Immunity Debugger

If the register panel ever goes blank it means that the thread has died. Clicking the c button will return you back to the currently active thread. The letter t will show you all the currently active threads.

Mona Commands

!mona modules -o #Display loaded modules, their addresses, and their protections which are specific to the executable.
!mona jmp -r esp ## Find all JMP ESPs including those in kernel32 and ntdll.dll
!mona jmp -r esp -m mymodule.dll  ## Find JMP ESP in the module mymodule.dll

Short cuts

CTRL-G  # Open the address jump box
SHIFT-F7 # Pass the exception
F2 # Set breakpoint

PreviousData Execution Prevention (DEP) Bypasses NextIDA

Last updated 4 years ago