Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ancat/ppr-finder

A WinDbg script to find pop-pop-ret sequences within a module loaded in memory
https://github.com/ancat/ppr-finder

Last synced: about 1 month ago
JSON representation

A WinDbg script to find pop-pop-ret sequences within a module loaded in memory

Awesome Lists containing this project

README

        

ppr-finder
==========

A WinDbg script to find pop-pop-ret sequences within a module loaded in memory.

Goes great with narly!

Basic Instructions
==================

How to use ppr-finder with narly:

1. Load narly
2. Enumerate target modules with !nmod
3. Pick an address range belonging to a module, preferably without ASLR and SafeSEH off
4. Run the script
$$>a