Coder Social home page Coder Social logo

ollyheaptrace's Introduction

About

OllyHeapTrace (Written in 2008) is a plugin for OllyDbg (version 1.10) to trace the heap operations being performed by a process. It will monitor heap allocations and frees for multiple heaps, as well as operations such as creating or destroying heaps and reallocations. All parameters as well as return values are recorded and the trace is highlighted with a unique colour for each heap being traced.

The primary purpose of this plugin is to aid in the debugging of heap overflows where you wish to be able to control the heap layout to overwrite a specific structure such as a chunk header, critical section structure or some application specific data. By tracing the heap operations performed during actions you can control (for example opening a connection, sending a packet, closing a connection) you can begin to predict the heap operations and thus control the heap layout.

Build

To build OllyHeapTrace from source, checkout the latest revision from the SVN trunk and then open OllyHeapTraceGroup.bdsgroup with either Borland's Turbo C++ Explorer (free) or any recent version of C++ Builder and build the OllyHeapTrace project.

Usage

Simply install the plugin and activate OllyHeapTrace when you wish to begin tracing heap operations. OllyHeapTrace will automatically create the breakpoints needed (RtlAllocateHeap, RtlFreeHeap, RtlCreateHeap, RtlDestroyHeap, RtlReAllocateHeap, RtlSizeHeap, GetProcessHeap and RtlInitializeCriticalSection, RtlDeleteCriticalSection) and record the relevant information when these breakpoints are hit. To view the heap trace select the OllyHeapTrace Log.

Double clicking on any row in the OllyHeapTrace Log window will bring you to the callers location in the OllyDbg disassembly window. The recorded heap trace is highlighted with a unique colour for each heap being traced. Right clicking on any row will give you some options such as to view the heap chunks data or the heap itself (only a raw dump of the memory is given, no parsing of the heap structures is performed). You can also filter out unwanted information if you are only concerned with a specific heap.

Screenshot

OllyHeapTrace Screenshot 1

License

The OllyHeapTrace source code is available under the GPLv3 license, please see the included file gpl-3.0.txt for details.

ollyheaptrace's People

Contributors

stephenfewer avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.