With huge core changes, Immunity Debugger and its API now have much
more control over process execution. Opening a process, running it,
pausing it, and restarting it is now available via your chosen
scripting method (check the processflow PyCommand to see how it works).
This will allow us, without a doubt, to automate even more our scripts
and commands.
The other big improvement in 1.3 is regarding hooks:
Hooks has a few more features now, among them the ability to specify a
time to live in memory for a hook. A pseudo-code example to show how
this works:
#Creating a hook with ttl = 15 seconds
customhook = MyOwnHook()
customhook.add("CREATETHREAD",timeout=15)
#And MyOwnHook class
class MyOwnHook():
def run():
#execute when the hook is hit
def runTimeout():
#execute if the TTL expires
The new method runTimeout() will be your bridge to executing code when the
hook ttl expires, and it wasnt hit.
After runTimeout is executed, the customhook will remove itself from memory.
In order to use these new features, we have also added a new type of hook:
The RunUntilAV hook. This will hook into AccessViolation events.
Once it is added it will run the process waiting for the AV or the TTL to expire.
Stay tunned to see how Immunity uses these new features over the next few weeks.
One more thing you may want to take a look into this release is the new
season sensation combo: listener and hookers, shipping with 1.30:
sql_listener+sqlhooker, work made in conjunction by Dave Aitel and JMS.
For all the script coders that exist out there who want to get their hands
on a SILICA unit (http://www.immunityinc.com/products-silica.shtml), remember
our PLUGIN AWARDS deadline:
December 10th.
So hurry up and finish that beauty piece of code you are working on, results
will be posted before December 20th.
A complete list of changes:
1.30 Build 0
December 5, 2007
New Features:
- Immunity Debugger API
o Hooks
- Hooks can receive force flag to overwrite previously placed hooks
- Hooks can receive time to live in memory parameter when adding
(After the TTL expires, the hook is automatically removed from memory)
- Hooks has a runTimeout method to execute code after TTL expires
o Choose thread enviroment to execute the ttl code
- Added special kind of AccessViolation hook: RunUntilAV() class
o Added setHardwareBreakpoint method
o Address deleteBreakpoint method
o Process flow:
o Improved methods:
- stepOver
- stepIn
- Run
- Attach
o Added methods:
- openProcess
- restartProcess
- pause
- runTillReturn
- PyCommands
o search allows multiple line searching: !search add esp,const/nret
o Added sql_listener and sqlhooker
o Added Example processflow script
Bug Fixes:
- Fixed imm.ps() to correctly fetch udp port list
http://forum.immunityinc.com/index.php?topic=84.0
- Fixed Get references methods
Happy debugging everyone!
Team Immunity.
http://debugger.immunityinc.com/register.html