IMMUNITY DEBUGGER

 

Objective: Analyze an exe using Immunity Debugger

Outcome:  To practice disassembling and modifying binaries.

Problem Statement: Examine the 00000.exefile using Immunity Debugger

Background Study:  Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

First we will download the 00000.exe file and try to launch it and after it ask for Launch code we will enter 1 and it will show a  message which is basically an error message 

Now we will start Immunity debugger and will load our first file named as “00000.exe” We will find for the word JMP and JNZ which are highlighted in green and we will right click on both of them one by one and will assemble them.

After clicking on assembling we will find the address there we will remove it and will use “NOP”  there and the same on JNZ 

Once its done we will see NOP listed so  many times on screen.

Then we will right click on same screen and will use “Copy to Executable” and then will click “All modifications”.

After that we will have another screen popped up there we will right click again and will save the file  by name “00000NEWexe’

Once file is saved run that file and we will get the answer