Still some work need on the phantom heaps...

haystack/allocators/win32/winxpheap32.constraints

@@ -52,6 +52,7 @@ Signature: [0xffeeffee]
 LastValidEntry: IgnoreMember
 # 2015-09-09 from tests. Some old remnant have heap == 0 and signature == 0
 Heap: NotNull
+BaseAddress: NotNull
 #    ('Heap', POINTER_T(struct__HEAP)),
 #    ('BaseAddress', POINTER_T(None)),
 #    ('FirstEntry', POINTER_T(struct__HEAP_ENTRY)),

haystack/allocators/win32/winxpheap64.constraints

@@ -53,6 +53,7 @@ Signature: [0xffeeffee]
 LastValidEntry: IgnoreMember
 # 2015-09-09 from tests. Some old remnant have heap == 0 and signature == 0
 Heap: NotNull
+BaseAddress: NotNull
 #    ('Heap', POINTER_T(struct__HEAP)),
 #    ('BaseAddress', POINTER_T(None)),
 #    ('FirstEntry', POINTER_T(struct__HEAP_ENTRY)),

test/haystack/allocators/win32/test_win7walker.py

@@ -52,7 +52,7 @@ def test_freelists(self):
             heap = heap_walker.get_heap_mapping()
             log.debug(
                 '==== walking heap num: %0.2d @ %0.8x',
-                self._heap_finder._read_heap(heap, heap_addr).ProcessHeapsListIndex, heap_addr)
+                heap_walker.get_heap().ProcessHeapsListIndex, heap_addr)
             walker = self._heap_finder.get_heap_walker(heap)
             for x, s in walker._get_freelists():
                 m = self._memory_handler.get_mapping_for_address(x)
@@ -104,7 +104,6 @@ def test_sorted_heaps(self):
         walkers = finder.list_heap_walkers()
         self.assertEquals(len(walkers), len(putty_1_win7.known_heaps))
         for i, walker in enumerate(walkers):
-            # print '%d @%0.8x'%(finder._read_heap(m).ProcessHeapsListIndex, m.start)
             self.assertEquals(walker.get_heap().ProcessHeapsListIndex, i + 1, 'ProcessHeaps should have correct indexes')
         return
 
@@ -151,6 +150,8 @@ def test_get_frontendheap(self):
                         'UnusedBytes == 0x5, SegmentOffset == %d' %
                         (st._0._1._0.SegmentOffset))
 
+                # FIXME, in child of 0x005c0000. LFH. What are the flags already ?
+                print hex(chunk_addr)
                 self.assertTrue(
                     st._0._1.UnusedBytes & 0x80,
                     'UnusedBytes said this is a BACKEND chunk , Flags | 2')

test/haystack/allocators/win32/test_winxpheap.py

@@ -219,7 +219,7 @@ def test_get_segment_list(self):
                 '==== walking heap num: %0.2d @ %0.8x' %
                 (heap_walker.get_heap().ProcessHeapsListIndex, heap_addr))
             walker = self._heap_finder.get_heap_walker(heap)
-            for i, segment in enumerate(validator.get_segment_list(walker._heap)):
+            for i, segment in enumerate(validator.get_segment_list(walker.get_heap())):
                 s, e = segment.FirstEntry.value, segment.LastValidEntry.value
                 segments.append((s, e))
                 #ss = self.parser.parse(segment)
@@ -234,11 +234,12 @@ def test_get_segment_list(self):
                 # except when the segment is a secondary allocated segment for the heap
                 # in that case the BaseAddress is the segment itself
                 log.debug("HEAP: 0x%x SEGMENT:0x%x BaseAddress:0x%x", heap.start, segment._orig_address_, segment.BaseAddress.value)
+                self.assertNotEqual(segment.BaseAddress.value, 0)
                 self.assertTrue(segment.BaseAddress.value in [segment._orig_address_, heap.start])
             # in this heap
             # heap.LastSegmentIndex should be i
-            log.debug("HEAP.LastSegmentIndex: 0x%x SEGMENT i:0x%x", walker._heap.LastSegmentIndex, i)
-            self.assertEquals(walker._heap.LastSegmentIndex, i)
+            log.debug("HEAP.LastSegmentIndex: 0x%x SEGMENT i:0x%x", walker.get_heap().LastSegmentIndex, i)
+            self.assertEquals(walker.get_heap().LastSegmentIndex, i)
         segments.sort()
         self.assertEquals(segments, zeus_1668_vmtoolsd_exe.known_segments)
         return