Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ancat/ppr-finder
A WinDbg script to find pop-pop-ret sequences within a module loaded in memory
https://github.com/ancat/ppr-finder
Last synced: about 1 month ago
JSON representation
A WinDbg script to find pop-pop-ret sequences within a module loaded in memory
- Host: GitHub
- URL: https://github.com/ancat/ppr-finder
- Owner: ancat
- Created: 2012-11-26T22:55:54.000Z (about 12 years ago)
- Default Branch: master
- Last Pushed: 2012-11-26T23:16:03.000Z (about 12 years ago)
- Last Synced: 2023-03-24T10:57:03.963Z (almost 2 years ago)
- Size: 109 KB
- Stars: 2
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
ppr-finder
==========A WinDbg script to find pop-pop-ret sequences within a module loaded in memory.
Goes great with narly!
Basic Instructions
==================How to use ppr-finder with narly:
1. Load narly
2. Enumerate target modules with !nmod
3. Pick an address range belonging to a module, preferably without ASLR and SafeSEH off
4. Run the script
$$>a