SecurityXploded.com
Follow us on Twitter
Latest Tool
 
ProcNetMonitor 2.7

Updated: 2 Sep 2010

Tool of the Month
 
Book of the Month
 
Book of the month
Recommended book for any one who would like to know in & out of the Cyber crooks, their operations and the framework in which they operate to make millions behind the lines. Book of the month list.
 
 
Latest Stuff
 
 
 
Top Tools
 
...more statistics
 
 
Top Articles
 
 
 
Submit Feedback
 
Submit the feedback
 
Submit any errors, suggestions and feedbacks.
 
 
Associations
 
http://forum.spywareanalytics.com/
 
SecureGossip.com
 
 
EvilFingers.com
 
 
 
 
ProcHeapViewer : Tool to Scan Process Heaps faster than ever - www.SecurityXploded.com
 
 
ProcHeapViewer
Download ProcHeapViewer
 
Star Award by Download.HR Freeware Award by BestVistaDownloads Five Star Award by Top4Download EditorPick Award by Softsea
See Also
 
 
About ProcHeapViewer
This is the tool to enumerate process heaps on windows. It uses much better technique than slower Windows heap API functions which makes it faster and efficient. You can enumerate the heaps from normal Windows processes as well as system services. Its very useful tool for anyone involved in analyzing process heaps. Vulnerability researchers can use it as a side tool for discovering heap related vulnerabilities.
 
The new version provides support for Windows 7. It also presents the enhanced user interface with cool look & feel.
 
 
Making of ProcHeapViewer
Some time back I was doing password strength related research on Yahoo Messenger. It used to store the password on the heap and I wrote an sample tool using normal heap functions to locate and retrieve the password. The password was basically located on one of the heap block which was near the end of 60,000th block. So I had to traverse all the 60,000 heap blocks using Heap32Next function and it took more than 10 minutes..! I tried running the program on multiple machines but it took almost same amount of time. I was getting irritated as I had to wait for so long every time I run my program.

To find a way around this timing problem, I tried looking on the internet for answers but found nothing. Then I finally resort to finding the truth myself and started reverse engineering the Windows heap functions. Finally after few hours of work, I found the reason behind the delay and wrote my own implementation which took little more than few seconds.

For the complete story behind the creation of ProcHeapViewer, read the detailed article here.
 
 
ProcHeapViewer in Action
 
 Screen 1:  Viewing the heaps within the process,  Explorer.exe
 
Process Heap Viewer1
 
 Screen 2:  Searching for the strings within the heap block.
 
Process Heap Viewer 2
 
 
Using the ProcHeapViewer

This is standalone tool and does not require any installation.

  • Launch ProcHeapViewer by clicking on the binary file. It automatically loads all running processes including services.
  • Select any process from the list. Then all the heap nodes for that process will be displayed.
  • Now you can click on any of the heap nodes to display all the heap blocks within it.
  • Next click on one of the heap block to view its content. You can store this data by clicking on the 'save' button. To get back to the main screen, simply click on 'close' button.
  • You can use 'Find' button to search for strings within the selected heap block. Select the 'Unicode' check box for searching Unicode strings.
 
History
 
Version 3.0:  17th Jan 2009
Support for Windows 7, Enhanced user interface with pictured buttons.
 
Version 2.5: 4th July 2009
Refined the about dialog. Added quick links for about section as well as direct link to the website page to facilitate easy updates.
 
Version 2.2: 9th Jan 2009
Support for viewing the heap blocks and heap data by scrolling through the keyboard. This makes it easy and faster to quickly view the heap data by just using the up/down keys.
 
Version 2.1: 5th Oct 2008
Improved the user interface with new look & feel including the banner and about dialog. Integrated the new search feature which makes it easy to find the ASCII as well as Unicode strings within heap blocks.
 
Version 1.0: 17th June 2007
First public release of the ProcHeapViewer.
 
 
Download ProcHeapViewer
 
FREE Download ProcHeapViewer 3.0

License  : Freeware
Platform : Windows XP, 2003, Vista & Win7

 win7
Freeware Award by FreewareGeeks        Clean Award by GearDownload       
 
 
References
 
 
See Also
 
 
 
 
 
 
 
 
 
 
Sponsored Information
 
650-621 helps you categorize the value of the Cisco Lifecycle Services for Advanced Wireless. 70-630 is related to networking infrastructure services, incorporating TCP/IP and clustering. 642-432 test judges a candidate's ability of understanding related to the implementation and support of data and voice assimilation solutions at the network-access level. 70-282 involves the devising, developing, and organizing a network elucidation for a small and medium-sized business. E20-001 can easily be prepared with the help of online exam guides.
 
 
 
 
Home - Tools - Articles - Research - Download - Statistics - Blog - PAD Files - About - Contact
Total Hit Count: Hit Count
www.SecurityXploded.com © 2010, All rights reserved. Submit Feedback | Privacy Policy | License & Disclaimer | Contact Us