Immunity

!mona modules

• run this command in Immunity and look for a file or DLL that does not use DEP and ASLR protections

• 

!mona find -s "\xff\xe4" -m minishare.exe

• find a specific op code in a specific file

• • in this case op code is for jmp esp

  • in this case the file we are searching in is minishare.exe

Reset Immunity to Default View

• Close all windows

• View > CPU

• Window > Tile Horizontal