content: "blog"; depth: 0;

Reversing TLS Callbacks with pefile and Immunity Debugger

22 Apr 2010

Posted by bobbyn

tlsloader.py is python script that can be used as a PyCommand within Immunity Debugger to load a PE file, set breakpoints on all TLS callback functions, and stop execution at the first TLS callback function. Just place it within the PyCommands directory and type "!tlsloader <path_to_file>" in the command box to run it. Additional details will be written to the Log window (Alt + L).

Usage of this PyCommand requires you to configure the debugger to make its first pause at the system breakpoint (which not the default setting). To make this change, go to "Options" -> "Debugging options" -> [Events]. I don't believe that the python API allows me to do this automatically (or at least I didn't find it).

If the PE file doesn't contain any TLS callback functions, execution will be paused at the entry point as defined in the PE header. Note: this script does not currently work on DLLs.

Tags:

| Add a Comment

Open a File Handle within Immunity Debugger

15 Nov 2009

Posted by bobbyn

openfh.py is a python script that can be used as a PyCommand within Immunity Debugger to open a file handle under the debugged process. Just place it within the PyCommands directory and type "!openfh <path_to_file>" in the command box to run it.

The new file handle will be shown in the message box at the bottom of the window and additional details will be written to the Log window (Alt + L). Registers and CPU status flags should all be preserved.

Tags:

| Add a Comment

GIMPshop on Snow Leopard

14 Nov 2009

Posted by bobbyn

I’ve gotten used to GIMPshop, though the application hasn’t been maintained in a long time. It only supports Mac OS X 10.3 (Panther) and 10.4 (Tiger) out of the box, but you can get it to work on 10.5 (Leopard) and 10.6 (Snow Leopard) with a few minor changes.

Tags:

| 11 Comments

Peppers so far this year

12 Jul 2009

Posted by bobbyn

I decided to plant my peppers in 5-gal nursery pots this year instead of directly in the ground. The soil in the ground is mostly clay I think is really restricting root growth. So, I got a bunch of 5-gal nursery pots and a couple of bales of ProMix and went to town. I ended up planting a couple in the ground and they haven't grown nearly as much as their potted counterparts. Everything has been going pretty well so far and the peppers are starting to roll in.

Tags:

peppers

| 1 Comment

Mail.app PreferPlainText

28 Mar 2009

Posted by bobbyn

My goal was to have Mail.app (the built in email client in OSX) refrain from downloading remote images referenced in emails and also display emails as plain text. I thought that this should be a pretty easy task, but it doesn't seem to be supported by Apple.

Tags:

| 2 Comments

Last Year's Peppers

26 Mar 2009

Posted by bobbyn

Last year, I had about 80 pepper plants in the ground which yielded enough to help me through the winter :-) What I couldn't eat fresh I froze, canned, or threw into a home-made hot sauce. Below are the different varieties I grew last year (the heat levels are in scoville units):

Tags:

peppers

| Add a Comment

First Blog

20 Mar 2009

Posted by bobbyn

I'm still not so sure about the whole blogging bit. I figured that I would give it a shot in order to help me actually update information on this site instead of always having extremely out-dated content on it. We'll see how it goes.

Tags:

uncategorized

| Add a Comment

Tags

Friends