In v1.74 of Immunity Debugger, immlib function names were standardized to camelCase which broke the previous versions of the openfh and tlsloader PyCommands. I’ve updated them to work on the current debugger version (v1.85 at this time). [Read More]

tlsloader.py is python script that can be used as a PyCommand within Immunity Debugger to load a PE file, set breakpoints on all TLS callback functions, and stop execution at the first TLS callback function. Just place it within the PyCommands directory and type !tlsloader <path_to_file> in the command box to run it. Additional details will be written to the Log window (Alt + L). [Read More]

openfh.py is a python script that can be used as a PyCommand within Immunity Debugger to open a file handle under the debugged process. Just place it within the PyCommands directory and type !openfh <path_to_file> in the command box to run it. [Read More]