Debugging (18)

With mona v3, debugger automation took a major leap forward. Now, with the new tellme / ai command, mona can collect crash context, heap information, registers, call stacks, disassembly, memory mappings, PoC files, heapdynamics logs, and more — and turn all of it into structured AI-ready analysis requests. Whether you want fully automated API-driven workflows with OpenAI or Anthropic, or prefer manually reviewing and submitting requests yourself, tellme brings modern AI-assisted crash triage and debugger automation directly into WinDBG and WinDBGX. This article dives deep into how it works, how to customize it, and how to build repeatable, reusable AI-assisted exploit analysis workflows on modern Windows targets. Read more

The original Corelan exploit writing tutorials helped a generation of security researchers understand how memory corruption really works. Today, we continue that journey with a second video in the series — revisiting Exploit Writing Tutorial Part 2 using a modern Windows 11 x64 lab environment, WinDBG, and mona.py. In this video, we dive into jump code, execution flow redirection, and custom jump techniques that remain essential knowledge for understanding stack-based exploitation and exploit reliability. Read more

Long overdue… but today it finally happened. We’re proud to announce the release of mona v3. This new version brings Python 2 and Python 3 compatibility (Python 3 recommended), support for both 32-bit and 64-bit targets, full integration with WinDBG and WinDBGX, continued compatibility with Immunity Debugger, and the use of the pykd-ext bootstrapper. It also includes a substantial refactor and modernization of the codebase, making it faster, leaner, and better prepared for the future. This post covers what changed, key improvements, important prerequisites, installation and migration guidance, and the current list of supported commands. Continue reading to learn all the details and discover how to get mona v3 up and running in your environment. Download links, setup instructions, and the GitHub repository are provided further down in this post. Read more

Stop just using WinDBG—start bending it to your will. Discover powerful automation, event-driven breakpoints, MASM & C++ expression evaluator, scripting, and PyKD techniques to level up your exploit development and crash analysis. Read more

The Corelan tutorials helped shape how exploit development is learned worldwide and inspired generations of security researchers. Now you can watch them come to life. Read more

Table of Contents

• Introduction
• Why WinDBG?
  • Symbols?
• Installing WinDBG Classic and WinDBGX
  • Why do we need both?
  • Scripted/automated installation
  • Manual Installation
    • Classic WinDBG
    • WinDBGX
  • Microsoft Symbol Server
  • Verify if both versions work
• Connecting to a process
  • Open executable vs Read more

Table of Contents

• Foreword
• Introduction
• Analyzing the Crash Data
• Identifying the Cause of Exception
  • Page heap
  • Initial analysis
• Reversing the Faulty Function
• Determining Exploitability
  • Challenges
  • Prerequisites
  • Heap Basics
    • Lookaside Lists
    • Freelists
  • Preventative Security Measures
    • Safe-Unlinking
    • Heap Cookies
  • Application Specific Read more

Introduction

For the past year or so I've spent a significant amount of time fuzzing various applications with the hopes of identifying exploitable crashes.  Early on in my research I quickly realized that building fuzzers and generating large quantities Read more

Introduction

Time flies. Almost 3 weeks have passed since we announced the ability to run mona.py under WinDBG.  A lot of work has been done on mona.py in the meantime.  We improved stability and performance, updated to pykd.pyd 0.2.0.14 Read more

Ho Ho Ho friends,

It has been a while since we posted something on the Corelan Team blog, I guess we all have been busy doing ... stuff and things, here and there.  Nevertheless, as the year is close Read more