Mona v1.2 released

6 months after releasing v1.1, we're back with a new official release : v1.2
Added by Peter over 2 years ago

Introduction

6 months after releasing v1.1, we're back with a new official release.
A few things have changed in v1.2.
First of all, I will no longer keep 2 separate branches.
There will be the trunk (dev) version, and that's it.
The release folder hasn't disappeared yet (to allow older 'release' versions to update to the new 1.2), but the update routine has been changed to target the trunk version at all times.
This also means you can no longer change between trunk and release using the -t parameter in the update command.

With this announcement, the version number will be changed to 1.3-dev.

If you have been using the dev/trunk version of mona (and keeping it up to date), you've already been able to enjoy the new changes to mona.py.
mona.py is actively being updated, so we advise everyone to run !mona update at least every other day.

What else is new in v1.2 ?

  • Bugfixes : click here to get a list
  • New features : click here for a list:
    • The output of findmsp is now properly stored into a text file
    • Made some changes to the Metasploit templates. They no longer include SVN propset attributes or unnecessary references to Corelan
    • The default behaviour for the 'seh' command has changed. By default, the routine no longer searches for instructions outside of the loaded modules. If you want to instruct mona to search all virtual memory, use the -all parameter
    • Added the 'heap' command, which allows you to query LookAsideList and FreeLists
    • Added the 'getiat' command, which allows you to show/filter IAT entries from selected modules
    • Added the 'findwild' command, which allows you to perform powerful wildcard searches
    • Added the 'breakfunc' command, which allows you to set mass breakpoints on certain functions
    • pattern_create can now output a cyclic pattern in javascript unescape format
    • The offset from entries in the IAT to interesting functions is displayed (ropfunc)
    • The find command now has a '-unicode' switch, which allows you to search for the unicode version of an ASCII string
    • The entire ROP routine has been rewritten and will now produce ROP chains for VirtualProtect, VirtualAlloc, NtSetInformationProcess and SetProcessDEPPolicy
    • The stackpivots output is now sorted by size, which makes it easier to find the pivot you need.
    • The header function is now capable of detecting unicode and uses the Rex command to reproduce them
    • All commands now have aliases (a short version of the full command), which makes it even easier to use mona
    • The filecompare command now has a -range option, allowing you to find matching pointers in a range (using the pointers in the first file as start address)

We hope you like this new release.
If you find bugs or want to submit patches, don't hesitate to create a useraccount on redmine, send me an email so I can enable the account, and create a ticket.


Comments