| Trees | Indices | Help |
|
|---|
|
|
|
|||
|
__init__(self) Initialize the Immunity Debugger API |
||
| clearState(self) | ||
| getShellcodeExecutionNoMatterWhat(self) | ||
|
addKnowledge(self,
id,
object,
force_add=0x0) This function add a python object to the knowledge database. |
||
PYTHON OBJECT
|
getKnowledge(self,
id) Gets python object from the knowledge database. |
||
TUPLE
|
listKnowledge(self) Gets the list of saved objects in the knowledge database. |
||
LIST of TUPLES in the form of (DWORD, LIST OF STRING)
|
findPacker(self,
name,
OnMemory=True) Find possible Packer/Cryptors/etc on a Module |
||
|
forgetKnowledge(self,
id) Remove python object from knowledge database. |
||
|
cleanKnowledge(self) Clean ID memory from known objects |
||
|
addGenHook(self,
object) Add a hook to Immunity Debugger |
||
|
cleanHooks(self) Clean ID memory from hook objects |
||
|
cleanUP(self) Clean ID memory for every kind of object saved in it |
||
DWORD
|
getPEBaddress(self) Gets PEB. |
||
|
analyseCode(self,
address) Analyse module's code |
||
DWORD
|
isAnalysed(self,
address) Check if module is already analysed |
||
opCode Object (Check libanalize.py)
|
Disasm(self,
address,
mode=DISASM_ALL) Disasm address |
||
| disasm(self, address, mode=DISASM_ALL) | ||
opCode Object (Check libanalize.py)
|
disasmSizeOnly(self,
address) Determine command size only |
||
opCode Object (Check libanalize.py)
|
disasmData(self,
address) Determine size and analysis data |
||
opCode Object (Check libanalize.py)
|
disasmTrace(self,
address) Trace integer registers |
||
opCode Object (Check libanalize.py)
|
disasmFile(self,
address) Disassembly, no symbols/registers |
||
opCode Object (Check libanalize.py)
|
disasmCode(self,
address) Disassembly, registers undefined |
||
opCode Object (Check libanalize.py)
|
disasmRTrace(self,
address) Disassemble with run-trace registers |
||
opCode Object (Check libanalize.py)
|
disasmForward(self,
address,
nlines=1,
mode=DISASM_ALL) Disasm nlines forward of given address |
||
DWORD
|
disasmForwardAddressOnly(self,
address,
nlines=1) Disasm nlines forward to the given address |
||
opCode Object (Check libanalize.py)
|
disasmForwardSizeOnly(self,
address,
nlines=1) Determine command size only |
||
opCode Object (Check libanalize.py)
|
disasmForwardData(self,
address,
nlines=1) Determine size and analysis data |
||
opCode Object (Check libanalize.py)
|
disasmForwardTrace(self,
address,
nlines=1) Trace integer registers |
||
opCode Object (Check libanalize.py)
|
disasmForwardFile(self,
address,
nlines=1) Disassembly, no symbols/registers |
||
opCode Object (Check libanalize.py)
|
disasmForwardCode(self,
address,
nlines=1) Disassembly, registers undefined |
||
opCode Object (Check libanalize.py)
|
disasmForwardRTrace(self,
address,
nlines=1) Disassemble with run-trace registers |
||
opCode Object (Check libanalize.py)
|
disasmBackward(self,
address,
nlines=1,
mode=DISASM_ALL) Disasm nlines backward from the given address |
||
DWORD
|
disasmBackwardAddressOnly(self,
address,
nlines=1) Disasm nlines backward of given address |
||
opCode Object (Check libanalize.py)
|
disasmBackwardSizeOnly(self,
address,
nlines=1) Determine command size only |
||
opCode Object (Check libanalize.py)
|
disasmBackwardData(self,
address,
nlines=1) Determine size and analysis data |
||
opCode Object (Check libanalize.py)
|
disasmBackwardTrace(self,
address,
nlines=1) Trace integer registers |
||
opCode Object (Check libanalize.py)
|
disasmBackwardFile(self,
address,
nlines=1) Disassembly, no symbols/registers |
||
opCode Object (Check libanalize.py)
|
disasmBackwardCode(self,
address,
nlines=1) Disassembly, registers undefined |
||
opCode Object (Check libanalize.py)
|
disasmBackwardRTrace(self,
address,
nlines=1) Disassemble with run-trace registers |
||
Decode OBJECT
|
findDecode(self,
address) Get the internal decode information from an analysed module |
||
DWORD
|
