mona.py

mona.py is a Immunity Debugger script used for searches in exploit development.

Mona commands are prefixed with !mona. Use the command bar to execute any script commands.

List sections in program memory

Use the command bar to type !mona modules to list the program and loaded libraries’ locations in memory.

Pay attention to permissions!

Pay attention to the permissions of the module the string appears in. If the page only has READ permission and DEP is on, redirecting execution to that page will crash the application.

Find instruction / gadget / hex string

To look for this instruction:

jmp esp ; opcode: ffe4

Run this command in the command bar:

!mona find -s "\xff\xe4" -m "libspp.dll"

📖 Notes

Recent Notes

heap exploitation

2024-06-05

2024-06-04

2024-06-03

2024-05-29

mona.py

List sections in program memory

Find instruction / gadget / hex string

Graph View

Table of Contents

Backlinks