ImmDbg

From aldeid
Jump to navigation Jump to search

Description

Immunity Debugger (ImmDbg) is a debugger quite similar to OllyDbg that supports python scripting, allowing advanced debugging.

Installation

You will need to register to download Immunity Debugger: http://debugger.immunityinc.com/ID_register.py

Usage

Python scripting

Commands

INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Python scripts

https://tuts4you.com/download.php?list.73

Example

import immlib

def main ():
    imm = immlib.Debugger()
    cfile = open("C:\\encrypted_file","rb") # Open encrypted file
    pfile = open("decrypted_file", "w")     # Create decrypted file
    buffer = cfile.read()                   # Read encrypted file into buffer
    sz = len(buffer)                        # Get length of buffer
    membuf = imm.remoteVirtualAlloc(sz)     # Allocate memory within debugger
    imm.writeMemory(membuf,buffer)          # Copy into debugged process's memory
    
    imm.setReg("EIP", 0x004011A9)           # Start of function header
    imm.setBreakpoint(0x004011b7)           # After function header
    imm.Run()                               # Execute function header
    
    regs = imm.getRegs()                    # Get the current register values
    imm.writeLong(regs["EBP"]+16, sz)       # Set NumberOfBytesToWrite stack variable
    imm.writeLong(regs["EBP"]+8, membuf)    # Set lpBuffer stack variable
    
    imm.setReg("EIP", 0x004011f5)           # Start of crypto
    imm.setBreakpoint(0x0040122a)           # End of crypto loop
    imm.Run()                               # Execute crypto loop
    
    output = imm.readMemory(membuf, sz)     # Read answer
    pfile.write(output)                     # Write answer

Plugins

https://tuts4you.com/download.php?list.74