goNextProcedure(self) Go to next procedure |
||
DWORD
|
goPreviousProcedure(self) Go to previous procedure |
||
opCode Object (Check libanalize.py)
|
getOpcode(self,
address) Get address's Opcode |
||
STRING
|
Assemble(self,
code,
address=0x0) Assemble code. |
||
STRING
|
decodeAddress(self,
address) Decode given address |
||
STRING
|
undecorateName(self,
decorated) Undecorate given name |
||
TUPLES
|
getTraceArgs(self,
address,
tracedarg,
shownonusersupplied=False) Trace Parameters of a function, return only when is user-supplied |
||
LIST
|
getAllFunctions(self,
address) Gets all function of given module's address |
||
Function Object
|
getFunction(self,
address) Get the Function information |
||
DWORD
|
getFunctionBegin(self,
address) Find start address of funcion |
||
LIST
|
getFunctionEnd(self,
function_address) Get all the possible ends of a Function |
||
LIST
|
getAllBasicBlocks(self,
address) Gets all basic blocks of given procedure (Deprecated, use Function) |
||
LIST
|
findDataRef(self,
address) Find data references to given address |
||
LIST
|
getXrefFrom(self,
address) Get X Reference from a given address |
||
LIST
|
getXrefTo(self,
address) Get X Reference to a given address |
||
DICTIONARY
|
getInterCalls(self,
address) Get intermodular calls |
||
DICTIONARY
|
getRegs(self) Get CPU Context values. |
||
DICTIONARY
|
getRegsRepr(self) We have to do this to handle the Long integers, which XML-RPC cannot do |
||
|
setReg(self,
reg,
value) Set REG value |
||
PEB OBJECT
|
getPEB(self) Get the PEB information of the debugged process |
||
PHeap OBJECT
|
getHeap(self,
addr,
restore=False) Get Heap Information |
||
STRING
|
getDebuggedName(self) Get debugged name |
||
DWORD
|
getDebuggedPid(self) Get debugged pid |
||
INTEGER
|
isAdmin(self) Is debugger running as admin? |
||
TUPLE
|
getInfoPanel(self) Get information displayed on Info Panel |
||
DWORD
|
getCurrentAddress(self) Get the current address been focus on the Disasm window |
||
DICTIONARY
|
getAllModules(self) Get all loaded modules. |
||
| getModulebyAddress(self, address) | ||
Module OBJECT
|
getModule(self,
name) Get Module Information |
||
| _getmoduleinfo(self, base_address) | ||
LIST
|
getReferencedStrings(self,
code_base) Get all referenced string from module |
||
LIST
|
Ps(self) List all active processes. |
||
LIST
|
ps(self) List all active processes. |
||
LIST
|
getSehChain(self) Get the SEH chain. |
||
Event Object
|
getEvent(self) Get the current Event |
||
Page OBJECT
|
getPage(self,
addr) Get a memory page. |
||
LIST
|
getMemoryPagebyOwner(self,
owner) Get the Memory Pages belonging to the given dll. |
||
Page OBJECT
|
getMemoryPagebyAddress(self,
address) Get a memory page. |
||
DICTIONARY
|
getMemoryPages(self) Get All memory pages. |
||
Python List
|
vmQuery(self,
address) Query Memory Page |
||
DICTIONARY
|
getAllHandles(self) Get all handles. |
||
LIST
|
getAllThreads(self) Get all threads. |
||
DICTIONARY
|
getAllSymbols(self) Get All Symbols. |
||
DICTIONARY
|
getAllSymbolsFromModule(self,
address) Get Symbols from module. |
||
LIST of Stack OBJECT
|
callStack(self) Get a Back Trace (Call stack). |
||
LIST of Call tuples
|
getCallTree(self,
address=0) Get the call tree of given address. |
||
LIST
|
findModule(self,
address) Find which module an address belongs to. |
||
LIST of DWORD
|
getHeapsAddress(self) Get a the process heaps |
||
DWORD
|
getAddressOfExpression(self,
expression) Get the address from an expression as ntdll.RtlAllocateHeap |
||
DWORD
|
getAddress(self,
expression) Get the address from an expression as ntdll.RtlAllocateHeap |
||
|
Error(self,
msg) This function shows an Error dialog with a custom message. |
||
|
openTextFile(self,
path="") Opens text file in MDI windows. |
||
|
setStatusBar(self,
msg) Sets the status bar message. |
||
|
clearStatusBar(self) Removes the current status bar message. |
||
|
logLines(self,
data,
address=0,
highlight=False,
