Once you have accepted the site's SSL certificate and the page has loaded, attach Immunity Debugger to the firefox.exe process and set a breakpoint on nspr4.PR_Write.
Immunity Debugger help on Breakpoints (Ordinary):
You place this breakpoint by selecting the command in Disassembler and pressing F2, or over pop-up menu.
Well, I had no idea where the assembly was for the nspr4.PR_Write routine. After digging around, I came across the "Executable modules" window. I did the following:
- Sorted by name
- Found the 'nspr4' module
- Right-clicked and chose 'View names' in the drop down
- In the 'Names in nspr4' window, typed in PR_Write' and selected the instance
- Hit F2 (which caused the address to become red and an entry to appear in the 'Breakpoints' window
From there, I was able to complete the exercise with no problem.
0 comments:
Post a Comment