WinHeap Explorer repository.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Benchmarks
IDAscripts
PHD
QRS2017
tests/winhe_test
License
Links to exploits
README.md
winhe.cpp

README.md

WinHeap-Explorer

The efficient and transparent proof-of-concept tool for heap-based bugs detection in x86 machine code for Windows applications.

Requirements

WinHeap Explorer main module

  1. Intel pin-2.14-71313-msvc10-windows http://software.intel.com/sites/landingpage/pintool/downloads/pin-2.14-71313-msvc10-windows.zip

IDAScripts

  1. IDA disassembler (6.8 or higher) + IDAPython.

Usage

pin.exe -t winhe.dll -o results.txt -d sysdlls_ins_list -redzones_size 16 -- calc.exe
-d <sysdlls_ins_list> - file with a list of instructions in system or/and user dlls that should be instrumented.
-o <log_file> - file to save results.
-redzones_size - size of redzones to check heap out of bound access (default 8).

A list of instructions to instrument may be obtained using the scripts provided in the IDAScript folder:

sysdlls_parser.py [path to system dll]
usedlls_parser.py -d 2 [path to user dll]
-d <depth_level> - search depth level for potentially dangerous routines.
Please take a look at config.conf file to configure the scripts.

NOTE: The IDAScripts is possible to use directly from IDAPro without wrappers specified above.