Trees | Indices | Help |
|
---|
|
object --+ | Debugger
|
|||
|
|||
|
|||
|
|||
|
|||
PYTHON OBJECT |
|
||
TUPLE |
|
||
LIST of TUPLES in the form of (DWORD, LIST OF STRING) |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
DWORD |
|
||
|
|||
DWORD |
|
||
|
|||
STRING |
|
||
|
|||
|
|||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
DWORD |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
DWORD |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
opCode Object (Check libanalyze.py) |
|
||
Decode OBJECT |
|
||
DWORD |
|
||
DWORD |
|
||
opCode Object (Check libanalyze.py) |
|
||
STRING |
|
||
STRING |
|
||
STRING |
|
||
TUPLES |
|
||
LIST |
|
||
Function Object |
|
||
DWORD |
|
||
LIST |
|
||
LIST |
|
||
LIST |
|
||
LIST |
|
||
LIST |
|
||
DICTIONARY |
|
||
DICTIONARY |
|
||
DICTIONARY |
|
||
|
|||
PEB OBJECT |
|
||
PHeap OBJECT |
|
||
STRING |
|
||
DWORD |
|
||
INTEGER |
|
||
TUPLE |
|
||
DWORD |
|
||
DICTIONARY |
|
||
|
|||
Module OBJECT |
|
||
|
|||
LIST |
|
||
LIST |
|
||
LIST |
|
||
Event Object |
|
||
Page OBJECT |
|
||
LIST |
|
||
LIST |
|
||
Page OBJECT |
|
||
DICTIONARY |
|
||
Python List |
|
||
DICTIONARY |
|
||
LIST |
|
||
DICTIONARY |
|
||
DICTIONARY |
|
||
LIST of Stack OBJECT |
|
||
LIST of Call tuples |
|
||
LIST |
|
||
OBJECT|BOOLEAN |
|
||
LIST of DWORD |
|
||
DWORD |
|
||
DWORD |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
STRING |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
DICTIONARY |
|
||
DWORD |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
DWORD |
|
||
|
|||
|
|||
STRING |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
BUFFER |
|
||
DWORD |
|
||
String |
|
||
Unicode String |
|
||
|
|||
Short Integer |
|
||
List |
|
||
List |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
List |
|
||
List |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
BOOL |
|
||
BOOL |
|
||
BOOL |
|
||
BOOL |
|
||
BOOL |
|
||
LIST |
|
||
|
|||
|
|||
|
|||
|
|||
DWORD |
|
||
DWORD |
|
||
DWORD |
|
||
|
|||
|
|||
TUPLE |
|
||
|
|||
DWORD|None |
|
||
DWORD|None |
|
||
STRING |
|
||
LIST |
|
||
STRING |
|
||
LIST |
|
||
|
|||
|
|||
DWORD |
|
||
Inherited from |
|
|||
Inherited from |
|
Initialize the Immunity Debugger API
|
This function add a python object to the knowledge database.
|
Gets python object from the knowledge database.
|
Gets the list of saved objects in the knowledge database.
|
Find possible Packer/Cryptors/etc on a Module
|
Remove python object from knowledge database.
|
Gets PEB.
|
Analyse module's code
|
Check if module is already analysed
|
Set Variable name to specified address.
|
Get Variable name from specified address
|
It validates if a given address has the permissions provided in <perm>. perm = RWXNC (N=No Access, C=Write Copy) |
disasm address
|
Determine command size only
|
Determine size and analysis data
|
Trace integer registers
|
Disassembly, no symbols/registers
|
Disassembly, registers undefined
|
Disassemble with run-trace registers
|
disasm nlines forward of given address
|
disasm nlines forward to the given address
|
Determine command size only
|
Determine size and analysis data
|
Trace integer registers
|
Disassembly, no symbols/registers
|
Disassembly, registers undefined
|
Disassemble with run-trace registers
|
disasm nlines backward from the given address
|
disasm nlines backward of given address
|
Determine command size only
|
Determine size and analysis data
|
Trace integer registers
|
Disassembly, no symbols/registers
|
Disassembly, registers undefined
|
Disassemble with run-trace registers
|
Get the internal decode information from an analysed module
|
Go to next procedure
|
Go to previous procedure
|
Get address's Opcode
|
assemble code.
|
Decode given address
|
Undecorate given name
|
Trace Parameters of a function, return only when is user-supplied
|
Gets all function of given module's address
|
Get the Function information
|
Find start address of funcion
|
Get all the possible ends of a Function
|
Gets all basic blocks of given procedure (Deprecated, use Function)
|
Find data references to given address
|
Get X Reference from a given address
|
Get X Reference to a given address
|
Get intermodular calls
|
Get CPU Context values.
