GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → danigargu → Heap Viewer

danigargu / Heap Viewer

Licence: gpl-3.0
An IDA Pro plugin to examine the glibc heap, focused on exploit development

Programming Languages

python
139335 projects - #7 most used programming language

Labels

exploitexploitationida-proida-pluginheapidapython

Projects that are alternatives of or similar to Heap Viewer

DrGadget
dr.rer.oec.gadget IDAPython plugin for the Interactive Disassembler <ABANDONED PROJECT>
Stars: ✭ 61 (-89.37%)
Mutual labels:  ida-pro, ida-plugin, exploitation, idapython
Pytest Idapro
A pytest module for The Interactive Disassembler and IDAPython; Record and Replay IDAPython API, execute inside IDA or use mockups of IDAPython API.
Stars: ✭ 44 (-92.33%)
Mutual labels:  ida-pro, ida-plugin, idapython
obfDetect
IDA plugin to pinpoint obfuscated code
Stars: ✭ 99 (-82.75%)
Mutual labels:  ida-pro, ida-plugin, idapython
Sark
IDAPython Made Easy
Stars: ✭ 477 (-16.9%)
Mutual labels:  ida-pro, ida-plugin, idapython
Isoalloc
A general purpose memory allocator that implements an isolation security strategy to mitigate memory safety issues while maintaining good performance
Stars: ✭ 130 (-77.35%)
Mutual labels:  heap, exploit, exploitation
Necromancer
IDA Pro V850 Processor Module Extension
Stars: ✭ 21 (-96.34%)
Mutual labels:  ida-pro, ida-plugin, idapython
Stingray
IDAPython plugin for finding function strings recursively
Stars: ✭ 110 (-80.84%)
Mutual labels:  ida-pro, ida-plugin, idapython
Idarling
Collaborative Reverse Engineering plugin for IDA Pro & Hex-Rays
Stars: ✭ 588 (+2.44%)
Mutual labels:  ida-pro, ida-plugin, idapython
Dereferencing
IDA Pro plugin that implements more user-friendly register and stack views
Stars: ✭ 336 (-41.46%)
Mutual labels:  ida-pro, ida-plugin, idapython
ida migrator
IDA Migrator is an IDA Pro plugin which helps migrate existing work from one database instance to another. It Conveniently migrates function names, structures and enums.
Stars: ✭ 65 (-88.68%)
Mutual labels:  ida-pro, ida-plugin, idapython
Flare Ida
IDA Pro utilities from FLARE team
Stars: ✭ 1,374 (+139.37%)
Mutual labels:  ida-pro, ida-plugin, idapython
Hyara
Yara rule making tool (IDA Pro & Binary Ninja & Cutter Plugin)
Stars: ✭ 142 (-75.26%)
Mutual labels:  ida-pro, ida-plugin, idapython
Idangr
Use angr in the IDA Pro debugger generating a state from the current debug session
Stars: ✭ 214 (-62.72%)
Mutual labels:  ida-pro, ida-plugin, idapython
ida-embed-arch-disasm
Allows IDA PRO to disassemble x86-64 code (WOW64) in 32-bit database
Stars: ✭ 22 (-96.17%)
Mutual labels:  ida-pro, ida-plugin, idapython
Ipyida
IPython console integration for IDA Pro
Stars: ✭ 358 (-37.63%)
Mutual labels:  ida-pro, ida-plugin, idapython
Autosploit
Automated Mass Exploiter
Stars: ✭ 4,500 (+683.97%)
Mutual labels:  exploit, exploitation
ida pdb loader
IDA PDB Loader
Stars: ✭ 45 (-92.16%)
Mutual labels:  ida-pro, ida-plugin
how-to-exploit-a-double-free
How to exploit a double free vulnerability in 2021. Use After Free for Dummies
Stars: ✭ 1,165 (+102.96%)
Mutual labels:  heap, exploitation
ida-iboot-loader
IDA loader for Apple's 64 bits iBoot, SecureROM and AVPBooter
Stars: ✭ 62 (-89.2%)
Mutual labels:  ida-pro, idapython
idapython-cheatsheet
scripting IDA like a Pro
Stars: ✭ 13 (-97.74%)
Mutual labels:  ida-pro, idapython
View All Similar Projects ➔

HeapViewer

License: GPL v3

An IDA Pro plugin to examine the heap, focused on exploit development.

Currently supports the glibc malloc implementation (ptmalloc2).

3rd place winner of the 2018 Hex-Rays Plugin Contest

Requirements

  • IDA Pro >= 7.0

Tested on

  • glibc 2.23 <= 2.29 (x86, x64)

Features

  • Heap tracer (malloc/free/calloc/realloc)
    • Detection of overlaps and double-frees
    • Visualization using villoc
  • Malloc chunk info
  • Chunk editor
  • Multi-arena info (chunks, top, last-remainder)
  • Bins info (fastbins, unsortedbin, smallbins y largebins)
  • Tcache info (glibc >= 2.26)
  • GraphView for linked lists (bins/tcache)
  • Structs view (malloc_state / malloc_par / tcache_perthread)
  • Magic utils:
    • Unlink merge info
    • Freeable/merge info
    • Fake fastbin finder
    • House of force helper
    • Useful libc offsets
    • Calc chunk size (request2size)
    • IO_FILE structs

Install

Just drop the heap_viewer.py file and the heap_viewer folder into IDA's plugin directory.

To install just for the current user, copy the files into one of these directories:

OS Plugin path
Linux/macOS ~/.idapro/plugins
Windows %AppData%\Hex-Rays\IDA Pro\plugins

Configuration

Currently the plugin does not require to be configured, since it tries to obtain automatically the necessary offsets to analyze the heap.

However, in case the plugin fails, it is possible to set the different offsets in the configuration tab. To obtain these offsets, you can use any of the tools located in the utils folder.

If you find any inconsistency, let me know :)

Screenshots

Tracer

Tracer

Arena & chunk info

Arena-Chunk

Tcache entries

Tcache entries

Bins

Bins

Bin graph

BinGraph

Fastbin graph

fastbin graph

Tcache graph

tcache graph

Find fake fastbin

Find fake fastbin

Unlink merge info

Unlink merge info

Useful libc offsets

Useful libc offsets

Learning Resources

I'd recommend the following resources alongside this tool for learning heap exploiting.

Author

Contributors 🍺

Special mention to my colleagues soez, wagiro and DiaLluvioso for give me some ideas during the development of the plugin. And of course, the @pwndbg project, from which I picked up some things about heap parsing.

Contributors

Bugs / Feedback / PRs

Any comment, issue or pull request will be highly appreciated :-)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].