In this tutorial we create the first component of a binary diffing utility. We use automatically spawning netcat listeners to access the remote machine. We use AutoIT to launch the debugger and send some keystrokes the the Immunity support threads indicate don't work remotely and to actually start the debugger. We use immunity debugger for loading the binary, function recognition, basic block disassembly, and dumping this data both to the log window and to a socket. We then review a ruby connector for the immunity remote debugging console. I couldn't find the api to send data back through the remote connection, so I created another socket instead. We then save the binary dump information. We will cover the actual comparisons and some code clean up in another video. There may be a third where we cover going a bit further and determining module memory that is not within functions and trying to diff that as well...if there is enough interest. I misspoke in the video @var is not a ruby global it's a ruby instance variable, anyway ruby has a bunch of scoping options(an instance variable is global to a single instance of a class, but hidden outside of the class and from other instances). The graphing functions in ImmDbg are located in the libs subdirectory if you are looking for them. Let me know if this is they type of thing you were looking for in the ruby for hackers segment in the comments section. If there are particular functionalities you want covered let me know.

Loading more stuff…

Hmm…it looks like things are taking a while to load. Try again?

Loading videos…