The best of both worlds
GUI and Command line
Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.
Immunity Debugger's interfaces include the GUI and a command line. The command line is always available at the bottom of the GUI. It allows the user to type shortcuts as if they were in a typical text-based debugger, such as WinDBG or GDB. Immunity has implemented aliases to ensure that your WinDBG users do not have to be retrained and will get the full productivity boost that comes from the best debugger interface on the market.
Commands can be extended in Python as well, or run from the menu-bar.
Python commands can also be run directly from our Command Bar. Users can go back to previously entered commands, or just click in the dropdown menu and see all the recently used commands.
From the command line menu, you can choose to start a threaded command line server, so you can debug remotely from another computer:
Python scripts can be loaded and modified during runtime. The included Python interpreter will load any changes to your custom scripts on the fly. Sample scripts are included, as is full documentation on how to create your own.
Immunity Debugger's Python API includes many useful utilities and functions. Your scripts can be as integrated into the debugger as the native code. This means your code can create custom tables, graphs, and interfaces of all sorts that remain within the Immunity Debugger user experience. For example, when the Immunity SafeSEH script runs, it outputs the results into a table within the Immunity Debugger window.
Other scripts can ask for user input with dialogs and combo boxes:
Having a fully integrated Python scripting engine means you can easily paint variable sizes and track variable usage, which in turn comes in handy when trying to automatically find bugs!
Often you will want to run a Python script on certain program events, for example when a breakpoint is hit or an exception is caused. Immunity Debugger's hook support includes many debugger events, and more are added with every release.
Built in Graphing Another Immunity Debugger feature is the capability of creating function graphs. Our Python VCG library will create a window inside Immunity Debugger at the click of a button to graph your selected function. No third party software is required.
Immunity Debugger strives to absorb as few resources on the system as possible. Being too CPU-heavy will cause heap overflows and other complex vulnerabilities to behave differently than they would under normal load. Likewise, fuzzing and other vulnerability analysis is only possible when the debugger is not causing undue system strain.
Most debuggers offer only one method to allow you to attach to a process of interest - the pid and the process name. Immunity Debugger offers the pid, process name, services within that process, TCP/UDP ports listened to by that process, complete binary name, and window name. This allows quick and easy access to the exact process you wish to analyze.