Immunity Debugger

The Letter e will show the loaded modules.

The letter c will return you to the CPU instruction page.

The letter m will show the memory map.

If the register panel ever goes blank it means that the thread has died. Clicking the c button will return you back to the currently active thread. The letter t will show you all the currently active threads.

High lighted stack pointer inside of the stack pane section of the CPU page.

Mona Commands

!mona modules -o #Display loaded modules, their addresses, and their protections which are specific to the executable.
!mona jmp -r esp ## Find all JMP ESPs including those in kernel32 and ntdll.dll
!mona jmp -r esp -m mymodule.dll  ## Find JMP ESP in the module mymodule.dll

Short cuts

CTRL-G  # Open the address jump box
SHIFT-F7 # Pass the exception
F2 # Set breakpoint
PreviousData Execution Prevention (DEP) BypassesNextIDA

Last updated

Was this helpful?