What is Heappie! ?


Heappie! is an exploit-writing-oriented memory analysis tool. It assists vulnerability researchers in tracking heap sprays (as well as other memory patterns) by providing visualization of the memory state. Moreover, as samples are generated for each memory state, Heappie! can analyze these together and obtain their intersection. With this feature one can easily find commonalities between several runs, even when switching between software versions or platforms.

Features description


Heappie! counts with two main analysis types:

When using this type of analysis, Heappie! will attach to a selected process after which it starts analyzing its memory. Users can choose to start the analysis immediately or to start after an exception occurs.

This option is very useful when trying to add reliability to an almost-ready exploit by testing it against different platforms/software versions. Usually, the heap spray takes place just before triggering the vulnerability so if it is just a POC: the heap spray will occur, the exception will be raised and Heappie! will start the analysis. If the exploit is already working, you can replace the first byte of the shellcode for a xcc (int 3) to generate a Breakpoint exception.

This option lets the user analyze raw memory dumps generated in almost every existent platform/architecture. The mechanism of Heappie! is extremely simple: It finds memory patterns and shows the contiguous data chunks as blocks so users don't have to run Heappie! on the target platform to obtaion this information. Users can generate the memory dump with any available tool (gdb, for example, supports most of the platforms out there) and then analyze it with Heappie! in another platform.

Use cases

Screenshots

Source Code

Heappie! Counts with 3 main scripts:

Note that the "heappie-analyzer.py" and "heappie-viewer.py" scripts can be run as stand-alone, and hence dependencies are reduced when running only one of these.

Releases
Heappie!-v1 DOWNLOAD .rar 09-03-2012

Requirements

Heappie! relies on two libraries to do most of the work. vtrace (the amazing Kenshoto’s multi-platform debugging library) to analyze the process memory and Pygame to show the logs graphically.
You can find these packages here:
Vtrace (http://visi.kenshoto.com/wiki/index.php/Vtrace)
Pygame (http://pygame.org/download.shtml)

Licensing

This software is provided under the 2-clause BSD license.

Credits

This tool was designed and developed by Anibal Sacco.

Contact Us

Whether you want to report a bug or give some suggestions on this package, drop us a few lines at oss- at -coresecurity.com.

Title
Heappie!
Platforms
Windows, Linux, OSX
Release date
2011-03-01
License type
2-clause BSD

Attachments

heappie-small.JPG - heappie-small
jipi-small.PNG - jipi-ss