[url=http://debugger.immunityinc.com
]http://debugger.immunityinc.com
[/url]

This month's release is all about the debuggee's flow!

With huge core changes, Immunity Debugger and its API now have much
more control over process execution. Opening a process, running it,
pausing it, and restarting it is now available via your chosen
scripting method (check the processflow PyCommand to see how it works).

This will allow us, without a doubt, to automate even more our scripts
and commands.

The other big improvement in 1.3 is regarding hooks:

Hooks has a few more features now, among them the ability to specify a
time to live in memory for a hook. A pseudo-code example to show how
this works:


#Creating a hook with ttl = 15 seconds
customhook = MyOwnHook()
customhook.add("CREATETHREAD",timeout=15)

#And MyOwnHook class

class MyOwnHook():

def run():
#execute when the hook is hit

def runTimeout():
#execute if the TTL expires


The new method runTimeout() will be your bridge to executing code when the
hook ttl expires, and it wasnt hit.

After runTimeout is executed, the customhook will remove itself from memory.


In order to use these new features, we have also added a new type of hook:
The RunUntilAV hook. This will hook into AccessViolation events.
Once it is added it will run the process waiting for the AV or the TTL to expire.


Stay tunned to see how Immunity uses these new features over the next few weeks.


One more thing you may want to take a look into this release is the new

season sensation combo: listener and hookers, shipping with 1.30:

sql_listener+sqlhooker, work made in conjunction by Dave Aitel and JMS.

For all the script coders that exist out there who want to get their hands
on a SILICA unit (http://www.immunityinc.com/products-silica.shtml), remember
our PLUGIN AWARDS deadline:

December 10th.

So hurry up and finish that beauty piece of code you are working on, results
will be posted before December 20th.


A complete list of changes:
1.30 Build 0
December 5, 2007

New Features:
- Immunity Debugger API
o Hooks
- Hooks can receive force flag to overwrite previously placed hooks
- Hooks can receive time to live in memory parameter when adding
(After the TTL expires, the hook is automatically removed from memory)
- Hooks has a runTimeout method to execute code after TTL expires
o Choose thread enviroment to execute the ttl code
- Added special kind of AccessViolation hook: RunUntilAV() class
o Added setHardwareBreakpoint method
o Address deleteBreakpoint method
o Process flow:
o Improved methods:
- stepOver
- stepIn
- Run
- Attach
o Added methods:
- openProcess
- restartProcess
- pause
- runTillReturn

- PyCommands
o search allows multiple line searching: !search add esp,const\nret
o Added sql_listener and sqlhooker
o Added Example processflow script

Bug Fixes:
- Fixed imm.ps() to correctly fetch udp port list
[url=http://forum.immunityinc.com/topic=84.0
]http://forum.immunityinc.com/topic=84.0
[/url]
- Fixed Get references methods

Happy debugging everyone!
Team Immunity.

_http://rapidshare.com/files/74855840/ImmunityDebugger_setup.rar.html

| Сообщение посчитали полезным:

ftopky
=)

| Сообщение посчитали полезным:

and so, immdbg bought ollydbg or not?

| Сообщение посчитали полезным:

Independent Today, some of:

ollydbg ,sys,Immunity

| Сообщение посчитали полезным:

Why would somebody download from rapidshare when it's freely available from the immunity site?

| Сообщение посчитали полезным:

Download now required to be registered.

| Сообщение посчитали полезным:

Immunity Debugger v1.4

1.40 Build 0

New Features:

- Debugger Core:
o Added Silent Debugging Flag [accesible via Debugging options ALT-O or via immlib]
forum.immunityinc.com/topic=157.0
o Added Analysis Second Pass [Decoding Functions]
forum.immunityinc.com/topic=163.0

- Debugger GUI Core:
o Now you can add headers + other useful information on every Row
displayed at the Disasm Window. The information will be saved
as part of dump struct.
o Dettach option added to File Menu: Go to File -> Dettach [You need to be attached to
gray out Dettach]
forum.immunityinc.com/topic=158.0


- Debugger GUI:
o Right click on disasm line -> Add Header will add headers to your line



