From Collaborative RCE Tool Library

Jump to: navigation, search

Process Heap Viewer

Tool name: Process Heap Viewer
Rating: 0.0 (0 votes)
Author: Nagareshwar                        
Website: http://securityxploded.com/ProcHeapViewer.php
Current version: 2.2
Last updated: January 9, 2009
Direct D/L link: Locally archived copy
License type: Free
Description: This is the tool to enumerate process heaps on windows. It uses much better technique than slower Windows heap API functions which makes it faster and efficient. You can enumerate the heaps from normal Windows processes as well as system services. Its very useful tool for anyone involved in analyzing process heaps. Vulnerability researchers can use it as a side tool for discovering heap related vulnerabilities.

This is standalone tool and does not require any installation.

* Launch ProcHeapViewer by clicking on the binary file. It automatically loads all running processes including services.
* Select any process from the list. Then all the heap nodes for that process will be displayed.
* Now you can click on any of the heap nodes to display all the heap blocks within it.
* Next click on one of the heap block to view its content. You can store this data by clicking on the "save" button. To get back to the main screen, simply click on "close" button.
Related URLs:
Article about the underlying fast heap enumeration technology:
http://securityxploded.com/enumheaps.php


Screenshot:
Screenshot of Process Heap Viewer


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Needs New Category  (3)