mona.py

mona.py is a Immunity Debugger script used for searches in exploit development.

Mona commands are prefixed with !mona. Use the command bar to execute any script commands.

List sections in program memory

Use the command bar to type !mona modules to list the program and loaded libraries’ locations in memory.

Pay attention to permissions!

Pay attention to the permissions of the module the string appears in. If the page only has READ permission and DEP is on, redirecting execution to that page will crash the application.

Find instruction / gadget / hex string

To look for this instruction:

jmp esp ; opcode: ffe4

Run this command in the command bar:

!mona find -s "\xff\xe4" -m "libspp.dll"

Security Memo

Recent Notes

SMART

Bossa Nova

ZFS

post-rock

2024-09-27

mona.py

List sections in program memory

Find instruction / gadget / hex string

Graph View

Table of Contents

Backlinks