- Immunity Debugger API:
o Row Headers / Adding Lines to CPU
- Added imm.addHeader() and imm.getHeader() methods.
- imm.addLine behaves like addHeader()
- Added imm.removeHeader()/imm.removeLine() && imm.getHeader()/imm.getLine()
- Added imm.getTraceArgs()

o Added imm.goSilent() method.
o Added imm.undecorateName() method: Undecorate symbol names
forum.immunityinc.com/topic=159.0
o Added imm.Dettach() method: Dettach current process from debugger
o Added imm.prepareForNewProcess() method: Prepare Debugger core for a fresh start
o Updated BoB's UserDB.txt (http://peid.info/BobSoft/Downloads.html)

- PyCommands:
o Added namefunc.py : a simple samplescript that uses imm.addHeader to name
functions in module
o Added traceargs.py: find User supplied arguments into a given function.
o Added JMS's Mike & Boo script
o User Contributed PyCommands:
- BoB (http://PEiD.info/BobSoft/)
* scanpe.py (http://forum.immunityinc.com/topic=137.0)
* hidedebug.py (http://forum.immunityinc.com/topic=140.0)
* bpxep.py (http://forum.immunityinc.com/topic=138.0)


Bug Fixes:

- Fixed error when adding knowledge and changing python enviroments later.
(__dict__ not accesible in restricted mode error)

Download:


You can upgrade your current Immunity Debugger by going to Help/Update
or directly downloading the new installer from
debugger.immunityinc.com/register.html

| Сообщение посчитали полезным:

If here will be posts of new versions of Immunity Debugger, there will be right to rename subject to "Immunity Debugger"

Archer: renamed

-----
Флэш, ява, дотнет - на завтрак, обед и ужин. Unity3D на закуску.

| Сообщение посчитали полезным:

For fans of this tools.

Here, my adapted plug-ins Phantom 1.20 and OllyDump 3.00 for Immunity Debugger.

may be it will it is useful.

6e93_19.02.2008_CRACKLAB.rU.tgz - Plugins.rar

| Сообщение посчитали полезным:

Excellent.Thanks for share.

| Сообщение посчитали полезным:

Immunity team is proud to present: Immunity Debugger 1.5

This new Immunity Debugger release provides a lot of new scripts and important fixes. New scripts to improve your debugging experience include: gflags, hookssl, and hookndr.

The API has been reinforced with new functionality which allows you to gather more information from the remote process, such as Threads, findRetValue. This release also includes some important fixes such as correct Memory Page protection flags, which are also available via the Python API.

Check the Changelog below for the details of this exciting release.

As usual, you can discuss your scripts, request new features or just hang
out at our forum: forum.immunityinc.com. We would like to thank
Teddy Roggers from tuts4you for maintaining a list of Immunity Debugger
ported plug-ins that can be found at www.tuts4you.com/download.php?list.74

Do you want to hire a hacker? Are you looking for job? Immunity has extended the Immunity Debugger Advertisment service to hackers, reverse engineers and debugger freaks and it is now free for job seekers!

Job seekers can place ads at debugger.immunityinc.com/hireahacker.html

Happy debugging (and job hunting)!

Team Immunity
P.S.: If you want to request a feature, show off your script or just chat about Immunity Debugger, Justin Seitz from the Immunity Debugger team will be at CanSecWest for the next three days.


1.50 Build 0

New Features:

- Debugger:
o Added "Servers" folder with specific PyCommand listeners - for example, hookssl.py will send all the data back to a XML-RPC service using ssl_listener.py, which then has the option to change it and send it back.

- Memory Pages:
o Working on Windows Vista. Now correct on Windows XP, 2000, 2003.

Immunity Debugger API:
o Added imm.vmQuery() wrapper [Query Virtual Memory pages]
o The MemoryPage class has been improved.
- Protect and Allocation Protect Flags are queried in real-time
- You can get a human readable flag passing human = 1 to
page.getAccess() and page.getInitAccess()
o Added:
- searchOnExecute()
- searchOnRead()
- searchOnWrite()
These methods will search in any memory page with access = any
combination.
o Modified:
- Search()
- searchShort()
- searchLong()
to receive an extra flag parameter to specify memory protection type
when searching.
o Added imm.isAdmin() : is ID running as admin?
o Added Thread class to debugtypes.py
o Added imm.getAllThreads() method
o librecognition.py : Improved REGEXP support for the indexed register search
o Added Function.findRetValue Find all the possible values on a Function
o GFlags class Handle Windows Global Flags.

