SDT Cleaner

The SDT Cleaner allows you to clean hooks installed by Anti-Virus and Firewalls.
    iPhoneDbg Toolkit

A set of tools to delve into iPhone Binary Debugging.
    HeapDraw

HeapDraw/HeapTracer is a tool to visualize the evolution of the heap during the life of an application. We internally use this tool when writing exploits for heap corruption vulnerabilities.
    PSH Toolkit

This toolkit contains tools to list and modify windows logon sessions stored by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also to change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH ON Windows!).
    UHooker

A tool to intercept and manipulate execution of programs. It enables the user to insert hooks in function calls and arbitrary addresses within the executable file in memory. The hooks handlers are written in Python and can be changed at runtime without the need to restart the inspected process.
    Pcapy

Capture network packets from your Python programs on UNIX and Windows platforms.
    Impacket

Easily dissect and build network protocols in object-oriented Python.
    InlineEgg

A platform independent toolbox for writing assembly code in Python.
    MSyslog

A replacement for the traditional syslog daemon featuring cryptographic log protection, database backends.

Subscribe me to the announce mailing list!

 



What is HeapDraw / HeapTracer?

 

HeapDraw was originally created as a postmortem analisys tool, to see how the heap evolved during the life of a process. The idea is that although we may be used to textual output, like that of ltrace or a malloc/free hooking library, it's much better to see it graphically (in fact I used to make drawings by hand until I realized "WTF am I doing? I have a computer to do it for me!").


HeapTracer is the new name, after it became a runtime analisys tool.


In the image you can see an example. It's the heap of ping. The 4 spikes correspond to the 4 packets sent. Before the first spike you can see the initialization, and after the last, the evolution of the heap for the final phase.


In this release you can find four different versions of HeapDraw/HeapTracer, all including full sourcecode:

  • Windows postmortem native version.
  • Linux postmortem native version.
  • IDA plugin, for doing runtime analisys (only Windows version for Windows appliations)
  • An unfinished python version.

If you are an IDA fan, and like developing for it, you may find interesting the IDA Plugin version, as it's a relatively complex example of an IDA debugging plugin which opens an OpenGL window to make drawings.



Source code and precompiled versions

We've packaged the four versions with their sourcecode and e brief tutorial in a single file:


Compiling the source and installing

The package contains a separate directory for every version. Each of this directories contains specific instructions on how to build and run the tool

 

Documentation

 

Licensing

 

This software is provided under a slightly modified version of the Apache Software License. Feel free to review it here and compare it to the official Apache Software License.

 

Contact Us

 

Whether you want to report a bug, send a patch or give some suggestions on this package, drop us a few lines at oss@coresecurity.com.

 

 

 

 

Core Security Technologies © 1998-2008  |  All rights reserved