Overview

This is the Corelan Team project page for 'mona', a debugger plugin / Exploit Development Swiss Army Knife.
This plugin replaces pvefindaddr, which is no longer supported as of mid june 2011.

The plugin has been tested on
  • Immunity Debugger 1.83 and up. (Older versions of Immunity Debugger are not supported and may not work.)
  • WinDBG

Download

You can download the latest version here
In case github is down, you can find a mirror of the file here

Install

Immunity Debugger :
Simply drop mona.py in the PyCommands folder inside your Immunity Debugger program folder.

WinDBG
Check installations instructions here

Suggested Initial configuration

Mona has a configuration file which can be used to set 2 global options

workingfolder

If you don't want the pycommand to write its output into the Immunity Debugger or WinDBG program folder, you can set the workingfolder global option. Let's say we want to store output files in named subfolders of c:\logs :

  • create c:\logs
  • inside Immunity Debugger, run !mona config -set workingfolder c:\logs\%p
  • inside WinDBG, run !py mona config -set workingfolder c:\logs\%p

Note : %p will be replaced with the process name at runtime. This way, your output will be automatically categorized, making it easier to retrieve.

excluded_modules

If your exploit development machine has modules (shell extensions, etc) which you want to exclude from searches, you can simply add them to the configuration file :
Immunity
!mona config -set excluded_modules "module1.dll,module2.dll"
!mona config -add excluded_modules "module3.dll"

WinDBG :
!py mona config -set excluded_modules "module1.dll,module2.dll"
!py mona config -add excluded_modules "module3.dll"

(if you want to remove a module from the list, simply look for mona.ini in the Immunity Debugger program folder and edit the file)

Update

Once you have mona installed, you can update it using the following command
Immunity Debugger:

!mona update

WinDBG

!py mona update

This will attempt to update the pycommand over https. If this fails, you can still try to run

Immunity Debugger:

!mona update -http

WinDBG

!py mona update -http

Documentation

You can find installation and usage instructions here

Bugs / Feature requests

If you want to report bugs or request features, please
  • Register a useraccount on redmine (and send me an email indicating you want to report a bug or feature)
  • Create a new ticket

Want to contribute yourself ?

Create a ticket and submit patches (diff against last version of mona.py)

License

mona.py is released under the BSD-3 license:

Copyright (c) 2011-2012, Peter Van Eeckhoutte - Corelan GCV
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
    * Redistributions of source code must retain the above copyright
      notice, this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright
      notice, this list of conditions and the following disclaimer in the
      documentation and/or other materials provided with the distribution.
    * Neither the name of Corelan nor the
      names of its contributors may be used to endorse or promote products
      derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL PETER VAN EECKHOUTTE OR CORELAN GCV BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Development Documentation

Check http://pydoc.corelan.be/mona

Issue tracking

View all issues

Latest news

Mona v1.2 released
6 months after releasing v1.1, we're back with a new official release : v1.2
Added by Peter over 2 years ago

Mona v1.1 released
About a month after the release of mona.py, we're back with our first official update to mona.py
Added by Peter about 3 years ago

View all news