Disassembling a function with Immunity Debugger

Question

I hope I'm asking this the right way but I am just getting started trying to learn exploit development. I've taken several tutorials and started off using gdb in Linux, which I am somewhat comfortable in. I'm now starting to use Immunity Debugger on Windows and have a question about how to view functions within the gui.

In gdb I could use the commands:

info functions
disas main

and be able to see the main function. My compiled code is unstripped for simplicity.

How can I recreate this in Immunity or OllyDbg? I want to see a list of functions so I can either examine them or set breakpoints on them. I can't seem to figure it out!

Thanks!

Answer 1

This can be achieved programatically in ImmunityDebugger:

module = imm.getModule('calc.exe')
if not module.isAnalysed():
    module.Analyse()
functions = imm.getAllFunctions(module.getBase())
# functions is a list of function addresses in calc.exe

There is also another function:

imm.searchFunctionByName('name_to_search')

But in my experience, this is not very reliable. IDA Pro is the better way to achieve this. Its disassembly engine is superior to Ollydbg. You could get the function offets from IDA and then find them in Ollydbg.

Lastly, I would recommend WinDbg if you are doing exploit development. It takes time to learn it, but is more powerful and feature-rich than Ollydbg ( kernel debugging, for instance).