pvefindaddr v1.25 released
pvefindaddr is a PyCommand (plugin) for Immunity Debugger. Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.
Drop the file in the pycommands folder within your Immunity Debugger installation folder. You can get the list of functions and paramters by running !pvefindaddr (without arguments) from the input box at the bottom of Immunity Debugger. Look at the “Log†window for output.
Current version
- Added new feature : custom decoder
Purpose : In this and this article, and in this exploit, I mentioned the use a custom printable-ascii encoder. Building this encoder can be done manually (as explained in those articles), but I have now implemented the logic into pvefindaddr as well.
Usage : There are 2 ways to invoke the encoder :
!pvefindaddr encode ascii
!pvefindaddr encode ascii
The output of the decoding routine will be written to the Log window and to a file called encode.txt
Note : the current implementation does not deal with bad chars. But it should be really easy to filter out any bad chars once you already have the decoder in front of you.
Tool Submitted by corelanc0d3r (the developer himself)
Post scriptum
Related Articles
| Exploitation |
|
| pvefindaddr |
|