gray=False,
focus=0) Adds multiple lines of ASCII text to the log window. |
||
| LogLines(self, data, address=0, highlight=False, gray=False, focus=0) | ||
|
Log(self,
msg,
address=0,
highlight=False,
gray=False,
focus=0) Adds a single line of ASCII text to the log window. |
||
|
log(self,
msg,
address=0,
highlight=False,
gray=False,
focus=0) Adds a single line of ASCII text to the log window. |
||
|
updateLog(self) Forces an immediate update of the log window. |
||
|
createLogWindow(self) Creates or restores the log window. |
||
|
createWindow(self,
title,
col_titles) Creates a custom window. |
||
|
createTable(self,
title,
col_titles) Creates a custom window. |
||
|
setFocus(self,
handler) Set focus on window. |
||
|
isValidHandle(self,
handler) Does a window still exist? |
||
|
setStatusBarandLog(self,
addr,
msg) Sets and logs a status bar message. |
||
|
flashMessage(self,
msg) Flashes a message at status bar. |
||
|
setProgressBar(self,
message,
promille=100) Displays a progress bar which can contain formatted text and a progress percentage. |
||
|
closeProgressBar(self) Close Progress Bar. |
||
STRING
|
getComment(self,
address,
type=0xFD) Get the comment of the opcode line. |
||
| getUserComment(self, address) | ||
| getArgumentsComment(self, address) | ||
| getAnalyseComment(self, address) | ||
| getLibraryComment(self, address) | ||
|
setComment(self,
address,
comment) Set a comment. |
||
|
setLabel(self,
address,
label) Set a label. |
||
|
markBegin(self) Place a start mark for timming your script |
||
|
markEnd(self) Place an End mark for timming your script |
||
DICTIONARY
|
findDependecies(self,
lookfor) Find exported function on the loaded dlls. |
||
DWORD
|
isvmWare(self) Check if debugger is running under a vmware machine |
||
|
ManualBreakpoint(self,
address,
key,
shiftkey,
font) Set a Manual Breakpoint. |
||
|
setUnconditionalBreakpoint(self,
address,
font="fixed") Set an Unconditional Breakpoint. |
||
|
setConditionalBreakpoint(self,
address,
font="fixed") Set a Conditional Breakpoint. |
||
|
setLoggingBreakpoint(self,
address) Set a Logging Breakpoint. |
||
|
setWatchPoint(self,
address) Set a watching Breakpoint. |
||
|
setTemporaryBreakpoint(self,
address,
continue_execution=False,
stoptrace=False) Set a Temporary Breakpoint. |
||
|
setBreakpoint(self,
address) Set a Breakpoint. |
||
DWORD
|
setBreakpointOnName(self,
name) Set a Breakpoint. |
||
|
disableBreakpoint(self,
address) Disable Breakpoint. |
||
|
deleteBreakpoint(self,
address,
address2=0) Delete Breakpoint. |
||
STRING
|
getBreakpointType(self,
address) Get the Breakpoint type. |
||
|
setMemBreakpoint(self,
addr,
type,
size=4) Modifies or removes a memory breakpoint. |
||
|
disableMemBreakpoint(self,
addr) Disable Memory Breakpoint. |
||
|
setHardwareBreakpoint(self,
addr,
type=HB_CODE,
size=1) Sets Hardware breakpoint |
||
|
writeLong(self,
address,
dword) Write long to memory address. |
||
|
writeMemory(self,
address,
buf) Write buffer to memory address. |
||
BUFFER
|
readMemory(self,
address,
size) Read block of memory. |
||
DWORD
|
readLong(self,
address) Read a Long from the debugged process |
||
String
|
readString(self,
address) Read a string from the remote process |
||
Unicode String
|
readWString(self,
address) Read a unicode string from the remote process |
||
|
readUntil(self,
address,
ending) Read string until ending starting at given address |
||
Short Integer
|
readShort(self,
address) Read a short integer from the remote process |
||
List
|
searchShort(self,
short,
flag=None) Search a short integer on the remote process memory |
||
List
|
searchLong(self,
long,
flag=None) Search a short integer on the remote process memory |
||
|
searchOnExecute(self,
buf) Search string in executable memory. |
||
|
searchOnWrite(self,
buf) Search string in writable memory. |
||
|
searchOnRead(self,
buf) Search string in readable memory. |
||
|
Search(self,
buf,
