Security and Exploiting » mona

This is the Corelan Team project page for 'mona', a PyCommand for Immunity Debugger.
This PyCommand replaces pvefindaddr, which is no longer supported as of mid june 2011.

The PyCommand has been tested on Immunity Debugger 1.83. Older versions of Immunity Debugger are not supported and may not work.

Download¶

You can download the latest version here

Install¶

Simply drop mona.py in the PyCommands folder inside your Immunity Debugger program folder.

Suggested Initial configuration¶

Mona has a configuration file which can be used to set 2 global options

workingfolder

If you don't want the pycommand to write its output into the Immunity Debugger, you can set the workingfolder global option. Let's say we want to store output files in named subfolders of c:\logs :

• create c:\logs
• inside Immunity Debugger, run !mona config -set workingfolder c:\logs\%p

Note : %p will be replaced with the process name at runtime. This way, your output will be automatically categorized, making it easier to retrieve.

excluded_modules

If your exploit development machine has modules (shell extensions, etc) which you want to exclude from searches, you can simply add them to the configuration file :

!mona config -set excluded_modules "module1.dll,module2.dll"
!mona config -add excluded_modules "module3.dll"

(if you want to remove a module from the list, simply look for mona.ini in the Immunity Debugger program folder and edit the file)

Update¶

Once you have mona installed, you can update it using the following command (in Immunity Debugger)

!mona update

This will attempt to update the pycommand over https. If this fails, you can still try to run

!mona update -http

Documentation¶

You can find installation and usage instructions here

Bugs / Feature requests¶

If you want to report bugs or request features, please

• Register a useraccount on redmine (and send me an email indicating you want to report a bug or feature)
• Create a new ticket