This is the tool to enumerate process heaps on windows. It uses much better technique than slower Windows heap API functions which makes it faster and efficient. You can enumerate the heaps from normal Windows processes as well as system services. Its very useful tool for anyone involved in analyzing process heaps. Vulnerability researchers can use it as a side tool for discovering heap related vulnerabilities.

Some days back I was doing password strength related research on Yahoo Messenger. It used to store the password on the heap and I wrote an sample tool using normal heap functions to locate and retrieve the password. The password was basically located on one of the heap block which was near the end of 60,000th block. So I had to traverse all the 60,000 heap blocks using Heap32Next function and it took more than 10 minutes..! I tried running the program on multiple machines but it took almost same amount of time. I was getting irritated as I had to wait for so long every time I run my program.

To find a way around this timing problem, I tried looking on the internet for answers but found nothing. Then I finally resort to finding the truth myself and started reverse engineering the Windows heap functions. Finally after few hours of work, I found the reason behind the delay and wrote my own implementation which took little more than few seconds.

For the complete story and internal implementation details read the article here.