ImmunityDebuggerのバージョンアップとfindinstruction.py

ImmunityDebuggerのバージョンアップでいつの間にかPyCommandの仕様に変更があったようで、リバースエンジニアリングに載っているfindinstruction.pyが動かなくなっていたので修正しました。元のコードはコメントアウトしてあります。

from immlib import *



def main(args):

    imm = Debugger()

    search_code = " ".join(args)

  

    #search_bytes = imm.Assemble(search_code)

    search_bytes = imm.assemble(search_code)

    #search_results = imm.Search(search_bytes)

    search_results = imm.search(search_bytes)



    for hit in search_results:

        #code_page = imm.getMemoryPagebyAddress(hit)

        code_page = imm.getMemoryPageByAddress(hit)

        access = code_page.getAccess(human=True)



        if "execute" in access.lower():

            imm.log("[*] Found: %s (0x%08x)" % (search_code, hit))



    return "[*] Finished searching for instructions, check the Log window."

これを参考にしました。

>>>dir(imm)

['Attach', 'BackTrace', 'Detach', 'Eventndx', 'Handles', 'Heaps', 'HeapsAddr', 'MemoryPages', 'Modules', 'Symbols', 'Threads', '__class__', '__delattr__', '__dict__', '__doc__', '__format__', '__getattribute__', '__hash__', '__init__', '__module__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', '_createCodeforHook', '_getHookEntry', '_getmoduleinfo', 'addFastLogHook', 'addGenHook', 'addHeader', 'addKnowledge', 'addLine', 'analyseCode', 'assemble', 'callStack', 'cleanHooks', 'cleanKnowledge', 'cleanUp', 'clearState', 'clearStatusBar', 'closeProgressBar', 'comboBox', 'createLogWindow', 'createTable', 'createWindow', 'decodeAddress', 'deleteBreakpoint', 'disableBreakpoint', 'disableMemBreakpoint', 'disasm', 'disasmBackward', 'disasmBackwardAddressOnly', 'disasmBackwardCode', 'disasmBackwardData', 'disasmBackwardFile', 'disasmBackwardRTrace', 'disasmBackwardSizeOnly', 'disasmBackwardTrace', 'disasmCode', 'disasmData', 'disasmFile', 'disasmForward', 'disasmForwardAddressOnly', 'disasmForwardCode', 'disasmForwardData', 'disasmForwardFile', 'disasmForwardRTrace', 'disasmForwardSizeOnly', 'disasmForwardTrace', 'disasmRTrace', 'disasmSizeOnly', 'disasmTrace', 'error', 'findDataRef', 'findDecode', 'findDependecies', 'findLoops', 'findModule', 'findModuleByName', 'findPacker', 'flashMessage', 'forgetKnowledge', 'getAddress', 'getAddressOfExpression', 'getAllBasicBlocks', 'getAllFunctions', 'getAllHandles', 'getAllModules', 'getAllSymbols', 'getAllSymbolsFromModule', 'getAllThreads', 'getAnalyseComment', 'getArgumentsComment', 'getBreakpointType', 'getCallTree', 'getComment', 'getCurrentAddress', 'getCurrentTEBAddress', 'getDebuggedName', 'getDebuggedPid', 'getEvent', 'getFunction', 'getFunctionBegin', 'getFunctionEnd', 'getHeader', 'getHeap', 'getHeapsAddress', 'getInfoPanel', 'getInterCalls', 'getKnowledge', 'getLibraryComment', 'getMemoryPageByAddress', 'getMemoryPageByOwner', 'getMemoryPageByOwnerAddress', 'getMemoryPages', 'getModule', 'getModuleByAddress', 'getOpcode', 'getOsInformation', 'getOsRelease', 'getOsVersion', 'getPEB', 'getPEBAddress', 'getPage', 'getReferencedStrings', 'getRegs', 'getRegsRepr', 'getSehChain', 'getShellcodeExecutionNoMatterWhat', 'getStatus', 'getThreadId', 'getTraceArgs', 'getUserComment', 'getVariable', 'getXrefFrom', 'getXrefTo', 'goNextProcedure', 'goPreviousProcedure', 'goSilent', 'gotoDisasmWindow', 'gotoDumpWindow', 'gotoStackWindow', 'ignoreSingleStep', 'injectDll', 'inputBox', 'isAdmin', 'isAnalysed', 'isClosing', 'isEvent', 'isFinished', 'isRunning', 'isStopped', 'isValidHandle', 'isVista', 'isVmWare', 'isWin7', 'listHooks', 'listKnowledge', 'log', 'logLines', 'makeFunctionHash', 'makeFunctionHashExact', 'makeFunctionHashHeuristic', 'manualBreakpoint', 'markBegin', 'markEnd', 'oldSearch', 'openProcess', 'openTextFile', 'osrelease', 'ossystem', 'osversion', 'pause', 'prepareForNewProcess', 'ps', 'quitDebugger', 'rVirtualAlloc', 'rVirtualFree', 'readLong', 'readMemory', 'readShort', 'readString', 'readUntil', 'readWString', 'remoteVirtualAlloc', 'removeHeader', 'removeHook', 'removeLine', 'resolvFunctionByAddress', 'restartProcess', 'run', 'runTillRet', 'search', 'searchCommands', 'searchCommandsOnModule', 'searchFunctionByHeuristic', 'searchFunctionByName', 'searchLong', 'searchOnExecute', 'searchOnRead', 'searchOnWrite', 'searchShort', 'setBreakpoint', 'setBreakpointOnName', 'setComment', 'setConditionalBreakpoint', 'setFocus', 'setHardwareBreakpoint', 'setLabel', 'setLoggingBreakpoint', 'setMemBreakpoint', 'setProgressBar', 'setReg', 'setStatusBar', 'setStatusBarAndLog', 'setTemporaryBreakpoint', 'setUnconditionalBreakpoint', 'setVariable', 'setWatchPoint', 'sleepTillStopped', 'stepIn', 'stepOver', 'threadid', 'undecorateName', 'updateLog', 'validateAddress', 'vmQuery', 'writeLong', 'writeMemory']