SecurityXploded.com
ProcHeapViewer : Fastest Process Heap Viewer Tool | www.SecurityXploded.com
 
 
ProcHeapViewer
 
 
 
 
See Also
 
 
 
Contents
 
 
About Proc Heap Viewer

Proc Heap Viewer is the FREE tool to quickly enumerate process heaps on Windows. It uses smart approach using undocumented API functions than slower Windows heap API functions. This makes it fastest & smartest tool to enumerate process heaps on Windows.


You can enumerate the heaps from normal Windows processes as well as system services. You can view all the heap blocks, data within each heap blocks and then search within this data.


It is very useful tool for anyone involved in analyzing process heaps. Vulnerability researchers can use it as a companion tool for discovering Process Heap related vulnerabilities.


It is fully portable tool and works on most of the Windows platforms starting from Windows XP to Windows 8.
 
 
 
Making of ProcHeapViewer

Some time back I was doing password strength related research on Yahoo Messenger. It used to store the password on the heap and I wrote an sample tool using normal heap functions to locate and retrieve the password.

The password data was located on one of the heap block which was near the end of 60,000th block. So I had to traverse all the 60,000 heap blocks using slower Heap32Next function and it took more than 10 minutes...!

I tried running the program on faster machines but it took almost same amount of time. I was getting irritated as I had to wait for so long every time I run my program.

To find a way around this timing problem, I tried looking on the internet for answers but found nothing. Then I finally resort to finding the truth myself and started reverse engineering around the Windows heap functions.

Finally after few hours of work, I found the reason behind the delay and wrote my own implementation which took little more than few seconds.

For the complete story behind the creation of ProcHeapViewer, read the detailed article here. I am sure you will find it equally exciting !
 
 
 
Using the ProcHeapViewer

This is standalone tool and does not require any installation.

  • Launch ProcHeapViewer by clicking on the binary file. It automatically loads all running processes including services.
  • Select any process from the list. Then all the heap nodes for that process will be displayed.
  • Now you can click on any of the heap nodes to display all the heap blocks within it.
  • Next click on one of the heap block to view its content. You can store this data by clicking on the 'save' button. To get back to the main screen, simply click on 'close' button.
  • You can use 'Find' button to search for strings within the selected heap block. Select the 'Unicode' check box for searching Unicode strings.
 
 
Screenshots
 
 Screenshot 1:  Viewing the heaps within the process,  Explorer.exe
 
Process Heap Viewer1
 
 Screenshot 2:  Searching for the strings within the heap block.
 
Process Heap Viewer 2
 
 
 
History
 
Version 4.5:  14th Mar 2013
Support for Windows 8. Fix for refresh screen problem.
 
Version 4.0:  30th May 2012
Now all heap enumerations are performed in thread resulting in flicker-free experience. Enhanced user interface with new banner. Automatically opens saved Heap data in Notepad.
 
Version 3.5:  28th Jan 2011
Added Installer, New Banner and renovated user interface.
 
Version 3.0:  17th Jan 2009
Support for Windows 7, Enhanced user interface with pictured buttons.
 
Version 2.5: 4th July 2009
Refined the about dialog. Added quick links for about section as well as direct link to the website page to facilitate easy updates.
 
Version 2.2: 9th Jan 2009
Support for viewing the heap blocks and heap data by scrolling through the keyboard. This makes it easy and faster to quickly view the heap data by just using the up/down keys.
 
Version 2.1: 5th Oct 2008
Improved the user interface with new look & feel including the banner and about dialog. Integrated the new search feature which makes it easy to find the ASCII as well as Unicode strings within heap blocks.
 
Version 1.0: 17th June 2007
First public release of the ProcHeapViewer.
 
 
 
Download
FREE Download ProcHeapViewer v4.5

License  : Freeware
Platform : Windows XP, 2003, Vista, Windows 7, Windows 8

Download
 
 
 
References
 
 
 
See Also
Today's Free Gift »»
FREE Gift for You (worth $19.95)
WiFi Password Recovery Pro
Download Now
Popular Software »»
All-In-One Password Recovery Pro
Download Now
Top 10 Free Downloads »»
Top 10 Pro Softwares »»
How to Recover Passwords »»
Latest Releases »»
Top Research Articles »»
Our Enterprise Company
www.XenArmor.com
Testimonials »»
"I have found 'SecurityXploded' tools to be an invaluable asset..."

James Cadden, East Lansdowne Police, Pennsylvania, USA

Awards »»
Awards for our softwares from leading Download Sites
About SX
Security Tools
Resources
Our Security Group

SecurityXploded - SAFE & SECURE Site Certification

McAfee Site Advisor - SAFE Rating                                     Comodo Secure Seal
SecurityXploded © 2007-2024, All rights reserved. Division of XenArmor Security Pvt Ltd. Sponsored Post  |  Advertise  |  Privacy  |  Terms  |  About  |  Contact