flag=None) Search string in memory. |
||
List
|
searchCommands(self,
cmd) Search for a sequence of commands in all executable modules loaded. |
||
List
|
searchCommandsOnModule(self,
address,
cmd) Search for a sequence of commands in given executable module. |
||
|
Run(self,
address=0) Run Process untill address. |
||
|
runTillRet(self) Run Process till ret. |
||
|
Pause(self) Pause process |
||
|
stepOver(self,
address=0) Step-Over Process untill address. |
||
|
stepIn(self,
address=0) Step-in Process untill address. |
||
|
quitDebugger(self) Quits debugger |
||
|
ignoreSingleStep(self,
flag="CONTINUE") Ignore Single Step events |
||
|
openProcess(self,
path,
mode=0) Open process for debugging |
||
|
restartProcess(self,
mode=-1) Restart debuggee |
||
|
Attach(self,
pid) Attach to an active process |
||
|
Dettach(self) Dettach from active process |
||
|
prepareForNewProcess(self) Prepare Debugger for fresh debugging session NOTE: be sure to know what you are doing when calling this method |
||
|
goSilent(self,
silent) Set/Unset silent debugging flag |
||
|
addHeader(self,
address,
header,
color="Black") Add a header to given row. |
||
|
removeHeader(self,
address) Removes header from row. |
||
|
removeLine(self,
address) Removes header from row. |
||
|
getHeader(self,
address) Get Header from row. |
||
|
addLine(self,
address,
header,
color="Black") Add a line to cpu window. |
||
|
gotoDisasmWindow(self,
addr) GoTo the Disassembler Window. |
||
|
gotoDumpWindow(self,
addr) GoTo Dump Window. |
||
|
gotoStackWindow(self,
addr) GoTo the Stack Window. |
||
|
inputBox(self,
title) Creates Dialog with an Inputbox. |
||
|
comboBox(self,
title,
combolist) Creates Dialog with a Combobox. |
||
|
getStatus(self) Get the status of the debugged process. |
||
BOOL
|
isStopped(self) Is the debugged process stopped? |
||
BOOL
|
isEvent(self) Is the debugged process in an event state? |
||
BOOL
|
isRunning(self) Is the debugged process running? |
||
BOOL
|
isFinished(self) Is the debugged process finished? |
||
BOOL
|
isClosing(self) Is the debugged process closed? |
||
LIST
|
listHooks(self) List of active hooks |
||
|
removeHook(self,
hook_str) Unhook from memory |
||
| _getHookEntry(self, entry) | ||
| _createCodeforHook(self, memAddress, afterHookAddr, ndx, table, execute_prelude, alloc_size) | ||
| addFastLogHook(self, hook, alloc_size=0x100000) | ||
DWORD
|
rVirtualAlloc(self,
lpAddress,
dwSize,
flAllocationType,
flProtect) Virtual Allocation on the Debugged Process |
||
DWORD
|
rVirtualFree(self,
lpAddress,
dwSize=0x0,
dwFreeType=0x8000) Virtual Free of memory on the Debugged Process |
||
DWORD
|
remoteVirtualAlloc(self,
size=0x10000,
interactive=True) Virtual Allocation on the Debugged Process |
||
| getOsVersion(self) | ||
| getOsRelease(self) | ||
TUPLE
|
getOsInformation(self) Get OS information |
||
|
getThreadId(self) Return current debuggee thread id |
||
DWORD|None
|
searchFunctionByName(self,
name,
heuristic=90,
module=None,
version=None,
data="") Look up into our dictionaries to find a function match. |
||
DWORD|None
|
searchFunctionByHeuristic(self,
csvline,
heuristic=90,
module=None,
data="") Search memory to find a function that fullfit the options. |
||
STRING
|
resolvFunctionByAddress(self,
address,
heuristic=90,
data="") Look up into our dictionaries to find a function match. |
||
LIST
| makeFunctionHashHeuristic(self, address, compressed=False, followCalls=True, data="") | ||
STRING
|
makeFunctionHashExact(self,
address,
data="") Return a SHA-1 hash of the function, taking the raw bytes as data. |
||
LIST
|
makeFunctionHash(self,
address,
compressed=False,
data="") Return a list with the best BB to use for a search and the heuristic hash of the function. |
||
|
findLoops(self,
address) This function finds Natural Loops inside a function. |
||
|
sleep_till_stopped(self,
timeout) timeout is in seconds. |
||
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|