Immunity Debugger 1.3

 This month's release is all about the debuggee's flow! With huge core changes, Immunity Debugger and its API now have much more control over process execution. Opening a process, running it, pausing it, and restarting it is now available via your chosen scripting method (check the processflow PyCommand to see how it works). This will allow us, without a doubt, to automate even more our scripts and commands. The other big improvement in 1.3 is regarding hooks: Hooks has a few more features now, among them the ability to specify a time to live in memory for a hook. A pseudo-code example to show how this works: #Creating a hook with ttl = 15 seconds customhook = MyOwnHook() customhook.add("CREATETHREAD",timeout=15) #And MyOwnHook class class MyOwnHook(): def run(): #execute when the hook is hit def runTimeout(): #execute if the TTL expires The new method runTimeout() will be your bridge to executing code when the hook ttl expires, and it wasnt hit. After runTimeout is executed, the customhook will remove itself from memory. In order to use these new features, we have also added a new type of hook: The RunUntilAV hook. This will hook into AccessViolation events. Once it is added it will run the process waiting for the AV or the TTL to expire. Stay tunned to see how Immunity uses these new features over the next few weeks. One more thing you may want to take a look into this release is the new season sensation combo: listener and hookers, shipping with 1.30: sql_listener+sqlhooker, work made in conjunction by Dave Aitel and JMS. For all the script coders that exist out there who want to get their hands on a SILICA unit (http://www.immunityinc.com/products-silica.shtml), remember our PLUGIN AWARDS deadline: December 10th. So hurry up and finish that beauty piece of code you are working on, results will be posted before December 20th. A complete list of changes: 1.30 Build 0 December 5, 2007 New Features: - Immunity Debugger API o Hooks - Hooks can receive force flag to overwrite previously placed hooks - Hooks can receive time to live in memory parameter when adding (After the TTL expires, the hook is automatically removed from memory) - Hooks has a runTimeout method to execute code after TTL expires o Choose thread enviroment to execute the ttl code - Added special kind of AccessViolation hook: RunUntilAV() class o Added setHardwareBreakpoint method o Address deleteBreakpoint method o Process flow: o Improved methods: - stepOver - stepIn - Run - Attach o Added methods: - openProcess - restartProcess - pause - runTillReturn - PyCommands o search allows multiple line searching: !search add esp,const/nret o Added sql_listener and sqlhooker o Added Example processflow script Bug Fixes: - Fixed imm.ps() to correctly fetch udp port list http://forum.immunityinc.com/index.php?topic=84.0 - Fixed Get references methods Happy debugging everyone! Team Immunity. http://debugger.immunityinc.com/register.html