matrix1001 / heapinspect Goto Github PK
View Code? Open in Web Editor NEW🔍Heap analysis tool for CTF pwn.
License: MIT License
heapinspect's People
Contributors
Stargazers
Watchers
Forkers
tcode2k16 emorasoul nepire didadoudou demon-wang imulmul johndoex1 5l1v3r1 pullp sung3r lacraig2 0xc4se kejripraveen 0x6b7966 yunaranyancat clayne farrimwildaxe m0ngiheapinspect's Issues
come accross a “OSError: [Errno 13] Permission denied”
Hi,matrix1001. I try to use heapinspect to practice pwn.
when I try to use it in pwndocker,I get “OSError: [Errno 13] Permission denied”.
url of pwndocker:
https://github.com/skysider/pwndocker
How I run the docker:
docker run -it --rm -v /root:/ctf/work --cap-add=SYS_PTRACE skysider/pwndocker
and the error info:
root@c83c5dbb35eb:/ctf/work# python HeapInspect.py 48
Traceback (most recent call last):
File "HeapInspect.py", line 34, in <module>
hi = HeapInspector(pid)
File "/ctf/work/heapinspect/core.py", line 93, in __init__
libc_info = get_libc_info(self.libc_path)
File "/ctf/work/heapinspect/libc.py", line 133, in get_libc_info
info.update(get_arena_info(libc_path, size_t))
File "/ctf/work/heapinspect/libc.py", line 79, in get_arena_info
result = subprocess.check_output(command.split())
File "/usr/lib/python2.7/subprocess.py", line 567, in check_output
process = Popen(stdout=PIPE, *popenargs, **kwargs)
File "/usr/lib/python2.7/subprocess.py", line 711, in __init__
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1343, in _execute_child
raise child_exception
OSError: [Errno 13] Permission denied
would you please tell me how to solve this problem?
thanks a lot : )
Does this work for other allocators?
It seems that glibc is being referred in the README file. Does this mean that the library only works for ptmalloc2?
I believe a heap-diff doesn't need any priors, but the size, next, prev etc are very related to the allocator.
Does heapinspect work for a core file ?
Using gdb with heapinspect plugin, I got the following error:
(gdb) hi heap
Python Exception <class 'FileNotFoundError'> [Errno 2] No such file or directory: '/proc/1251943/exe':
Error occurred in Python command: [Errno 2] No such file or directory: '/proc/1251943/exe'
If it does work for a core file, how to inspect heap for a core file ?
<class 'UnicodeDecodeError'> 'utf-8' codec can't decode byte
/proc/*/maps are not utf-8 encoded files
https://github.com/matrix1001/heapinspect/blob/master/heapinspect/proc.py#L23
https://github.com/matrix1001/heapinspect/blob/master/heapinspect/proc.py#L104
https://github.com/matrix1001/heapinspect/blob/master/heapinspect/proc.py#L295
217gdb> hi tcache
Python Exception <class 'UnicodeDecodeError'> 'utf-8' codec can't decode byte 0xb8 in position 40: invalid start byte:
Error occurred in Python command: 'utf-8' codec can't decode byte 0xb8 in position 40: invalid start byte
➜ ~ locale
LANG=en_US.UTF-8
LANGUAGE=
LC_CTYPE=en_US.UTF-8
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="en_US.UTF-8"
LC_NAME="en_US.UTF-8"
LC_ADDRESS="en_US.UTF-8"
LC_TELEPHONE="en_US.UTF-8"
LC_MEASUREMENT="en_US.UTF-8"
LC_IDENTIFICATION="en_US.UTF-8"
LC_ALL=
OverflowError: Python int too large to convert to C long
使用Heapinspect.py刚开始不会有错误,但是运行一段时间之后,随着操作的增加,会在某一个固定操作之后,报如下错误。
Traceback (most recent call last):
File "HeapInspect.py", line 55, in
pp = PrettyPrinter(hi)
File "/home/leo/Desktop/CTF/heapinspect/heapinspect/layout.py", line 176, in init
self.record = hi.record
File "/home/leo/Desktop/CTF/heapinspect/heapinspect/core.py", line 310, in record
return HeapRecord(self)
File "/home/leo/Desktop/CTF/heapinspect/heapinspect/core.py", line 336, in init
self.unsortedbins = hi.unsortedbins
File "/home/leo/Desktop/CTF/heapinspect/heapinspect/core.py", line 253, in unsortedbins
result = self.bins(0, 1)
File "/home/leo/Desktop/CTF/heapinspect/heapinspect/core.py", line 283, in bins
self.proc.read(chunk_ptr, chunk_size),
File "/home/leo/Desktop/CTF/heapinspect/heapinspect/proc.py", line 296, in read
f.seek(addr)
OverflowError: Python int too large to convert to C long
No LICENSE file
There is no license included in this code, which makes it hard for others to use. I recommend adding a LICENSE file, with the license of your choice. Learn more at http://choosealicense.com.
I personally recommend the MIT License.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.