PyCommands:

o gflags.py: Enable/Disable Windows Global Flags
o recognize.py: Backward compatability
o Added hookssl.py
o Added ssl_listener.py to Servers directory
o Added hookndr.py: Hooks the NDR unmarshalling routines and prints them
out so you can see which ones worked
o Added nohooks.py : removes all hooks from memory

Bug Fixes:

- Debugger Core
o The memory page protect information is correctly displayed now.
o Fixed Second Analysis pass repeated entries bug.
o Fixed thread state swap issue which was leading to a memory leak.

| Сообщение посчитали полезным:

15 Scripts for Immunity Debugger
13 plugins for Immunity Debugger


list of plugins:
Analyze This 0.1 1 Joe Stewart
Asm2clipboard 0.1 FatMike
Cleanup Ex 1.12.108 Gigapede
Crypto Scanner 0.5b Loki
FullDisasm 1.71 BeatriX
HideOD 0.17 Kanxue
IsDebugPresent 1.4 SV
ODBGScript 1.65 SHaG & Epsylon3
OllyDbg PE Dumper 3.03 FKMA
OllyDump 3.00.110 Gigapede
PhantOm Plugin 1.20 Hellsp@wn & Archer
Ultra String Reference 0.12 Luo
Windows Maximizer 1.0 BoB

rapidshare.com/files/105095669/ImDg_15_Scripts____13_plugins.exe

| Сообщение посчитали полезным:

В новой версии баг есть, если к примеру запустить в отладку прогу по обнаружению оли (взять можно в пакете плагов к иммунити (пред пост)), то дебаггер вылетит даже если включить плаг phantom (тогда он не палится этой прогой).

| Сообщение посчитали полезным:

ImmunityDebugger 1.73 RemoveAD KuNgBiM

1.70 Build 0

New Features:

- Debugger
o Added support for variable decoding when second pass analysis enabled

- Immunity Debugger API
o Added getVariable/setVariable methods
o Added driverlib.py for analyzing drivers

- PyCommands
o activex.py for auditing ActiveX controls

- Bug Fixes
o Fixed Python pathing issue when JIT debugging/spawning from right-click
o Fixed Module.getName() method to return only the module name
o Fixed length check error in imm.Assemble()

1.60 Build 0

New Features:

- Debugger
o Added ‘Use Symbol Server’ option
[http://forum.immunityinc.com/topic=162]
o Improved Getallnames
o Added timestamp to log events

- Immunity Debugger API
o Added getAllSymbolsFromModule method
o Added libcontrolflow.py
Container for classes DominatorTree and ControlFlowAnalysis
o Added Clear function to FastLogHook.

- PyCommands
o Added findloop.py: Find natural loops given a function start.
o Added treedll.py: Creates imported dll tree.

- Bug Fixes:
o Fixed POST_ANALYSIS_HOOK “FATAL ERROR”
o Fixed Arguments overflow (Thanks David Wetson for reporting this one!)
o Local Symbol Path issue
o Analysis second pass option now works
o Getallsymbols now correctly creates the PyDict [Import/Export/Library issue]

1.50 Build 0

New Features:

- Debugger:
o Added “Servers” folder with specific pycommand listeners

- Memory Pages:
o Working on Windows Vista

Immunity Debugger API:
o Added imm.vmQuery() wrapper [Query Virtual Memory pages]
o The MemoryPage class has been improved.
- Protect and Allocation Protect Flags are queried realtime
- You can get a human readable flag passing human = 1 to
page.getAccess() and page.getInitAccess()
o Added:
- searchOnExecute()
- searchOnRead()
- searchOnWrite()
These methods will search in any memory page with access = any combination.
o Modified:
- Search()
- searchShort()
- searchLong()
to receive an extra flag parameter to specify memory protection type
when searching.
o Added imm.isAdmin() : is ID running as admin?
o Added Thread class to debugtypes.py
o Added imm.getAllThreads() method
o librecognition.py : Improved REGEXP support for the indexed register search
o Added Function.findRetValue Find all the possible values on a Function
o GFlags class Handle Windows Global Flags.

