From Collaborative RCE Tool Library

Jump to: navigation, search

Immunity Debugger

Tool name: Immunity Debugger
Rating: 0.0 (0 votes)
Author: Immunity Inc / Oleh Yuschuk                        
Website: http://debugger.immunityinc.com
Current version: 1.5
Last updated: March 27, 2008
Direct D/L link: N/A
License type: Free
Description: Immunity Debugger is based on OllyDbg.

Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

* A debugger with functionality designed specifically for the security industry
* Cuts exploit development time by 50%
* Simple, understandable interfaces
* Robust and powerful scripting language for automating intelligent debugging
* Lightweight and fast debugging to prevent corruption during complex analysis
* Connectivity to fuzzers and exploit development tools
Related URLs: No related URLs have been submitted for this tool yet


RSS feed Feed containing all updates for this tool.

Here below you will find useful notes about this tool, left by other users.

You are welcome to add your own useful notes here, or edit any existing notes to improve or extend them.

Immunity Debugger 1.5

Immunity team is proud to present: Immunity Debugger 1.5

This new Immunity Debugger release provides a lot of new scripts and important fixes. New scripts to improve your debugging experience include: gflags, hookssl, and hookndr.

The API has been reinforced with new functionality which allows you to gather more information from the remote process, such as Threads, findRetValue. This release also includes some important fixes such as correct Memory Page protection flags, which are also available via the Python API.

Check the Changelog below for the details of this exciting release.

As usual, you can discuss your scripts, request new features or just hang out at our forum: http://forum.immunityinc.com. We would like to thank Teddy Roggers from tuts4you for maintaining a list of Immunity Debugger ported plug-ins that can be found at http://www.tuts4you.com/download.php?list.74

Do you want to hire a hacker? Are you looking for job? Immunity has extended the Immunity Debugger Advertisment service to hackers, reverse engineers and debugger freaks and it is now free for job seekers!

Job seekers can place ads at http://debugger.immunityinc.com/hireahacker.html

Happy debugging (and job hunting)!

Team Immunity P.S.: If you want to request a feature, show off your script or just chat about Immunity Debugger, Justin Seitz from the Immunity Debugger team will be at CanSecWest for the next three days.


1.50 Build 0

New Features:

- Debugger: 

 o Added "Servers" folder with specific PyCommand listeners - for example, hookssl.py will send all the data back to a XML-RPC service using ssl_listener.py, which then has the option to change it and send it back.

- Memory Pages: 

 o Working on Windows Vista. Now correct on Windows XP, 2000, 2003.

Immunity Debugger API: 

 o Added imm.vmQuery() wrapper [Query Virtual Memory pages]
 o The MemoryPage class has been improved.
   - Protect and Allocation Protect Flags are queried in real-time
   - You can get a human readable flag passing human = 1 to
     page.getAccess() and page.getInitAccess()
 o Added:
   - searchOnExecute()
   - searchOnRead()
   - searchOnWrite()
   These methods will search in any memory page with access = any

combination. 

 o Modified:
   - Search()
   - searchShort()
   - searchLong()
   to receive an extra flag parameter to specify memory protection type
   when searching.
 o Added imm.isAdmin() : is ID running as admin?
 o Added Thread class to debugtypes.py
 o Added imm.getAllThreads() method
 o librecognition.py : Improved REGEXP support for the indexed register search
 o Added Function.findRetValue Find all the possible values on a Function
 o GFlags class Handle Windows Global Flags.

PyCommands: 

 o gflags.py: Enable/Disable Windows Global Flags
 o recognize.py: Backward compatability
 o Added hookssl.py
 o Added ssl_listener.py to Servers directory
 o Added hookndr.py: Hooks the NDR unmarshalling routines and prints them
   out so you can see which ones worked
 o Added nohooks.py : removes all hooks from memory

Bug Fixes:

- Debugger Core 

 o The memory page protect information is correctly displayed now.
 o Fixed Second Analysis pass repeated entries bug.
 o Fixed thread state swap issue which was leading to a memory leak.
Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Immunity_Debugger"


If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)

Views
Category Navigation Tree
RCE Tools
   Categorized by Target Type  (98)
   Categorized by Tool Type  (625)
   Anti Anti Test Tools  (8)
   Assemblers  (14)
   Code Coverage Tools  (9)
   Code Injection Tools  (17)
   Code Ripping Tools  (1)
   Crypto Tools  (2)
   Data Extraction Tools  (14)
   Debuggers  (26)
   Javascript Debuggers  (1)
   Non-Intrusive Debuggers  (3)
   Ring 0 Debuggers  (6)
   Ring 3 Debuggers  (10)
   Symbol Retrievers  (4)
   VM Debugging Tools  (1)
   Decompilers  (13)
   Deobfuscation Tools  (5)
   Dependency Analyzer Tools  (3)
   Diff Tools  (26)
   Disassemblers  (25)
   Dongle Tools  (8)
   Exe Analyzers  (22)
   Firefox Extensions  (1)
   GUI Manipulation Tools  (9)
   Hex Editors  (10)
   Kernel Tools  (5)
   Memory Data Tracing Tools  (6)
   Memory Patchers  (3)
   Memory Search Tools  (6)
   Monitoring Tools  (68)
   Network Tools  (12)
   PE Executable Editors  (42)
   Packers  (10)
   Patch Packaging Tools  (6)
   Profiler Tools  (9)
   Programming Libraries  (23)
   Regular Expression Tools  (3)
   Resource Editors  (7)
   Reverse Engineering Frameworks  (7)
   Source Code Tools  (11)
   String Finders  (5)
   Symbol Tools  (5)
   System Information Extraction Tools  (4)
   Technical PoC Tools  (3)
   Test and Sandbox Environments  (12)
   Tool Extensions  (102)
   CFF Explorer Extensions  (5)
   Filemon Extensions  (1)
   Firefox Extensions  (1)
   IDA Extensions  (16)
   ImpREC Extensions  (2)
   Obsidian Extensions  (1)
   OllyDbg Custom Versions  (3)
   OllyDbg Extensions  (64)
   OllyDbg Custom Versions  (3)
   OllyScript Scripts  (4)
   Regmon Extensions  (1)
   SoftICE Extensions  (2)
   WinDbg Extensions  (6)
   Tool Hiding Tools  (1)
   Tool Signatures  (19)
   Tracers  (10)
   Unpacking Tools  (33)
   Needs New Category