Immunity Debugger 1.3 released

[Damian Gomez <dami () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This month's release is all about the debuggee's flow!

With huge core changes, Immunity Debugger and its API now have much
more control over process execution. Opening a process, running it,
pausing it, and restarting it is now available via your chosen
scripting method (check the processflow PyCommand to see how it works).

This will allow us, without a doubt, to automate even more our scripts
and commands.

The other big improvement in 1.3 is regarding hooks:

Hooks has a few more features now, among them the ability to specify a
time to live in memory for a hook. A pseudo-code example to show how
this works:


#Creating a hook with ttl = 15 seconds
customhook = MyOwnHook()
customhook.add("CREATETHREAD",timeout=15)

#And MyOwnHook class

class MyOwnHook():

  def run():
     #execute when the hook is hit

  def runTimeout():
     #execute if the TTL expires


The new method runTimeout() will be your bridge to executing code when the
hook ttl expires, and it wasnt hit.

After runTimeout is executed, the customhook will remove itself from memory.


In order to use these new features, we have also added a new type of hook:
The RunUntilAV hook. This will hook into AccessViolation events.
Once it is added it will run the process waiting for the AV or the TTL
to expire.


Stay tunned to see how Immunity uses these new features over the next
few weeks.


One more thing you may want to take a look into this release is the new

season sensation combo: listener and hookers, shipping with 1.30:

sql_listener+sqlhooker, work made in conjunction by Dave Aitel and JMS.

For all the script coders that exist out there who want to get their
hands on a SILICA unit
(http://www.immunityinc.com/products-silica.shtml), remember
our PLUGIN AWARDS deadline:

December 10th.

So hurry up and finish that beauty piece of code you are working on, results
will be posted before December 20th.


A complete list of changes:

1.30 Build 0
December 5, 2007

New Features:

- - Immunity Debugger API
  o Hooks
    - Hooks can receive force flag to overwrite previously placed hooks
    - Hooks can receive time to live in memory parameter when adding
      (After the TTL expires, the hook is automatically removed from memory)
    - Hooks has a runTimeout method to execute code after TTL expires
      o Choose thread enviroment to execute the ttl code
    - Added special kind of AccessViolation hook: RunUntilAV() class
  o Added setHardwareBreakpoint method
  o Address deleteBreakpoint method
  o Process flow:
    o Improved methods:
          - stepOver
          - stepIn
          - Run
          - Attach
    o Added methods:
          - openProcess
          - restartProcess
          - pause
          - runTillReturn

- - PyCommands
  o search allows multiple line searching: !search add esp,const\nret
  o Added sql_listener and sqlhooker
  o Added Example processflow script


Bug Fixes:

- - Fixed imm.ps() to correctly fetch udp port list
  http://forum.immunityinc.com/index.php?topic=84.0
- - Fixed Get references methods



Happy debugging everyone!


Team Immunity.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFHVu4SchUpv2oeW9gRAgsYAKCLvicCgph2wBZcXlLiN+AWhUrQhwCglcbh
q2NuGMeOsJGIE5GkoluZrt0=
=TMhl
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave