heaper, an advanced heap analysis plugin for Immunity Debugger
Pull request Compare This branch is 10 commits behind stevenseeley:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
README.md
gpl-3.0.txt
heaper.py
heaper_example.png
heaper_graphing.png
heaper_usage.png
libheap.py

README.md

About

heaper is an Immunity Debugger plugin that is designed to help analyse heap structures under the windows environment. Often, exploitation of windows heap overflows and other vulnerabilities associated with the heap are very complex due to the dynamic nature of the heap manager.

With heaper, you can quickly visualize heap data structures, hook important heap api and determine possible exploitation paths. It is designed for analysts looking to determine the heap layout in a target process.

Currently there is full support for Windows XP. In the near future it will support Windows 7/8 heap managers.

Setup

You will need to install the following prerequisites:

Then once you have completed that, copy heaper.py into your immunity debugger pycommands directory typically: 'C:\Program Files\Immunity Inc\Immunity Debugger\PyCommands'.

Usage

simply start heaper by executing '!heaper' in Immunity Debuggers command window.

Screenshots

heap usage heaper hooking RtlAllocateHeap heaper viewing the lookaside[0x123]

License

'heaper' is available under the GPLv3 license, please see the included file gpl-3.0.txt for details.