|
We have to do this to handle the Long integers, which XML-RPC cannot do
|
Set REG value
|
Get the PEB information of the debugged process
|
Get Heap Information
|
Get debugged name
|
Get debugged pid
|
Is debugger running as admin?
|
Get information displayed on Info Panel
|
Get the current address been focus on the disasm window
|
Get all loaded modules.
|
Get Module Information
|
Get all referenced string from module
|
List all active processes.
|
Get the SEH chain.
|
Get the current Event
|
Get a memory page.
|
Get the Memory Pages belonging to the given dll.
|
Get the Memory Pages belonging to the given dll by its base address.
|
Get a memory page.
|
Get All memory pages.
|
Query Memory Page
|
Get all handles.
|
Get all threads.
|
Get All Symbols.
|
Get Symbols from module.
|
Get a Back Trace (Call stack).
|
Get the call tree of given address.
|
Find which module an address belongs to.
|
Find a module by name (case insensitive).
|
Get a the process heaps
|
Get the address from an expression as ntdll.RtlAllocateHeap
|
Get the address from an expression as ntdll.RtlAllocateHeap
|
This function shows an Error dialog with a custom message.
|
Opens text file in MDI windows. ( if no path is specified browsefile dialog will pop up ) |
Sets the status bar message.
|
Adds multiple lines of ASCII text to the log window.
|
Adds a single line of ASCII text to the log window.
|
Creates a custom window.
|
Creates a custom window.
|
Set focus on window.
|
Does a window still exist?
|
Sets and logs a status bar message.
|
Flashes a message at status bar.
|
Displays a progress bar which can contain formatted text and a progress percentage. If the formatted text contains a dollar sign ('$') it will be replaced by the current progress percentage.
|
Get the comment of the opcode line.
|
Set a comment.
|
Set a label.
|
Find exported function on the loaded dlls.
|
Check if debugger is running under a vmware machine
|
Set a Manual Breakpoint.
|
Set an Unconditional Breakpoint.
|
Set a Conditional Breakpoint.
|
Set a Logging Breakpoint. (This breakpoint will not puase the execution, it will just act as a Watch point"
|
Set a watching Breakpoint.
|
Set a Temporary Breakpoint.
|
Set a Breakpoint.
|
Set a Breakpoint.
|
Disable Breakpoint.
|
Delete Breakpoint.
|
Get the Breakpoint type.
|
Modifies or removes a memory breakpoint.
|
Write long to memory address.
|
Write buffer to memory address.
|
Read block of memory.
|
Read a Long from the debugged process
|
Read a string from the remote process
|
Read a unicode string from the remote process
|
Read string until ending starting at given address
|
Read a short integer from the remote process
|
Search a short integer on the remote process memory
|
Search a short integer on the remote process memory
|
Search string in executable memory.
|
Search string in writable memory.
|
Search string in readable memory.
|
Search string in memory.
|
Search for a sequence of commands in all executable modules loaded.
|
Search for a sequence of commands in given executable module.
|
Run Process untill address.
|
Step-Over Process untill address.
|
Step-in Process untill address.
|
Ignore Single Step events
|
Open process for debugging
|
Restart debuggee
|
Attach to an active process
|
Set/Unset silent debugging flag
|
Add a header to given row.
|
Removes header from row.
|
Removes header from row.
|
Get Header from row.
|
Add a line to cpu window.
|
GoTo the Disassembler Window.
|
GoTo Dump Window.
|
GoTo the Stack Window.
|
Creates Dialog with an input_box.
|
Creates Dialog with a combo_box.
|
Get the status of the debugged process.
|
Is the debugged process stopped?
|
Is the debugged process in an event state?
|
Is the debugged process running?
|
Is the debugged process finished?
|
Is the debugged process closed?
|
List of active hooks
|
Virtual Allocation on the Debugged Process
|
Virtual Free of memory on the Debugged Process
|
Virtual Allocation on the Debugged Process
|
Get OS information
|
Return current debuggee thread id
|
Look up into our dictionaries to find a function match.
|
Search memory to find a function that fullfit the options.
|
Look up into our dictionaries to find a function match.
|
|
Return a SHA-1 hash of the function, taking the raw bytes as data.
|
Return a list with the best BB to use for a search and the heuristic hash of the function. This two components are the function hash.
|
This function finds Natural Loops inside a function. Each loop item has the following structure: [ start, end, nodes ] start: address of node receiving the back edge. end: address of node which has the back edge. node: list of node's addresses involved in this loop. @type address: DWORD @param address: function start address @rtype: LIST @return: A list of loops |
timeout is in seconds. this function will sleep 1 second at a time until timeout is reached or the debugger has stopped (probably due to AV) returns True if we were stopped before timeout happened |
This function loads a DLL into the debugged process.
|
Trees | Indices | Help |
|
---|
Generated by Epydoc 3.0.1 on Thu Mar 17 18:43:02 2011 | http://epydoc.sourceforge.net |