PyCommands:

o gflags.py: Enable/Disable Windows Global Flags
o recognize.py: Backward compatability
o Added hookssl.py
o Added ssl_listener.py to Servers directory
o Added hookndr.py Hooks the NDR unmarshalling routines and prints them
out so you can see which ones worked
o Added nohooks.py : remove all hooks from memory

Bug Fixes:

- Debugger Core
o The memory page protect information is correctly displayed now.
o Fixed Second Analisys pass repeated entries bug.
o Fixed thread state swap issue which was leading to a memleak.

1.40 Build 0

New Features:

- Debugger Core:
o Added Silent Debugging Flag [accesible via Debugging options ALT-O or via immlib]
forum.immunityinc.com/topic=157.0
o Added Analysis Second Pass [Decoding Functions]
forum.immunityinc.com/topic=163.0

- Debugger GUI Core:
o Now you can add headers + other useful information on every Row
displayed at the Disasm Window. The information will be saved
as part of dump struct.
o Dettach option added to File Menu: Go to File -> Dettach [You need to be attached to
gray out Dettach]
forum.immunityinc.com/topic=158.0

- Debugger GUI:
o Right click on disasm line -> Add Header will add headers to your line

- Immunity Debugger API:
o Row Headers / Adding Lines to CPU
- Added imm.addHeader() and imm.getHeader() methods.
- imm.addLine behaves like addHeader()
- Added imm.removeHeader()/imm.removeLine() && imm.getHeader()/imm.getLine()
- Added imm.getTraceArgs()

o Added imm.goSilent() method.
o Added imm.undecorateName() method: Undecorate symbol names
forum.immunityinc.com/topic=159.0
o Added imm.Dettach() method: Dettach current process from debugger
o Added imm.prepareForNewProcess() method: Prepare Debugger core for a fresh start
o Updated BoB’s UserDB.txt (http://peid.info/BobSoft/Downloads.html)

- PyCommands:
o Added namefunc.py : a simple samplescript that uses imm.addHeader to name
functions in module
o Added traceargs.py: find User supplied arguments into a given function.
o Added JMS’s Mike & Boo script
o User Contributed PyCommands:
- BoB (http://PEiD.info/BobSoft/)
* scanpe.py (http://forum.immunityinc.com/topic=137.0)
* hidedebug.py (http://forum.immunityinc.com/topic=140.0)
* bpxep.py (http://forum.immunityinc.com/topic=138.0)

Bug Fixes:

- Fixed error when adding knowledge and changing python enviroments later.
(__dict__ not accesible in restricted mode error)

1.30 Build 0
November 1, 2007

New Features:

- Immunity Debugger API
o Hooks
- Hooks can receive force flag to overwrite previously placed hooks
- Hooks can receive time to live in memory parameter when adding
(After the TTL expires, the hook is automatically removed from memory)
- Hooks has a runTimeout method to execute code after TTL expires
o Choose thread enviroment to execute the ttl code
- Added special kind of AccessViolation hook: RunUntilAV() class
o Added setHardwareBreakpoint method
o Address deleteBreakpoint method
o Process flow:
o Improved methods:
- stepOver
- stepIn
- Run
- Attach
o Added methods:
- openProcess
- restartProcess
- pause
- runTillReturn

- PyCommands
o search allows multiple line searching: !search add esp,const\nret
o Added sql_listener and sqlhooker
o Added Example processflow script

Bug Fixes:

- Fixed imm.ps() to correctly fetch udp port list
forum.immunityinc.com/topic=84.0
- Fixed Get references methods

1.20 Build 0
October 1, 2007

New Features:

- Immunity Debugger API
o immlib.getThreadId() method added: return the current debuggee thread id
o immlib.getCallTree() method added: return the call tree for given address
o immlib.setFocus() method added: focus ID window
o immlib.isValidHandle() method added: check if a HWND is still valid
o immlib.getInfoPanel() method added: get information from panel window
and optionally receives a type flag to force the kind of comment fetched.
o imm.findPacker() method added: find packers/cryptors on a file or a loaded
module
o imm.getMemoryPagebyOwner(): Find all the memory pages belonging to a module.
o immlib.ps() returns two extra objects: the tcp list and the udp list
o immlib.getComment() now will try to fetch all types of comments
o Added new HOOKTYPE: PRE_BP_HOOK, hooks exactly before the breakpoint is hit
(Decoding events timeline)
o New Vista support for libheap
o Custom Tables has “Clear Window” menu now
o Added several methods from librecognize

