HeapInspector is a heap visualization and analysis tool. It has the ability to collect a process's heaps using both API and raw methods. Features include searching heaps for string or byte patterns (including regex), dumping heap chunks to a file, and viewing chunks in a hex editor pane. Heaps are displayed visually in a bar chart format known as the heap hash map, allowing the user to view allocations spatially. A similar chart called the heap data map overlays regular expression matches for useful patterns on top of the heap bars.
This visualization allows an investigator to quickly discover evidence of a heap spray attack and other useful information stored in an application's heap memory. This presentation will demonstrate how the utility can be used to visualize a heap spray in arbitrary applications and retrieve the shellcode. It will also cover relevant windows internals and some challenges involved in writing this type of utility. Future direction and uses for the tool will be covered. This free tool will be released on the day of the presentation