib.generateGraphFromBuf() method added: play with your own vcg files! o Redesign of VCG parser: easier to read, easier to use. Bug Fixes: o Return value (HWND) of createTable o Fixed Attach Search Filtering : forum.immunityinc.com/topic=49.0 o Grapher: Vertex lastline jumps correctly displayed now o Fixed crash when searching on modules: forum.immunityinc.com/topic=63.0 o Fixed search issue on protected binary: forum.immunityinc.com/topic=34 o Fixed breakpoint/logpoint hooks issue (logic/stepping inside a hook) o Fixed PyString_AsString() missbehaviour o Fixed PyCommand Gui Arguments box to receive \x00 as argument o Fixed imm.getModulebyAddress() to receive any module address and not only module entry point forum.immunityinc.com/topic=74.0 1.1 Build 2 August 31, 2007 Python Thread entering the spiral zone has been fixed 1.1 Build 0 August 30, 2007 New Features: o Interactive Python Shell added o Lookaside enhanced output + Discovery option o libdatatype “Get” Function o Get OS information methods o Ero Carrera’s pefile.py (http://code.google.com/p/pefile/) o Python engine rewritten to properly use thread locking/unlocking o Added ignoreSingleStep method for immlib (TRANSPARENT + CONVETIONAL) o Attach process window is now dinamically searchable o Added clean ID memory methods inside immlib o Added Stack analize library (libstackanalize) o Fixed some memleak on Disasm o Fixed wrong arguments on Disasm operand o Improved Patch command o Safeseh moved into a PyCommand New Scripts: o searchcrypt PyCommand o stackvars PyCommand o search PyCommand Bug Fixes: o Solved ‘ij’ issue inside attach window o Fixed VCG parser (Blocks display fully address now) o Fixed traceback error when trying to graph and no attached o Fixed printfloat() format error o Fixed ret value of Getaddrfromexp in case of non-existand expression 1.0 Build 42 August 1, 2007 o Released as produc ----- RE In Progress [!] Coding Hazard [!] Stay Clear of this Cube  | 
|  | Создано: 27 ноября 2008 16:55 · Личное сообщение · #15 o Released as product o Includes: o Full Python API: - immlib (main lib) - internals - immutils - debugtypes - libdatatype - libanalize - libhook - libevent - libheap - pelib - immvcglib - graphclass o Command Box (with remote listener + command line client) o Python Orthogonal Drawing o Examples for PyCommands/PyHooks/PyScripts o Ready to use PyCommands/PyHooks: chunkanalizehook Analize a Specific Chunk at a specific moment cmpmem Compare memory with a file (file been a dump from prettyhexprint) dependencies Find a exported function on the loaded dll duality Looks for mapped address that can be ‘transformed’ into opcodes findantidep Find address to bypass software DEP finddatatype funsniff funsniff funsniff getevent Get a log of current debugevent getrpc Get the RPC information of a loaded dll heap Immunity Heap Dump hippie Syscall Fuzzer hookheap - DESC is not defined for this command - list List PyCommands lookaside - DESC is not defined for this command - mark Static Analysis: Mark the tiny ones modptr !modptr Patch all Function Pointers and detect when they triggered openfile Open a File patch Patches anti-debugging protection , [-t TYPE_OF_PROTECTION] pyexec Non interactive python shell [immlib already imported] searchcode Search code in memory searchheap Search the heap for specific chunks safeseh Show exceptions handlers registered with SEH pe_export Export Module www.onlinedisk.ru/file/41098/ ----- RE In Progress [!] Coding Hazard [!] Stay Clear of this Cube  | 
|  | eXeL@B —› WorldWide —› Immunity Debugger | 




 





 Для печати
 Для печати