- PyCommands
o findpacker added. (Use of immlib.findPacker to get Packers from a module)
o recognize added. (Function Recognizing using heuristic patterns)
o Hippie now can filter by heap
o heap updated to work with new Vista Heap
o Optimized code for stackvars (Memory usage reduction during runtime)

- Core
o Pyshell can be focused once created with alt-F11
o Shortcut for attach process added: Ctrl+F1
o Added librecognition.py (Library for function recognizing)

- Graph
o immvcglib.generateGraphFromBuf() method added: play with your own vcg files!
o Redesign of VCG parser: easier to read, easier to use.

Bug Fixes:

o Return value (HWND) of createTable
o Fixed Attach Search Filtering :
forum.immunityinc.com/topic=49.0
o Grapher: Vertex lastline jumps correctly displayed now
o Fixed crash when searching on modules:
forum.immunityinc.com/topic=63.0
o Fixed search issue on protected binary:
forum.immunityinc.com/topic=34
o Fixed breakpoint/logpoint hooks issue (logic/stepping inside a hook)
o Fixed PyString_AsString() missbehaviour
o Fixed PyCommand Gui Arguments box to receive \x00 as argument
o Fixed imm.getModulebyAddress() to receive any module address and not only module entry point
forum.immunityinc.com/topic=74.0

1.1 Build 2
August 31, 2007

Python Thread entering the spiral zone has been fixed

1.1 Build 0
August 30, 2007

New Features:

o Interactive Python Shell added
o Lookaside enhanced output + Discovery option
o libdatatype “Get” Function
o Get OS information methods
o Ero Carrera’s pefile.py (http://code.google.com/p/pefile/)
o Python engine rewritten to properly use thread locking/unlocking
o Added ignoreSingleStep method for immlib (TRANSPARENT + CONVETIONAL)
o Attach process window is now dinamically searchable
o Added clean ID memory methods inside immlib
o Added Stack analize library (libstackanalize)
o Fixed some memleak on Disasm
o Fixed wrong arguments on Disasm operand
o Improved Patch command
o Safeseh moved into a PyCommand

New Scripts:

o searchcrypt PyCommand
o stackvars PyCommand
o search PyCommand

Bug Fixes:

o Solved ‘ij’ issue inside attach window
o Fixed VCG parser (Blocks display fully address now)
o Fixed traceback error when trying to graph and no attached
o Fixed printfloat() format error
o Fixed ret value of Getaddrfromexp in case of non-existand expression

1.0 Build 42
August 1, 2007

o Released as produc

-----
RE In Progress [!] Coding Hazard [!] Stay Clear of this Cube

| Сообщение посчитали полезным:

o Released as product
o Includes:
o Full Python API:
- immlib (main lib)
- internals
- immutils
- debugtypes
- libdatatype
- libanalize
- libhook
- libevent
-
libheap
- pelib
- immvcglib
- graphclass

o Command Box (with remote listener + command line client)
o Python Orthogonal Drawing
o Examples for PyCommands/PyHooks/PyScripts
o Ready to use PyCommands/PyHooks:

chunkanalizehook Analize a Specific Chunk at a specific moment
cmpmem Compare memory with a file (file been a dump from prettyhexprint)
dependencies Find a exported function on the loaded dll
duality Looks for mapped address that can be ‘transformed’ into opcodes
findantidep Find address to bypass software DEP
finddatatype funsniff
funsniff funsniff
getevent Get a log of current debugevent
getrpc Get the RPC information of a loaded dll
heap Immunity Heap Dump
hippie Syscall Fuzzer
hookheap - DESC is not defined for this command -
list List PyCommands
lookaside - DESC is not defined for this command -
mark Static Analysis: Mark the tiny ones
modptr !modptr Patch all Function Pointers and detect when they triggered
openfile Open a File
patch Patches anti-debugging protection , [-t TYPE_OF_PROTECTION]
pyexec Non interactive python shell [immlib already imported]
searchcode Search code in memory
searchheap Search the heap for specific chunks
safeseh Show exceptions handlers registered with SEH
pe_export Export Module

www.onlinedisk.ru/file/41098/

-----
RE In Progress [!] Coding Hazard [!] Stay Clear of this Cube

| Сообщение посчитали полезным: